fix spelling errors

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2024-09-19 21:11:52 +00:00 · 2023-04-14 23:51:53 +02:00 · 2023-04-14 23:51:53 +02:00 · 7259d6b5fd
commit 7259d6b5fd
parent edcada16e4
17 changed files with 33 additions and 32 deletions
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@ -19,3 +19,4 @@ jobs:
        uses: codespell-project/actions-codespell@v1
        with:
          check_filenames: true
+          ignore_words_list: "chage"
--- a/OS_HARDENING_CHANGELOG.md
+++ b/OS_HARDENING_CHANGELOG.md
@ -26,7 +26,7 @@

 - fix fedora build [\#296](https://github.com/dev-sec/ansible-os-hardening/pull/296) ([rndmh3ro](https://github.com/rndmh3ro))
 - do not blacklist used filesystems [\#289](https://github.com/dev-sec/ansible-os-hardening/pull/289) [[patch](https://github.com/dev-sec/ansible-os-hardening/labels/patch)] ([schurzi](https://github.com/schurzi))
- move hidepid vars into defaults so theyre overwritable [\#285](https://github.com/dev-sec/ansible-os-hardening/pull/285) [[patch](https://github.com/dev-sec/ansible-os-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
+- move hidepid vars into defaults so they're overwritable [\#285](https://github.com/dev-sec/ansible-os-hardening/pull/285) [[patch](https://github.com/dev-sec/ansible-os-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))

 ## [6.1.0](https://github.com/dev-sec/ansible-os-hardening/tree/6.1.0) (2020-07-21)

@ -90,7 +90,7 @@
 - Add kernel parameter information to README [\#259](https://github.com/dev-sec/ansible-os-hardening/pull/259) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([jaredledvina](https://github.com/jaredledvina))
 - Remove trailing whitespaces \(ansible-lint 201\) [\#254](https://github.com/dev-sec/ansible-os-hardening/pull/254) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([kravietz](https://github.com/kravietz))
 - Standardize the var ordering [\#251](https://github.com/dev-sec/ansible-os-hardening/pull/251) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([dustinmiller1337](https://github.com/dustinmiller1337))
- Add intial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-os-hardening/pull/250) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([dustinmiller1337](https://github.com/dustinmiller1337))
+- Add initial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-os-hardening/pull/250) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([dustinmiller1337](https://github.com/dustinmiller1337))
 - Make max_log_file_action for auditd configurable [\#246](https://github.com/dev-sec/ansible-os-hardening/pull/246) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([jandd](https://github.com/jandd))
 - Add exception in sysctl task [\#240](https://github.com/dev-sec/ansible-os-hardening/pull/240) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([ghost](https://github.com/ghost))
 - Fedora - Use new auto ansible_python_interpreter for dnf [\#239](https://github.com/dev-sec/ansible-os-hardening/pull/239) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([jaredledvina](https://github.com/jaredledvina))
@ -165,7 +165,7 @@

 **Fixed bugs:**

- auditd causing v5.0 to fail on unpriviledged LXC's [\#191](https://github.com/dev-sec/ansible-os-hardening/issues/191) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)]
+- auditd causing v5.0 to fail on unprivileged LXC's [\#191](https://github.com/dev-sec/ansible-os-hardening/issues/191) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)]
 - Setting os_security_users_allow has no effect [\#175](https://github.com/dev-sec/ansible-os-hardening/issues/175) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)]
 - add /usr/bin/su to suid_guid whitelist [\#199](https://github.com/dev-sec/ansible-os-hardening/pull/199) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)] ([ccolic](https://github.com/ccolic))
 - ensure that permissions to su-binary are not restricted to root user and group only, if os_security_users_allow contains the value change_user [\#197](https://github.com/dev-sec/ansible-os-hardening/pull/197) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)] ([szEvEz](https://github.com/szEvEz))
@ -346,7 +346,7 @@
 - Docker [\#90](https://github.com/dev-sec/ansible-os-hardening/pull/90) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
 - debian 8 support [\#88](https://github.com/dev-sec/ansible-os-hardening/pull/88) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
 - Ufw manage defaults [\#85](https://github.com/dev-sec/ansible-os-hardening/pull/85) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
- replace ignore_errors to failed_when to supress ugly error warnings [\#81](https://github.com/dev-sec/ansible-os-hardening/pull/81) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
+- replace ignore_errors to failed_when to suppress ugly error warnings [\#81](https://github.com/dev-sec/ansible-os-hardening/pull/81) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
 - fix bare variables usage for loops [\#79](https://github.com/dev-sec/ansible-os-hardening/pull/79) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))

