Changeset 1ea79a1

Timestamp:

05/30/2004 05:30:47 AM (19 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/inkscape-core-mods, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/python-mods, qt5new, systemd-11177, systemd-13485, trunk, upgradedb, v5_1, xry111/intltool, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

1dad4a4

Parents:

4ea49a3

Message:

Typos and punctuation

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2236 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general/genlib/expat/expat.ent (modified) (1 diff)
• general/genlib/fam/fam-desc.xml (modified) (1 diff)
• general/genlib/genlib.xml (modified) (2 diffs)
• general/genlib/gmp/gmp-intro.xml (modified) (1 diff)
• general/genlib/pcre/pcre-inst.xml (modified) (1 diff)
• general/genlib/readline/readline-exp.xml (modified) (1 diff)
• general/prog/jdk/j2sdk-inst.xml (modified) (2 diffs)
• gnome/add/gnome-games/gnome-games-inst.xml (modified) (1 diff)
• postlfs/config/bootdisk.xml (modified) (3 diffs)
• postlfs/config/compressdoc.xml (modified) (2 diffs)
• postlfs/config/inputrc.xml (modified) (1 diff)
• postlfs/config/netfs.xml (modified) (1 diff)
• postlfs/config/skel.xml (modified) (2 diffs)
• postlfs/config/vimrc.xml (modified) (2 diffs)
• postlfs/editors/emacs/emacs-desc.xml (modified) (1 diff)
• postlfs/filesystems/reiser/reiser-desc.xml (modified) (1 diff)
• postlfs/security/cracklib/cracklib-intro.xml (modified) (2 diffs)
• postlfs/security/firewalling/busybox.xml (modified) (4 diffs)
• postlfs/security/firewalling/disclaimer.xml (modified) (1 diff)
• postlfs/security/firewalling/intro.xml (modified) (5 diffs)
• postlfs/security/firewalling/kernel.xml (modified) (2 diffs)
• postlfs/security/firewalling/masqrouter.xml (modified) (2 diffs)
• postlfs/security/firewalling/persfw.xml (modified) (2 diffs)
• postlfs/security/pam/linux_pam-config.xml (modified) (1 diff)
• postlfs/security/pam/linux_pam-exp.xml (modified) (1 diff)
• postlfs/security/security.xml (modified) (1 diff)
• postlfs/security/shadow/shadow-config.xml (modified) (1 diff)
• postlfs/security/tripwire/tripwire-config.xml (modified) (2 diffs)
• postlfs/shells/ash/ash-intro.xml (modified) (1 diff)
• postlfs/shells/tcsh/tcsh.ent (modified) (1 diff)
• postlfs/shells/zsh/zsh-config.xml (modified) (1 diff)
• server/other/rsync/rsync-config.xml (modified) (1 diff)
• xsoft/graphweb/mozilla/mozilla-intro.xml (modified) (2 diffs)

general/genlib/expat/expat.ent

@@ -5 +5 @@
 <!ENTITY expat-version "1.95.7">
 <!ENTITY expat-download-http "http://umn.dl.sourceforge.net/sourceforge/expat/expat-&expat-version;.tar.gz">
+<!-- <!ENTITY expat-download-ftp "ftp://ftp.at.linuxfromscratch.org/opsys/linux/sf/e/expat/expat-&expat-version;.tar.gz"> -->
 <!ENTITY expat-download-ftp " ">
 <!ENTITY expat-size "290 KB">

general/genlib/fam/fam-desc.xml

@@ -2 +2 @@
 <title>Contents</title>
 
-<para>The <application><acronym>FAM</acronym></application> package contains 
-<command>famd</command> executable and
-<filename>libfam</filename> libraries.</para>
+<para>The <application><acronym>FAM</acronym></application> package contains
+the <command>famd</command> executable and <filename>libfam</filename>
+libraries.</para>
 
 </sect2>

general/genlib/genlib.xml

@@ -11 +11 @@
 the <application>C</application> library functions which programs use.</para>
 
-<para>There are two types of library, static and shared.  Shared libraries 
+<para>There are two types of libraries: static and shared.  Shared libraries 
 (usually <filename>libXXX.so</filename>) are loaded into memory from the shared
 copy at runtime (hence the name).  Static libraries (<filename>libXXX.a
@@ -19 +19 @@
 
