AWS text changes

README.md

@@ -1,6 +1,6 @@
 # cnspec-policies
 
-This project contains security and operational best-practice policies (as code) for use with [`cnspec`](https://github.com/mondoohq/cnspec). The policies are published at the [Open Security Registry](https://mondoo.com/registry).
+This project contains security and operational best-practice policies (as code) for use with [cnspec](https://github.com/mondoohq/cnspec). The policies are published at the [Open Security Registry](https://mondoo.com/registry).
 
 We've organized them into these directories:
 

community/chef-infra-client.mql.yaml

@@ -62,7 +62,7 @@ queries:
       desc: |
         The /etc/chef directory contains sensitive files configuring Chef Infra Client and should only be writeable by root and readable by root and the root group.
       remediation: |
-        Run the following commands to set proper permissions on your /etc/chef directory:
+        Run these commands to set proper permissions on your /etc/chef directory:
 
         ```
         chown root:root /etc/chef
@@ -90,7 +90,7 @@ queries:
       desc: |
         The /var/chef directory contains sensitive system configuration backup files and cached remote_file downloads. It should only be writeable by root and readable by root and the root group.
       remediation: |
-        Run the following commands to set proper permissions on your /var/chef directory:
+        Run these commands to set proper permissions on your /var/chef directory:
 
         ```
         chown root:root /var/chef
@@ -117,7 +117,7 @@ queries:
       desc: |
         The /var/log/chef directory contains sensitive log files and should only be writeable by root and readable by root and the root group.
       remediation: |
-        Run the following commands to set proper permissions on your /var/log/chef directory:
+        Run these commands to set proper permissions on your /var/log/chef directory:
 
         ```
         chown root:root /var/log/chef
@@ -144,7 +144,7 @@ queries:
     docs:
       desc: The /etc/chef/client.rb configuration file contains sensitive Infra Client configuration information. It should be owned by root and permissions should be set to 640.
       remediation: |
-        Run the following commands to set proper permissions on your /etc/chef/client.rb file:
+        Run these commands to set proper permissions on your /etc/chef/client.rb file:
 
         ```
         chown root:root /etc/chef/client.rb
@@ -171,7 +171,7 @@ queries:
     docs:
       desc: The /etc/chef/client.pem key file contains the key used to communicate with Chef Infra Server. It should be owned by root and permissions should be set to 640.
       remediation: |
-        Run the following commands to set proper permissions on your /etc/chef/client.pem file:
+        Run these commands to set proper permissions on your /etc/chef/client.pem file:
 
         ```
         chown root:root /etc/chef/client.pem
@@ -185,7 +185,7 @@ queries:
     docs:
       desc: The /etc/chef/validation.pem file can be used to register any system with Chef Infra Server and should not be left on system after they are bootstrapped into the Chef Infra organization.
       remediation: |
-        Run the following command to remove the validation.pem file:
+        Run this command to remove the validation.pem file:
 
         ```
         rm /etc/chef/validation.pem

community/chef-infra-server.mql.yaml

@@ -65,7 +65,7 @@ queries:
       desc: |
         The /etc/opscode directory contains sensitive files configuring Chef Infra Server should not be world writeable
       remediation: |
-        Run the following commands to set proper permissions on your /etc/opscode directory:
+        Run these commands to set proper permissions on your /etc/opscode directory:
 
         ```
         chown root:root /etc/opscode
@@ -92,7 +92,7 @@ queries:
       desc: |
         The /etc/opscode/pivotal.pem file gives super admin privileges on the Infra Server and should be properly secured.
       remediation: |
-        Run the following commands to set proper permissions on your /etc/opscode/pivotal.pem file:
+        Run these commands to set proper permissions on your /etc/opscode/pivotal.pem file:
 
         ```
         chown opscode:root /etc/opscode/pivotal.pem
@@ -119,7 +119,7 @@ queries:
       desc: |
         The /etc/opscode/private-chef-secrets.json stores all secrets for the running Infra Server configuration and should be properly secured.
       remediation: |
-        Run the following commands to set proper permissions on your /etc/opscode/private-chef-secrets.json file:
+        Run these commands to set proper permissions on your /etc/opscode/private-chef-secrets.json file:
 
         ```
         chown root:root /etc/opscode/private-chef-secrets.json
@@ -148,7 +148,7 @@ queries:
       desc: |
         The /etc/opscode/webui_priv.pem file gives super admin privileges on the Infra Server and should be properly secured.
       remediation: |
-        Run the following commands to set proper permissions on your /etc/opscode/webui_priv.pem file:
+        Run these commands to set proper permissions on your /etc/opscode/webui_priv.pem file:
 