 **Fixed bugs:**
@ -459,7 +459,7 @@
 - Repair debian install script [\#8](https://github.com/dev-sec/ansible-os-hardening/pull/8) ([rndmh3ro](https://github.com/rndmh3ro))
 - Separate tasks into multiple smaller files [\#7](https://github.com/dev-sec/ansible-os-hardening/pull/7) ([rndmh3ro](https://github.com/rndmh3ro))
 - Enable gpg-check on all yum-repositories [\#5](https://github.com/dev-sec/ansible-os-hardening/pull/5) ([rndmh3ro](https://github.com/rndmh3ro))
- Change playbook-path to accomodate test-repo [\#4](https://github.com/dev-sec/ansible-os-hardening/pull/4) ([rndmh3ro](https://github.com/rndmh3ro))
+- Change playbook-path to accommodate test-repo [\#4](https://github.com/dev-sec/ansible-os-hardening/pull/4) ([rndmh3ro](https://github.com/rndmh3ro))
 - treat securetty config as an array [\#3](https://github.com/dev-sec/ansible-os-hardening/pull/3) ([arlimus](https://github.com/arlimus))
 - Add Securetty-support [\#2](https://github.com/dev-sec/ansible-os-hardening/pull/2) ([rndmh3ro](https://github.com/rndmh3ro))
 - Add profile.conf configuration [\#1](https://github.com/dev-sec/ansible-os-hardening/pull/1) ([rndmh3ro](https://github.com/rndmh3ro))
--- a/molecule/os_hardening/verify_tasks/pam.yml
+++ b/molecule/os_hardening/verify_tasks/pam.yml
@ -21,7 +21,7 @@
    name: testuser
    password: "{{ test_pw | password_hash('sha512') }}"

- name: check successfull login with correct password
+- name: check successful login with correct password
  shell:
    cmd: "pam-tester --user testuser --password {{ test_pw }}"
  environment:
@ -29,7 +29,7 @@
    LC_ALL: "{{ locale | default('C.UTF-8') }}"
    LANG: "{{ locale | default('C.UTF-8') }}"

- name: check unsuccessfull login with incorrect password
+- name: check unsuccessful login with incorrect password
  shell:
    cmd: "pam-tester --user testuser --password {{ test_pw }}fail --expectfail"
  environment:
@ -38,7 +38,7 @@
    LANG: "{{ locale | default('C.UTF-8') }}"
  with_sequence: count=6

- name: check unsuccessfull login, with correct password (lockout)
+- name: check unsuccessful login, with correct password (lockout)
  shell:
    cmd: "pam-tester --user testuser --password {{ test_pw }} --expectfail"
  environment:
@ -50,7 +50,7 @@
  pause:
    seconds: 20

- name: check successfull login
+- name: check successful login
  shell:
    cmd: "pam-tester --user testuser --password {{ test_pw }}"
  environment:
--- a/molecule/os_hardening_vm/molecule.yml
+++ b/molecule/os_hardening_vm/molecule.yml
@ -8,7 +8,7 @@ driver:
  provider:
    name: libvirt
 platforms:
-  # we need to name every instance differntly to start multiple VMs on the same host (parallelization)
+  # we need to name every instance differently to start multiple VMs on the same host (parallelization)
  # since we also need to use different OS users to run the tests because of how molecule operates,
  # the VM names must be predictable by OS user (to clean up canceled runs)
  - name: "${USER}"
--- a/molecule/os_hardening_vm/verify_tasks/pam.yml
+++ b/molecule/os_hardening_vm/verify_tasks/pam.yml
@ -21,7 +21,7 @@
    name: testuser
    password: "{{ test_pw | password_hash('sha512') }}"