 <para>Generally, you only need to install libraries when you are
-installing software which requires functionality which they supply.  In
-the <acronym>BLFS</acronym> book, each package is listed with a list of (known)
+installing software that needs the functionality they supply.  In
+the <acronym>BLFS</acronym> book, each package is presented with a list of (known)
 dependencies.  Thus, you can figure out which libraries you need to have
 before installing that program.  If you are installing something without
-using <acronym>BLFS</acronym> instructions, usually the <filename>README
-</filename>  or <filename>INSTALL</filename> file will contain details of the 
-programs requirements.</para>
+using <acronym>BLFS</acronym> instructions, usually the <filename>README</filename>
+or <filename>INSTALL</filename> file will contain details of the 
+program's requirements.</para>
 
 <para>There are certain libraries which nearly <emphasis>everyone</emphasis> 

general/genlib/gmp/gmp-intro.xml

@@ -3 +3 @@
 
 <para>The <application><acronym>GMP</acronym></application> package
-contains an math library. This has useful functions for arbitrary precision 
+contains a math library. This has useful functions for arbitrary precision 
 arithmetic.</para>
 

general/genlib/pcre/pcre-inst.xml

@@ -10 +10 @@
 <para>If you reinstall <application>grep</application> after installing <application>pcre</application>,
 <application>grep</application> will get linked against <application>pcre</application> and
-may cause problems if <filename>/usr</filename> is a seperate mount point. To avoid this,
+may cause problems if <filename>/usr</filename> is a separate mount point. To avoid this,
 either pass the option <emphasis>--disable-perl-regexp</emphasis> when executing <command>./configure</command>
 for <application>grep</application> or move <filename>libpcre</filename> to <filename>/lib</filename>

general/genlib/readline/readline-exp.xml

@@ -2 +2 @@
 <title>Command explanations</title>
 
-<para><command>make SHLIB_LIBS=-lcurses</command>: These command makes
-the proper symbols available for applications that assume
-<application>readline</application> is compiled linked to
-<application>ncurses</application>.</para>
+<para><command>make SHLIB_LIBS=-lcurses</command>: This command makes the
+proper symbols available for applications that assume
+<application>readline</application> is compiled with
+<application>ncurses</application> links.</para>
 
 </sect2>

general/prog/jdk/j2sdk-inst.xml

@@ -5 +5 @@
 either or both.</para>
 
-<para>Installation of the precompiled <acronym>JDK</acronym> is easy, change 
-the executable bit for the downloaded file, change to the directory where you 
-want it installed and execute the downloaded file. The following (slightly
-cryptic version) allows automatic installation.</para>
+<para>Installation of the precompiled <acronym>JDK</acronym> is easy: 
+create a directory to install from, copy the .bin there, and run the 
+following commands:</para>
 
 <screen><userinput><command>VERSION=&j2sdk-bin-version; &amp;&amp;
@@ -22 +21 @@
 mv * /opt/j2sdk/j2sdk-precompiled-${MV}</command></userinput></screen>
 
-<para>The binary version is now installed.</para>
+<para>The binary version is now installed.  </para>
 
 <para>If you don't want to compile the source or are not in a postition to download the source

gnome/add/gnome-games/gnome-games-inst.xml

@@ -3 +3 @@
 
 <para><application><acronym>GNOME</acronym> Games</application> needs to
-be setgid to track high scores. Create a seperate user and group for games.
+be setgid to track high scores. Create a separate user and group for games.
 See the <filename>README</filename> file in the source directory for more
 information:</para>

postlfs/config/bootdisk.xml

@@ -72 +72 @@
 compiler for this kernel.  If you do so, don't overlook any loadable
 modules (which are not addressed here) you might need - they need to be
-compiled with same compiler used to make the kernel.</para>
+compiled with the same compiler used to make the kernel.</para>
 
 <para>The rescue image must include support for the file system of your
@@ -407 +407 @@
 <screen><userinput><command>mv GNUmakefile Makefile &amp;&amp;
 make &amp;&amp;
-make PREFIX=/mnt/loop1 install &amp;&amp;</command></userinput></screen>
+make PREFIX=/mnt/loop1 install</command></userinput></screen>
 
