Merge pull request #306 from dev-sec/codespell

mcgege · web-flow · commit c9c69e76b234 · 2023-05-01T19:37:48.000+02:00
add spellchecking with codespell
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
@@ -0,0 +1,12 @@
+---
+name: Codespell - Spellcheck
+
+on:  # yamllint disable-line rule:truthy
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  codespell:
+    uses: "dev-sec/.github/.github/workflows/codespell.yml@main"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,7 @@
 
 ### Changes in v2.3.3
 
-- fix CI: use docker driver for transfering files \(\#290\)
+- fix CI: use docker driver for transferring files \(\#290\)
 - Disable new check 'os-14' for automated testing \(\#291\)
 - Restore ability to override /etc/shadow file permissions and group owner \(\#293\)
 - move to CentOS 8 Stream from quay.io \(\#295\)
@@ -290,7 +290,7 @@
 **Implemented enhancements:**
 
 - Use type checking by defining data types [\#114](https://github.com/dev-sec/puppet-os-hardening/pull/114) ([mcgege](https://github.com/mcgege))
-- Make paramater USERGROUPS\_ENAB in login.defs configurable [\#113](https://github.com/dev-sec/puppet-os-hardening/pull/113) ([mcgege](https://github.com/mcgege))
+- Make parameter USERGROUPS\_ENAB in login.defs configurable [\#113](https://github.com/dev-sec/puppet-os-hardening/pull/113) ([mcgege](https://github.com/mcgege))
 
 **Fixed bugs:**
 
@@ -422,7 +422,7 @@
 * improvement: add travis testing for lint+specs
 * improvement: use file resource instead of exec for access minimization
 * bugfix: fix typo dry_run_on_unkown -> dry_run_on_unknown
-* bugfix: don't run update initramfs on each run, only when requiered
+* bugfix: don't run update initramfs on each run, only when required
 * bugfix: deactivation of kernel module loading wasn't implemented
 * bugfix: ip_forwarding wasn't activated correctly
 
diff --git a/HISTORY.md b/HISTORY.md
@@ -49,7 +49,7 @@
 * improvement: add travis testing for lint+specs
 * improvement: use file resource instead of exec for access minimization
 * bugfix: fix typo dry_run_on_unkown -> dry_run_on_unknown
-* bugfix: don't run update initramfs on each run, only when requiered
+* bugfix: don't run update initramfs on each run, only when required
 * bugfix: deactivation of kernel module loading wasn't implemented
 * bugfix: ip_forwarding wasn't activated correctly
 
diff --git a/lib/facter/home_users.rb b/lib/facter/home_users.rb
@@ -1,4 +1,4 @@
-# Try to read UID_MIN from /etc/login.defs to caluclate SYS_UID_MAX
+# Try to read UID_MIN from /etc/login.defs to calculate SYS_UID_MAX
 # if that fails set some predefined values based on os_family fact.
 logindefs = '/etc/login.defs'
 
diff --git a/lib/facter/retrieve_system_users.rb b/lib/facter/retrieve_system_users.rb
@@ -1,4 +1,4 @@
-# Try to read UID_MIN from /etc/login.defs to caluclate SYS_UID_MAX
+# Try to read UID_MIN from /etc/login.defs to calculate SYS_UID_MAX
 # if that fails set some predefined values based on os_family fact.
 logindefs = '/etc/login.defs'
 
diff --git a/manifests/pam.pp b/manifests/pam.pp
@@ -55,7 +55,7 @@
 
       # if passwdqc is enabled
       if $passwdqc_enabled == true {
-        # remove pam_cracklib, because it does not play nice wiht passwdqc
+        # remove pam_cracklib, because it does not play nice with passwdqc
         package { 'pam-cracklib':
           ensure => absent,
           name   => $pam_cracklib,
diff --git a/templates/login.defs.erb b/templates/login.defs.erb
@@ -118,7 +118,7 @@ GID_MAX     60000
 SYS_GID_MIN   <%= @sys_gid_min %>
 SYS_GID_MAX   999
 
-# Max number of login retries if password is bad. This will most likely be overriden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.
+# Max number of login retries if password is bad. This will most likely be overridden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.
 LOGIN_RETRIES   <%= @login_retries.to_s %>
 
 # Max time in seconds for login
@@ -138,7 +138,7 @@ DEFAULT_HOME  <%= @allow_login_without_home ? "yes" : "no" %>
 # the user to be removed (passed as the first argument).
 #USERDEL_CMD  /usr/sbin/userdel_local
 
-# Instead of the real user shell, the program specified by this parameter will be launched, although its visible name (`argv[0]`) will be the shell's. The program may do whatever it wants (logging, additional authentification, banner, ...) before running the actual shell.
+# Instead of the real user shell, the program specified by this parameter will be launched, although its visible name (`argv[0]`) will be the shell's. The program may do whatever it wants (logging, additional authentication, banner, ...) before running the actual shell.
 #FAKE_SHELL /bin/fakeshell
 
 # If defined, either full pathname of a file containing device names or a ":" delimited list of device names.  Root logins will be allowed only upon these devices.

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Try to read UID_MIN from /etc/login.defs to caluclate SYS_UID_MAX`
	`1`	`+# Try to read UID_MIN from /etc/login.defs to calculate SYS_UID_MAX`
`2`	`2`	`# if that fails set some predefined values based on os_family fact.`
`3`	`3`	`logindefs = '/etc/login.defs'`
`4`	`4`