- name: check successfull login with correct password
+- name: check successful login with correct password
  shell:
    cmd: "pam-tester --user testuser --password {{ test_pw }}"
  environment:
@ -29,7 +29,7 @@
    LC_ALL: "{{ locale | default('C.UTF-8') }}"
    LANG: "{{ locale | default('C.UTF-8') }}"

- name: check unsuccessfull login with incorrect password
+- name: check unsuccessful login with incorrect password
  shell:
    cmd: "pam-tester --user testuser --password {{ test_pw }}fail --expectfail"
  environment:
@ -38,7 +38,7 @@
    LANG: "{{ locale | default('C.UTF-8') }}"
  with_sequence: count=6

- name: check unsuccessfull login, with correct password (lockout)
+- name: check unsuccessful login, with correct password (lockout)
  shell:
    cmd: "pam-tester --user testuser --password {{ test_pw }} --expectfail"
  environment:
@ -50,7 +50,7 @@
  pause:
    seconds: 20

- name: check successfull login
+- name: check successful login
  shell:
    cmd: "pam-tester --user testuser --password {{ test_pw }}"
  environment:
--- a/molecule/ssh_hardening_bsd/molecule.yml
+++ b/molecule/ssh_hardening_bsd/molecule.yml
@ -4,7 +4,7 @@ driver:
  provider:
    name: libvirt
 platforms:
-  # we need to name every instance differntly to start multiple VMs on the same host (parallelization)
+  # we need to name every instance differently to start multiple VMs on the same host (parallelization)
  # since we also need to use different OS users to run the tests because of how molecule operates,
  # the VM names must be predictable by OS user (to clean up canceled runs)
  - name: "${USER}"
--- a/roles/mysql_hardening/CHANGELOG.md
+++ b/roles/mysql_hardening/CHANGELOG.md
@ -91,7 +91,7 @@

 **Implemented enhancements:**

- add follow=yes to my.cnf protect task, incase its a symlink. fixes \#20 [\#21](https://github.com/dev-sec/ansible-mysql-hardening/pull/21) ([rndmh3ro](https://github.com/rndmh3ro))
+- add follow=yes to my.cnf protect task, in case its a symlink. fixes \#20 [\#21](https://github.com/dev-sec/ansible-mysql-hardening/pull/21) ([rndmh3ro](https://github.com/rndmh3ro))
 - add changelog generator [\#7](https://github.com/dev-sec/ansible-mysql-hardening/pull/7) ([chris-rock](https://github.com/chris-rock))

 **Closed issues:**
--- a/roles/mysql_hardening/tasks/main.yml
+++ b/roles/mysql_hardening/tasks/main.yml
@ -14,7 +14,7 @@

 # we only override variables with our default if they have not been specified already.
 # by default the lookup functions finds all varnames containing the string, therefore
-# we add ^ and $ to denote start and end of string, so this returns only exact maches.
+# we add ^ and $ to denote start and end of string, so this returns only exact matches.
 - name: Set OS dependent variables, if not already defined by user # noqa var-naming
  ansible.builtin.set_fact:
    "{{ item.key }}": "{{ item.value }}"
--- a/roles/os_hardening/CHANGELOG.md
+++ b/roles/os_hardening/CHANGELOG.md
@ -54,7 +54,7 @@

 - fix fedora build [\#296](https://github.com/dev-sec/ansible-os-hardening/pull/296) ([rndmh3ro](https://github.com/rndmh3ro))
 - do not blacklist used filesystems [\#289](https://github.com/dev-sec/ansible-os-hardening/pull/289) ([schurzi](https://github.com/schurzi))
- move hidepid vars into defaults so theyre overwritable [\#285](https://github.com/dev-sec/ansible-os-hardening/pull/285) ([rndmh3ro](https://github.com/rndmh3ro))
+- move hidepid vars into defaults so they're overwritable [\#285](https://github.com/dev-sec/ansible-os-hardening/pull/285) ([rndmh3ro](https://github.com/rndmh3ro))