 <para><emphasis>Install part of <application>e2fsprogs</application></emphasis></para>
@@ -496 +496 @@
 
 <screen><userinput><command>strip -p --strip-unneeded --remove-section=.comment \
-&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/libc.so.6 /lib/libc-2.3.2.so &amp;&amp;
+&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/libc.so.6 /lib/libc-2.3.3.so &amp;&amp;
 strip -p --strip-unneeded --remove-section=.comment \
-&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/ld-linux.so.2 /lib/ld-2.3.2.so &amp;&amp;
+&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/ld-linux.so.2 /lib/ld-2.3.3.so &amp;&amp;
 strip -p --strip-unneeded --remove-section=.comment \
-&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/libdl.so.2 /lib/libdl-2.3.2.so &amp;&amp;
+&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/libdl.so.2 /lib/libdl-2.3.3.so &amp;&amp;
 chmod 555 /mnt/loop1/lib/{libc.so.6,ld-linux.so.2,libdl.so.2}</command></userinput></screen>  
 

postlfs/config/compressdoc.xml

@@ -6 +6 @@
 bzip2'ed pages, a feature you can use to free some disk space while keeping
 your documentation available. However, things are not that simple: man
-directories tend to contain links - hard and symbolic - which defeat simple
+directories tend to contain links—hard and symbolic—which defeat simple
 ideas like recursively calling <command>gzip</command> on them. A better way 
 to go is to use the script below.
@@ -460 +460 @@
 <command>compressdoc --bz2</command> to compress all your system man 
 pages. You can also run <command>compressdoc --help</command> to get 
-a comprehensive help about what the script is able to do.</para>
+comprehensive help about what the script is able to do.</para>
 
 <para> Don't forget that a few programs, like the <application>X</application> 
-Window system, <application>XEmacs</application>, also install their 
+Window system and <application>XEmacs</application> also install their 
 documentation in non standard places (such as <filename class="directory"> 
-/usr/X11R6/man</filename>, etc...). Don't forget to add those locations in the 
+/usr/X11R6/man</filename>, etc...). Be sure to add these locations to the 
 file <filename>/etc/man.conf</filename>, as a
 <envar>MANPATH</envar>=<replaceable>/path</replaceable> section.</para>

postlfs/config/inputrc.xml

@@ -5 +5 @@
 <para><filename>Inputrc</filename> deals with the mapping of the keyboard for 
 certain situations.  This file is the start-up file used by
-<application>readline</application> - the input related library used by 
-<application>Bash</application> and most other shells.</para>
+<application>readline</application>&mdash;the input related library used by 
+<application>bash</application> and most other shells.</para>
 
 <para>For more information see <command>info bash</command> -- <emphasis

postlfs/config/netfs.xml

@@ -4 +4 @@
 
 <para>While <acronym>LFS</acronym> is capable of mounting network file
-systems such as <acronym>NFS</acronym> these are not mounted by
-<filename>mountfs</filename> init script since the tools needed to mount
-these systems may not be available on the root partition and also since
-network file systems need to be mounted after the networking is on and
-need to be unmounted before the network goes down.</para>
+systems such as <acronym>NFS</acronym> these are not mounted by the
+<filename>mountfs</filename> init script.  The tools needed to mount
+these systems may not be available on the root partition and the
+network file systems need to be mounted after the networking is activated.
+These file systems also need to be unmounted before the network goes down.</para>
 
 <para>Install the <filename>/etc/rc.d/init.d/netfs</filename>

postlfs/config/skel.xml

@@ -53 +53 @@
 <para><emphasis>/etc/skel</emphasis></para>
 
-<para>To get started create an <filename class="directory">/etc/skel</filename> directory
+<para>To get started, create an <filename class="directory">/etc/skel</filename> directory
 and make sure it is writable only by the system administrator, usually
 root. Creating the directory as root is the best way to go.</para>
@@ -95 +95 @@
 <para><emphasis>When Adding a User</emphasis></para>
 