         ```
         chown opscode:root /etc/opscode/webui_priv.pem
@@ -174,7 +174,7 @@ queries:
     docs:
       desc: The /etc/opscode/chef-server.rb configuration file contains sensitive Infra Server configuration information. It should be owned by root:root and permissions should be set to 640.
       remediation: |
-        Run the following commands to set proper permissions on your /etc/opscode/chef-server.rb file:
+        Run these commands to set proper permissions on your /etc/opscode/chef-server.rb file:
 
         ```
         chown root:root /etc/opscode/chef-server.rb

community/mondoo-linux-operational-policy.mql.yaml

@@ -13,7 +13,7 @@ policies:
       - name: Mondoo, Inc
         email: [email protected]
     docs:
-      desc: "## Overview\n\nLinux Server Operational Policy by Mondoo provides guidance for operational best practices on Linux hosts.\n\n## Local scan\n\nLocal scan refer to scans of files and operating systems where `cnspec` is installed.\n\nTo scan the `localhost` against this policy:\n\n```bash\ncnspec scan local\n```\n\n## Remote scan\n\nRemote scans use native transports in `cnspec` to provide on demand scan results without the need to install any agents, or integration.\n\nFor a complete list of native transports run:\n\n```bash\ncnspec scan --help\n```\n\n### Prerequisites\n\nRemote scans of Linux hosts requires authentication such as SSH keys.\n\n### Scan a remote Linux host (SSH authentication)\n\n```bash\ncnspec scan ssh <user>@<IP_ADDRESS> -i /path/to/ssh_key\n```\n\n## Join the community!\n\nOur goal is to build policies that are simple to deploy, accurate, and actionable. \n\nIf you have any suggestions on how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions. "
+      desc: "## Overview\n\nLinux Server Operational Policy by Mondoo provides guidance for operational best practices on Linux hosts.\n\n## Local scan\n\nLocal scan refer to scans of files and operating systems where cnspec is installed.\n\nTo scan the `localhost` against this policy:\n\n```bash\ncnspec scan local\n```\n\n## Remote scan\n\nRemote scans use native transports in cnspec to provide on demand scan results without the need to install any agents, or integration.\n\nFor a complete list of native transports run:\n\n```bash\ncnspec scan --help\n```\n\n### Prerequisites\n\nRemote scans of Linux hosts requires authentication such as SSH keys.\n\n### Scan a remote Linux host (SSH authentication)\n\n```bash\ncnspec scan ssh <user>@<IP_ADDRESS> -i /path/to/ssh_key\n```\n\n## Join the community!\n\nOur goal is to build policies that are simple to deploy, accurate, and actionable. \n\nIf you have any suggestions for how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions. "
     groups:
       - filters: asset.family.contains("linux")
         checks:

community/mondoo-linux-snmp-policy.mql.yaml

@@ -20,7 +20,7 @@ policies:
 
         ## Local scan
 
-        Local scan refer to scans of files and operating systems where `cnspec` is installed.
+        Local scan refer to scans of files and operating systems where cnspec is installed.
 
         To scan the `localhost` against this policy:
 
@@ -30,7 +30,7 @@ policies:
 
         ## Remote scan
 
-        Remote scans use native transports in `cnspec` to provide on demand scan results without the need to install any agents, or integration.
+        Remote scans use native transports in cnspec to provide on demand scan results without the need to install any agents, or integration.
 
         For a complete list of native transports run:
 
@@ -52,7 +52,7 @@ policies:
 
         Our goal is to build policies that are simple to deploy, accurate, and actionable.
 
-        If you have any suggestions on how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
+        If you have any suggestions for how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
     groups:
       - title: SNMP Server Configuration
         filters: |

community/mondoo-phoenix-plcnext-security.mql.yaml

@@ -178,13 +178,13 @@ queries:
       desc: |
         A system's time should be synchronized between all systems in an environment. This is usually done by setting up an authoritative time server with which all systems in an environment synchronize their clocks.
       audit: |
-        Execute the following command to get the actual system time in UTC:
+        Execute this command to get the actual system time in UTC:
 
         ```
         date -u
         ```
 
-        To get the current upstream time execute the following command:
+        To get the current upstream time execute this command:
 
         _curl:_
 
@@ -210,7 +210,7 @@ queries:
     docs:
       desc: An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key corresponding to a public key can authenticate successfully. The private keys need to be stored and handled carefully, and no copies of the private key should be distributed.
       remediation: |-
-        Run the following commands to set ownership and permissions on the private SSH host key files
+        Run these commands to set ownership and permissions on the private SSH host key files
 
         ```
         find /etc/ssh -xdev -type f -name 'ssh_host_*_key' -exec chown root:ssh_keys {} \;
@@ -234,7 +234,7 @@ queries:
     docs:
       desc: An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key corresponding to a private key can authenticate successfully.
       remediation: |-
-        Run the following commands to set permissions and ownership on the SSH host public key files
+        Run these commands to set permissions and ownership on the SSH host public key files
 
         ```
         find /etc/ssh -xdev -type f -name 'ssh_host_*_key.pub' -exec chmod 0644 {} \;