 ## [6.1.0](https://github.com/dev-sec/ansible-os-hardening/tree/6.1.0) (2020-07-21)

@ -118,7 +118,7 @@
 - Add kernel parameter information to README [\#259](https://github.com/dev-sec/ansible-os-hardening/pull/259) ([jaredledvina](https://github.com/jaredledvina))
 - Remove trailing whitespaces \(ansible-lint 201\) [\#254](https://github.com/dev-sec/ansible-os-hardening/pull/254) ([kravietz](https://github.com/kravietz))
 - Standardize the var ordering [\#251](https://github.com/dev-sec/ansible-os-hardening/pull/251) ([dustinmiller1337](https://github.com/dustinmiller1337))
- Add intial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-os-hardening/pull/250) ([dustinmiller1337](https://github.com/dustinmiller1337))
+- Add initial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-os-hardening/pull/250) ([dustinmiller1337](https://github.com/dustinmiller1337))
 - Make max_log_file_action for auditd configurable [\#246](https://github.com/dev-sec/ansible-os-hardening/pull/246) ([jandd](https://github.com/jandd))
 - Add exception in sysctl task [\#240](https://github.com/dev-sec/ansible-os-hardening/pull/240) ([ghost](https://github.com/ghost))
 - Fedora - Use new auto ansible_python_interpreter for dnf [\#239](https://github.com/dev-sec/ansible-os-hardening/pull/239) ([jaredledvina](https://github.com/jaredledvina))
@ -193,7 +193,7 @@

 **Fixed bugs:**

- auditd causing v5.0 to fail on unpriviledged LXC's [\#191](https://github.com/dev-sec/ansible-os-hardening/issues/191)
+- auditd causing v5.0 to fail on unprivileged LXC's [\#191](https://github.com/dev-sec/ansible-os-hardening/issues/191)
 - Setting os_security_users_allow has no effect [\#175](https://github.com/dev-sec/ansible-os-hardening/issues/175)
 - add /usr/bin/su to suid_guid whitelist [\#199](https://github.com/dev-sec/ansible-os-hardening/pull/199) ([ccolic](https://github.com/ccolic))
 - ensure that permissions to su-binary are not restricted to root user and group only, if os_security_users_allow contains the value change_user [\#197](https://github.com/dev-sec/ansible-os-hardening/pull/197) ([szEvEz](https://github.com/szEvEz))
@ -374,7 +374,7 @@
 - Docker [\#90](https://github.com/dev-sec/ansible-os-hardening/pull/90) ([rndmh3ro](https://github.com/rndmh3ro))
 - debian 8 support [\#88](https://github.com/dev-sec/ansible-os-hardening/pull/88) ([rndmh3ro](https://github.com/rndmh3ro))
 - Ufw manage defaults [\#85](https://github.com/dev-sec/ansible-os-hardening/pull/85) ([fitz123](https://github.com/fitz123))
- replace ignore_errors to failed_when to supress ugly error warnings [\#81](https://github.com/dev-sec/ansible-os-hardening/pull/81) ([fitz123](https://github.com/fitz123))
+- replace ignore_errors to failed_when to suppress ugly error warnings [\#81](https://github.com/dev-sec/ansible-os-hardening/pull/81) ([fitz123](https://github.com/fitz123))
 - fix bare variables usage for loops [\#79](https://github.com/dev-sec/ansible-os-hardening/pull/79) ([fitz123](https://github.com/fitz123))