-<para>When adding a new user with <command>useradd</command> use
+<para>When adding a new user with <command>useradd</command>, use
 the <option>-m</option> parameter, which tells
 <command>useradd</command> to create the user's home directory and

postlfs/config/vimrc.xml

@@ -3 +3 @@
 <title>/etc/vimrc, ~/.vimrc</title>
 
-<para>The <acronym>LFS</acronym> book installs
-<application>vim</application> as its editor.  At this point we should
-state that there are a <emphasis>lot</emphasis> of different editors out
-there including <application>emacs</application>,
-<application>nano</application>, <application>joe</application> and many 
-more.  Anyone who has been around the Internet (especially usenet) for a 
-short time will certainly have observed at least one flame war, usually 
-involving <application>vim</application> and
+<para>The <acronym>LFS</acronym> book installs <application>vim</application>
+as its text editor.  At this point we should state that there are a
+<emphasis>lot</emphasis> of different editing applications out there including
+<application>emacs</application>, <application>nano</application>,
+<application>joe</application> and many more.  Anyone who has been around the
+Internet (especially usenet) for a short time will certainly have observed at
+least one flame war, usually involving <application>vim</application> and
 <application>emacs</application> users!</para>
 
@@ -29 +28 @@
 the file from <filename>/etc/skel/.vimrc</filename> to
 <filename>/etc/vimrc</filename> and the home directory of users already
-on the system, like root. Be sure to set permissions, owner and group if
+on the system, like root. Be sure to set permissions, owner, and group if
 you do copy anything directly from <filename>/etc/skel</filename>.</para>
 

postlfs/editors/emacs/emacs-desc.xml

@@ -29 +29 @@
 
 <sect3><title>ebrowse</title>
-<para><command>ebrowse</command> permits browsing of C++ class
-hierarchies from within emacs.</para></sect3>
+
+<para><command>ebrowse</command> permits browsing of C++ class hierarchies from
+within emacs.</para></sect3>
 
 <sect3><title>emacsclient</title>

postlfs/filesystems/reiser/reiser-desc.xml

@@ -12 +12 @@
 
 <sect3><title>debugreiserfs</title>
-<para><command>debugreiserfs</command> can sometimes help to solve problems 
-with <application>ReiserFS</application> file systems.  If it is called without 
-options, it prints the super 
-block of any reiserfs file system found on the device.</para></sect3>
+
+<para><command>debugreiserfs</command> can sometimes help to solve problems
+with <application>ReiserFS</application> file systems.  If it is called without
+options, it prints the super block of any reiserfs file system found on the
+device.</para></sect3>
 
 <sect3><title>mkreiserfs</title>

postlfs/security/cracklib/cracklib-intro.xml

@@ -2 +2 @@
 <title>Introduction to <application>cracklib</application></title>
 
-<para>The cracklib package contains a library used to enforce strong 
-passwords by comparing user selected passwords to words in a 
-chosen wordlist.</para>
+<para>The cracklib package contains a library used to enforce strong passwords
+by comparing user selected passwords to words in a chosen wordlist.</para>
 
 <sect3><title>Package information</title>
@@ -27 +26 @@
 </itemizedlist>
 
-<para>You will also need to download a wordlist for use with cracklib.  
-There are two wordlists to choose from at the following location.
-Use the <filename>cracklib</filename> word list for good security,
-or opt for the <filename>allwords</filename> word list for
-lightweight machines short on <acronym>RAM</acronym>.  You can of course choose any other
-word list that you have at your disposal.</para>
+<para>You will also need to download a wordlist for use with cracklib.  There
+are two wordlists to choose from at the following location.  Use the
+<filename>cracklib</filename> word list for good security, or opt for the
+<filename>allwords</filename> word list for lightweight machines short on
+<acronym>RAM</acronym>.  You can of course choose any other word list that you
+have at your disposal.</para>
 
 <para>cracklib (&crackdict-size;): <ulink url="http://www.cotse.com/wordlists/cracklib"/></para>

postlfs/security/firewalling/busybox.xml

@@ -11 +11 @@
 
 <para>Be cautious.  Every service you offer and have enabled makes your
-setup more complex and your box less secure: You induce the risks of 
-misconfigured services or running a service with an exploitable bug, both risks 
-that a firewall principally should be immune of. See the introduction to 
+setup more complex and your box less secure. You induce the risks of 
+misconfigured services or running a service with an exploitable bug.  A firewall
+should generally not run any extra services.  See the introduction to 
 <xref linkend="postlfs-security-fw-masqRouter"/> for some more details.</para>
 
@@ -31 +31 @@
 iptables -A OUTPUT                                      -j ACCEPT</screen>
 
-<para>However, it is generally not advisable to leave OUTPUT unrestricted: you lose 
-any control on trojans who'd like to "call home", and a bit of redundancy in case 
+<para>However, it is generally not advisable to leave OUTPUT unrestricted. You lose 
+any control over trojans who'd like to "call home", and a bit of redundancy in case 
 you've (mis-)configured a service so that it does broadcast its existence to the 
 world.</para>
@@ -59 +59 @@
 
 <listitem><para><anchor id='postlfs-security-fw-BB-4' xreflabel="example no. 4"/>If you are 
-frequently accessing ftp-servers or enjoy chatting you might notice certain 
+frequently accessing ftp-servers or enjoy chatting, you might notice certain 
 delays because some implementations of these daemons have the feature of 
-querying an identd on your box for your username for logging.
+querying an identd on your box for logging usernames.
 Although there's really no harm in this, having an identd running is not 
 recommended because some implementations are known to be vulnerable.</para>
@@ -71 +71 @@
 iptables -A OUTPUT -p tcp --sport 113 -m state --state RELATED -j ACCEPT</screen></listitem>
 
-<listitem><para>To log and drop invalid packets, mostly harmless packets
-that came in after netfilter's timeout, sometimes scans:</para>
+<listitem><para>To log and drop invalid packets (harmless packets
+that came in after netfilter's timeout or some types of network scans):</para>
 
 <screen>iptables -I INPUT 1 -p tcp -m state --state INVALID -j LOG --log-prefix \ 

postlfs/security/firewalling/disclaimer.xml

@@ -6 +6 @@
 DOCUMENT.</emphasis></para> -->
 
-<para>This document is meant as an introduction to how to setup a
-firewall - it is not a complete guide to securing systems.  Firewalling
-is a complex issue that requires careful configuration.
-The scripts quoted here are simply intended to give examples as to how
-a firewall works, they are not intended to fit into any imaginable 
-configuration and may not prevent any imaginable attack.</para>
+<para>This document is meant as an introduction to how to setup a firewall.  It
+is not a complete guide to securing systems.  Firewalling is a complex issue
+that requires careful configuration.  The scripts quoted here are simply
+intended to give examples as to how a firewall works, they are not intended to
+fit into any imaginable configuration and may not prevent any imaginable
+attack.</para>
 
 <para>The purpose of this text is simply to give you a hint on how to get

postlfs/security/firewalling/intro.xml

@@ -5 +5 @@
 against malicious access by using a single machine as a firewall. 
 This does imply that the firewall is to be considered a single point 
-of failure, but it can make the administrators life a lot easier.</para>
+of failure, but it can make the administrator's life a lot easier.</para>
 
 <para>In a perfect world where you knew that every daemon or service 
@@ -11 +11 @@
 buffer-overflows and any other imaginable problem regarding its 
 security, and where you trusted every user accessing your services 
-to aim no harm, you wouldn't need to do have a firewall!  
+to aim no harm, you wouldn't need to have a firewall!  
 In the real world however, daemons may be misconfigured, 
 exploits against essential services are freely available, you 
@@ -21 +21 @@
 
 <para>Don't assume however, that having a firewall makes careful
-configuration redundant, nor that it makes any negligent
-misconfiguration harmless, nor that it prevents anyone from exploiting a
+configuration redundant, or that it makes any negligent
+misconfiguration harmless. It also doesn't prevent anyone from exploiting a
 service you intentionally offer but haven't recently updated or patched
 after an exploit went public.  Despite having a firewall, you need to
@@ -40 +40 @@
 companies such as Symantec, of which they claim or pretend that it
 secures a home or desktop-pc with Internet access. This topic is 
-highly relevant for users who do not know the ways their computers 
-might be accessed via the Internet and how to disable these, 
-especially if they are always online and if they are connected via 
+highly relevant for users who do not know the methods their computers 
+might be accessed via the Internet or how to disable them, 
+especially if they are always online and connected via 
 broadband links.</para></sect3>
 