 **Fixed bugs:**
@ -487,7 +487,7 @@
 - Repair debian install script [\#8](https://github.com/dev-sec/ansible-os-hardening/pull/8) ([rndmh3ro](https://github.com/rndmh3ro))
 - Separate tasks into multiple smaller files [\#7](https://github.com/dev-sec/ansible-os-hardening/pull/7) ([rndmh3ro](https://github.com/rndmh3ro))
 - Enable gpg-check on all yum-repositories [\#5](https://github.com/dev-sec/ansible-os-hardening/pull/5) ([rndmh3ro](https://github.com/rndmh3ro))
- Change playbook-path to accomodate test-repo [\#4](https://github.com/dev-sec/ansible-os-hardening/pull/4) ([rndmh3ro](https://github.com/rndmh3ro))
+- Change playbook-path to accommodate test-repo [\#4](https://github.com/dev-sec/ansible-os-hardening/pull/4) ([rndmh3ro](https://github.com/rndmh3ro))
 - treat securetty config as an array [\#3](https://github.com/dev-sec/ansible-os-hardening/pull/3) ([arlimus](https://github.com/arlimus))
 - Add Securetty-support [\#2](https://github.com/dev-sec/ansible-os-hardening/pull/2) ([rndmh3ro](https://github.com/rndmh3ro))
 - Add profile.conf configuration [\#1](https://github.com/dev-sec/ansible-os-hardening/pull/1) ([rndmh3ro](https://github.com/rndmh3ro))
--- a/roles/os_hardening/README.md
+++ b/roles/os_hardening/README.md
@ -58,7 +58,7 @@ If you're using Docker / Kubernetes+Docker you'll need to override the ipv4 ip f

 ### hidepid on RHEL/CentOS 7

-When having `polkit-0.112-18.el7` (and later) installed and `/proc` mounted with `hidepid=2`, everytime someone uses `systemctl` the following error is displayed, but systemctl runs successfully.
+When having `polkit-0.112-18.el7` (and later) installed and `/proc` mounted with `hidepid=2`, every time someone uses `systemctl` the following error is displayed, but systemctl runs successfully.

 ```
 Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
--- a/roles/os_hardening/defaults/main.yml
+++ b/roles/os_hardening/defaults/main.yml
@ -157,8 +157,8 @@ sysctl_config:
  # https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace
  #
  # For applications launching crash handlers that need PTRACE, exceptions can
-  # be registered by the debugee by declaring in the segfault handler
-  # specifically which process will be using PTRACE on the debugee:
+  # be registered by the debuggee by declaring in the segfault handler
+  # specifically which process will be using PTRACE on the debuggee:
  #   prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0);
  #
  # In general, PTRACE is not needed for the average running Ubuntu system.
--- a/roles/os_hardening/templates/etc/login.defs.j2
+++ b/roles/os_hardening/templates/etc/login.defs.j2
@ -136,7 +136,7 @@ SUB_GID_MIN       {{ os_auth_sub_gid_min }}
 SUB_GID_MAX       {{ os_auth_sub_gid_max }}
 SUB_GID_COUNT     {{ os_auth_sub_gid_count }}

-# Max number of login retries if password is bad. This will most likely be overriden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.
+# Max number of login retries if password is bad. This will most likely be overridden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.
 LOGIN_RETRIES     {{ os_auth_retries }}

 # Max time in seconds for login
@ -155,7 +155,7 @@ DEFAULT_HOME      {{ 'yes' if os_auth_allow_homeless else 'no' }}
 # the user to be removed (passed as the first argument).
 #USERDEL_CMD       /usr/sbin/userdel_local

-# Instead of the real user shell, the program specified by this parameter will be launched, although its visible name (`argv[0]`) will be the shell's. The program may do whatever it wants (logging, additional authentification, banner, ...) before running the actual shell.
+# Instead of the real user shell, the program specified by this parameter will be launched, although its visible name (`argv[0]`) will be the shell's. The program may do whatever it wants (logging, additional authentication, banner, ...) before running the actual shell.
 #FAKE_SHELL        /bin/fakeshell

 # If defined, either full pathname of a file containing device names or a ":" delimited list of device names.  Root logins will be allowed only upon these devices.
--- a/roles/os_hardening/vars/Amazon.yml
+++ b/roles/os_hardening/vars/Amazon.yml
@ -81,6 +81,6 @@ os_useradd_create_home: true
 modprobe_package: module-init-tools
 auditd_package: audit

-# system accounts that do not get their login disabled and pasword changed
+# system accounts that do not get their login disabled and password changed
 os_always_ignore_users: [root, sync, shutdown, halt, ec2-user]
 hidepid_option: "2" # allowed values: 0, 1, 2
--- a/roles/os_hardening/vars/main.yml
+++ b/roles/os_hardening/vars/main.yml
@ -108,5 +108,5 @@ os_security_suid_sgid_system_whitelist:
  - /usr/lib/libvte9/gnome-pty-helper # gnome
  - /usr/lib/libvte-2.90-9/gnome-pty-helper # gnome

-# system accounts that do not get their login disabled and pasword changed
+# system accounts that do not get their login disabled and password changed
 os_always_ignore_users: [root, sync, shutdown, halt]
--- a/roles/ssh_hardening/CHANGELOG.md
+++ b/roles/ssh_hardening/CHANGELOG.md
@ -195,7 +195,7 @@
 - SFTP: set default umask to 0027 [\#252](https://github.com/dev-sec/ansible-ssh-hardening/pull/252) ([Slamdunk](https://github.com/Slamdunk))
 - Separate PermitUserEnviroment from AcceptEnv [\#251](https://github.com/dev-sec/ansible-ssh-hardening/pull/251) ([szEvEz](https://github.com/szEvEz))
 - Feature: Debian 10 \(Buster\) support [\#249](https://github.com/dev-sec/ansible-ssh-hardening/pull/249) ([jaredledvina](https://github.com/jaredledvina))
- fix broken packages, extend README with furhter development instructions [\#246](https://github.com/dev-sec/ansible-ssh-hardening/pull/246) ([szEvEz](https://github.com/szEvEz))
+- fix broken packages, extend README with further development instructions [\#246](https://github.com/dev-sec/ansible-ssh-hardening/pull/246) ([szEvEz](https://github.com/szEvEz))
 - refactor authenticationmethod settings, allow user to set authenticat… [\#245](https://github.com/dev-sec/ansible-ssh-hardening/pull/245) ([szEvEz](https://github.com/szEvEz))
 - RHEL/OL/CentOS 8 support [\#242](https://github.com/dev-sec/ansible-ssh-hardening/pull/242) ([Furragen](https://github.com/Furragen))
 - Added ssh_syslog_facility, ssh_log_level and ssh_strict_modes parameters [\#240](https://github.com/dev-sec/ansible-ssh-hardening/pull/240) ([bschonec](https://github.com/bschonec))
--- a/roles/ssh_hardening/README.md
+++ b/roles/ssh_hardening/README.md
@ -34,7 +34,7 @@ As this role requires root-privileges, we added `become: true` to all tasks. So
  - Description: Specifies the port number to connect on the remote host.
 - `ssh_listen_to`
  - Default: `['0.0.0.0']`
-  - Description: one or more ip addresses, to which ssh-server should listen to. Default is all IPv4 adresses, but should be configured to specific addresses for security reasons!
+  - Description: one or more ip addresses, to which ssh-server should listen to. Default is all IPv4 addresses, but should be configured to specific addresses for security reasons!
 - `ssh_host_key_files`
  - Default: `[]`
  - Description: Host keys for sshd. If empty ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key'] will be used, as far as supported by the installed sshd version.
--- a/roles/ssh_hardening/templates/opensshd.conf.j2
+++ b/roles/ssh_hardening/templates/opensshd.conf.j2
@ -152,7 +152,7 @@ GSSAPICleanupCredentials yes
 {% endif %}
 {% if ssh_deny_users %}
 # In case you don't use PAM (`UsePAM no`), you can alternatively restrict users and groups here.
-# For key-based authentication this is not necessary, since all keys must be explicitely enabled.
+# For key-based authentication this is not necessary, since all keys must be explicitly enabled.
 DenyUsers {{ ssh_deny_users }}

 {% endif %}