@@ -59 +59 @@
 performing masquerading or routing functions, but offering a bunch of 
 services, e.g., web-cache, mail, etc.  This may be very commonly used 
-for home networks, but can definitely not to be considered as secure 
+for home networks, but can definitely not be considered as secure 
 anymore because the combining of server and router on one machine raises 
 the complexity of the setup.</para></sect3>

postlfs/security/firewalling/kernel.xml

@@ -3 +3 @@
 
 <para>If you want your Linux-Box to have a firewall, you must first ensure 
-that your kernel has been compiled with the relevant options turned on
+that your kernel has been compiled with the relevant options turned on.
 <!-- <footnote><para>If you needed assistance how to configure, compile and install 
 a new kernel, refer back to chapter VIII of the LinuxFromScratch book, 
@@ -10 +10 @@
 <ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/lilo.html">Making the LFS system bootable</ulink>
 ; note, that you'll need to reboot 
-to actually run your new kernel.</para></footnote>-->.</para>
+to actually run your new kernel.</para></footnote>-->
+</para>
 
 <para>How to configure your kernel, with enabling the options to be 

postlfs/security/firewalling/masqrouter.xml

@@ -82 +82 @@
 <command>EOF</command></userinput></screen>
 
-<para>With this script your intranet should be sufficiently 
-secure against external attacks: no one should be able to setup a 
-new connection to any internal service and, if it's masqueraded, 
-it s even invisible; furthermore, your firewall should be nearly immune 
-because there are no services running that a cracker could attack.</para>
+<para>With this script your intranet should be sufficiently secure against
+external attacks. No one should be able to setup a new connection to any
+internal service and, if it's masqueraded, it's even invisible. Furthermore,
+your firewall should be nearly immune because there are no services running
+that a cracker could attack.</para>
 
 <para>Note: if the interface you're connecting to the Internet 
@@ -97 +97 @@
 
 <para>If you need stronger security (e.g., against DOS, connection 
-highjacking, spoofing, etc.) have a look at the list of 
+highjacking, spoofing, etc.), have a look at the list of 
 <xref linkend="postlfs-security-fw-library"/> at the end of this section.</para>
 

postlfs/security/firewalling/persfw.xml

@@ -2 +2 @@
 <title>Personal Firewall</title>
 
-<para>A Personal Firewall is supposed to let you access the all services
+<para>A Personal Firewall is supposed to let you access all the services
 offered on the Internet, but keep your box secure and your data private.</para>
 
-<para>Below is a slightly modified version of Rusty Russell's
-recommendation from the <ulink url="http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html">Linux
+<para>Below is a slightly modified version of Rusty Russell's recommendation
+from the <ulink
+url="http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html">Linux
 2.4 Packet Filtering HOWTO</ulink>:</para>
 
@@ -56 +57 @@
 <xref linkend="postlfs-security-fw-BB-4"/>.</para>
 
-<para>Even if you have daemons / services running on your box, these
+<para>Even if you have daemons or services running on your box, these
 should be inaccessible everywhere but from your box itself.
 If you want to allow access to services on your machine, such as ssh or pinging, 

postlfs/security/pam/linux_pam-config.xml

@@ -9 +9 @@
 <sect3><title>Configuration Information</title>
 
-<para>Configuration information is placed in <filename>/etc/pam.d</filename> or 
-<filename>/etc/pam.conf</filename> depending on the application that is using 
-<application><acronym>PAM</acronym></application>. Below are example files of
-each type:</para>
+<para>Configuration information is placed in <filename>/etc/pam.d</filename> or
+<filename>/etc/pam.conf</filename> depending on user preference.  Below are
+example files of each type:</para>
 
 <screen># Begin /etc/pam.d/other

postlfs/security/pam/linux_pam-exp.xml

@@ -12 +12 @@
 the mailspool directory <acronym>FHS</acronym> compliant.</para>
 
-<para><option>--enable-read-both-confs</option>: This switch lets the local administrator choose which configuration file setup to use.</para>
+<para><option>--enable-read-both-confs</option>: This switch lets the local
+administrator choose which configuration file setup to use.</para>
 
 <para><command>mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a

postlfs/security/security.xml

@@ -16 +16 @@
 <para>Prevention of breaches, like a trojan, are assisted by applications like 
 <application>GnuPG</application>, specifically the ability to confirm signed 
-packages, which prevents modification of the <acronym>TAR</acronym> ball after 
+packages, which recognizes modifications of the <acronym>TAR</acronym> ball after 
 the packager creates it.</para>
 

postlfs/security/shadow/shadow-config.xml

@@ -7 +7 @@
 <filename>/etc/pam.d/passwd</filename>,
 <filename>/etc/pam.d/su</filename>,
-<filename>/etc/pam.d/shadow</filename>,
+<filename>/etc/pam.d/shadow</filename>, and
 <filename>/etc/pam.d/useradd</filename></para>
 </sect3>

postlfs/security/tripwire/tripwire-config.xml

@@ -38 +38 @@
 tripwire -m i</command></userinput></screen>
 
-<para>During configuration <application>Tripwire</application> will create two (2) keys: a site key and
- a local key which will be stored in <filename class="directory">/etc/tripwire/
-</filename>.</para>
+<para>During installation <application>Tripwire</application> will create two
+(2) keys: a site key and a local key which will be stored in <filename
+class="directory">/etc/tripwire/</filename>.</para>
 
 </sect3>
@@ -59 +59 @@
 on your system so that <application>Tripwire</application> will not continually notify you that
 files you intentionally changed are a security violation. To do this you
-must first <command>ls /var/lib/tripwire/report/</command> and note
+must first <command>ls -l /var/lib/tripwire/report/</command> and note
 the name of the newest file which starts with <filename>linux-</filename> and 
 ends in <filename>.twr</filename>. This encrypted file was created during the 

postlfs/shells/ash/ash-intro.xml

@@ -3 +3 @@
 
 <para><command>ash</command> is a shell that is the most compliant with the
-Bourne Shell (not to be confused with Bourne Again SHell i.e. <application>Bash</application>
+Bourne Shell (not to be confused with Bourne Again SHell i.e., <application>Bash</application>
 installed in <acronym>LFS</acronym>) without any additional features.
 Bourne Shell is available on most commercial

postlfs/shells/tcsh/tcsh.ent

@@ -5 +5 @@
 <!ENTITY tcsh-config SYSTEM "tcsh-config.xml">
 <!ENTITY tcsh-desc SYSTEM "tcsh-desc.xml">
-<!ENTITY tcsh-version "6.12.00">
+<!ENTITY tcsh-version "6.13.00">
 <!ENTITY tcsh-download-http "http://gd.tuwien.ac.at/utils/shells/tcsh/tcsh-&tcsh-version;.tar.gz">
 <!ENTITY tcsh-download-ftp " ">

postlfs/shells/zsh/zsh-config.xml

@@ -6 +6 @@
 <application>ZSH</application> including
 <filename>/etc/zshenv</filename>, <filename>/etc/zprofile</filename>,
-<filename>/etc/zshrc</filename>, <filename>/etc/zlogin</filename> and
+<filename>/etc/zshrc</filename>, <filename>/etc/zlogin</filename>, and
 <filename>/etc/zlogout</filename>.  You can find more information on
 these in the <filename>zsh(1)</filename> and related 

server/other/rsync/rsync-config.xml

@@ -9 +9 @@
 
 <para>This is a simple download-only configuration. See the rsyncd man-page for
-additional options (i.e. user authentication).</para>
+additional options (i.e., user authentication).</para>
 
 <screen><userinput><command>cat &gt; /etc/rsyncd.conf &lt;&lt; "EOF"</command>

xsoft/graphweb/mozilla/mozilla-intro.xml

@@ -7 +7 @@
 
 <para>The Mozilla project also hosts two subprojects that aim to cater to the needs
-of users who don't need the complete browser suite or like to have seperate applications
+of users who don't need the complete browser suite or like to have separate applications
 for browsing and e-mail. These subprojects are
 <ulink url="http://www.mozilla.org/products/firefox/">Mozilla Firefox</ulink>,
@@ -13 +13 @@
 <ulink url="http://www.mozilla.org/projects/thunderbird/">Mozilla Thunderbird</ulink>,
 (a stand-alone mail client based on the Mozilla source code). The build instructions
-for these two applications are discussed in seperate sections:</para>
+for these two applications are discussed in separate sections:</para>
 
 <itemizedlist>