Spelling fixes

Signed-off-by: Tim Smith <tsmith84@gmail.com>

.github/actions/spelling/expect.txt

@@ -0,0 +1,61 @@
+akic
+baf
+cgrp
+chronos
+Ckxomxaar
+cpe
+cqc
+dfdaf
+Dvf
+dvwa
+eecdfd
+FFn
+fjw
+fzvkw
+Gci
+hacklab
+Hacklab
+hnlj
+hostpid
+hushlogin
+IBAA
+icanhazip
+Ikp
+JFUz
+Jhb
+kalilinux
+kbcxs
+kvct
+Kyybse
+lhost
+linux
+lport
+messagebus
+meterpreter
+MIIJKg
+msfconsole
+nch
+NCIs
+ndots
+nginx
+noproxy
+OPENSSH
+Perfetto
+pfuj
+pmuench
+procs
+randomart
+rdm
+rhel
+rkd
+secops
+Thu
+timesync
+umxf
+unminimize
+unnyfkbt
+upperdir
+vmss
+webserver
+xdsp
+XVCJ

.github/actions/spelling/patterns.txt

@@ -89,3 +89,9 @@ aws_secret_access_key\s+\=(\s+)?.+
 
 # score score is valid in MQL docs
 score score
+
+# SHA256 values
+\nSHA256:\S*
+
+# long cert lines in config
+\bcluster_certificate_authority_data = .*

README.md

@@ -3,19 +3,19 @@
 ![samples light-mode illustration](.github/social/preview_light.jpg#gh-light-mode-only)
 ![samples dark-mode illustration](.github/social/preview_dark.jpg#gh-dark-mode-only)
 
-Welcome to our comprehensive security scanning repository! In our ongoing effort to empower the highest standards of security, we've gathered a variety of examples and guides to help you conduct thorough security audits on your resources using `cnspec`, `cnquery`, and the Mondoo Platform. Our examples, ranging from AWS services to GitHub repositories, are structured with a clear overview, prerequisites, step-by-step instructions, expected results, and troubleshooting tips. We trust these will serve as a beneficial starting point for your own security scanning needs.
+Welcome to our comprehensive security scanning repository! In our ongoing effort to empower the highest standards of security, we've gathered a variety of examples and guides to help you conduct thorough security audits on your resources using `cnspec`, `cnquery`, and Mondoo Platform. Our examples, ranging from AWS services to GitHub repositories, are structured with a clear overview, prerequisites, step-by-step instructions, expected results, and troubleshooting tips. We trust these will serve as a beneficial starting point for your own security scanning needs.
 
 - [What are cnspec, cnquery, and Mondoo Platform?](#what-are-cnspec-cnquery-and-mondoo-platform)
 - [AWS](#aws)
   - [Performing CIS AWS Foundations Benchmark with cnspec](#performing-cis-aws-foundations-benchmark-with-cnspec)
   - [Checking Public Exposure of AWS S3 Buckets with cnspec](#checking-public-exposure-of-aws-s3-buckets-with-cnspec)
   - [Verifying MFA Status for AWS IAM Users](#verifying-mfa-status-for-aws-iam-users)
   - [Scanning an AWS EC2 Instance with cnspec using EC2 Instance Connect](#scanning-an-aws-ec2-instance-with-cnspec-using-ec2-instance-connect)
-  - [Playing with AWS EC2 Instances](#playing-with-aws-ec2-instances)
 - [GitHub](#github)
   - [Performing CIS GitHub Supply Chain Benchmark with cnspec](#performing-cis-github-supply-chain-benchmark-with-cnspec)
 - [Hack Lab](#hack-lab)
   - [Demonstrating Container Escape in Kubernetes](#demonstrating-container-escape-in-kubernetes)
+- [Playing with AWS EC2 Instances](#playing-with-aws-ec2-instances)
 - [Contributing](#contributing)
 
 ## What are cnspec, cnquery, and Mondoo Platform?
@@ -24,7 +24,7 @@ Welcome to our comprehensive security scanning repository! In our ongoing effort
 
 `cnquery` is another versatile command-line tool that facilitates advanced querying against your infrastructure data, allowing you to understand and manage your infrastructure more effectively.
 
-The Mondoo Platform is a cloud-native, security and compliance automation platform that enables businesses to secure their infrastructure continuously and at scale.
+Mondoo Platform is a cloud-native, security and compliance automation platform that enables businesses to secure their infrastructure continuously and at scale.
 
 Together, these provide a comprehensive approach to managing and maintaining the security posture of your systems.
 
@@ -66,7 +66,7 @@ This guide walks you through conducting a security scan on an AWS EC2 instance u
 
 ### Performing CIS GitHub Supply Chain Benchmark with cnspec
 
-This guide provides an example on how to execute the CIS (Center for Internet Security) GitHub Benchmark on GitHub repositories and organizations using the `cnspec` and Mondoo platform. These benchmarks offer a standardized set of procedures to assess the security posture of GitHub repositories and organizations, helping to identify vulnerabilities or potential areas for security enhancements.
+This guide provides an example on how to execute the CIS (Center for Internet Security) GitHub Benchmark on GitHub repositories and organizations using the `cnspec` and Mondoo Platform. These benchmarks offer a standardized set of procedures to assess the security posture of GitHub repositories and organizations, helping to identify vulnerabilities or potential areas for security enhancements.
 
 ![cnspec running a GitHub organization scan](./github/cis-supply-chain/github-supply-chain.gif)
 
@@ -78,16 +78,16 @@ The Hack Lab is a collection of vulnerable systems that can be used to learn and
 
 ### Demonstrating Container Escape in Kubernetes
 
-This houses demonstration scenarios showcasing container escapes in Kubernetes environments, particularly in AKS (Azure Kubernetes Service), EKS (Amazon Elastic Kubernetes Service) and GKE (Google Kontainer Engine). These scenarios can serve as engaging demonstrations using Mondoo.
+This houses demonstration scenarios showcasing container escapes in Kubernetes environments, particularly in AKS (Azure Kubernetes Service), EKS (Amazon Elastic Kubernetes Service) and GKE (Google Container Engine). These scenarios can serve as engaging demonstrations using Mondoo.
 
 - [Instructions](./hacklab/container-escape/)
 
 ## Playing with AWS EC2 Instances
 
-The AWS EC2 Instances is a terraform to deploy hardend and not hardend Windows as well as Linux systems.
+The AWS EC2 Instances is a terraform to deploy hardened and not hardened Windows as well as Linux systems.
 
 - [Instructions](./aws/ec2-instance/)
 
 ## Contributing
 
-We welcome contributions! Feel free to submit pull requests for new examples or improvements to existing ones. If you encounter any issues or have questions, please open an issue in this repository or join our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
+We welcome contributions! Feel free to submit pull requests for new examples or improvements to existing ones. If you encounter any issues or have questions, please open an issue in this repository or join our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!

aws/cis-benchmark/README.md

@@ -32,4 +32,4 @@ This command instructs `cnspec` to scan your AWS environment using the CIS Amazo
 - **AWS CLI**: Ensure that AWS CLI is installed and configured correctly. Verify that you are using the correct AWS credentials. If you encounter permission errors, check your AWS IAM role and permissions.
 - **Benchmark execution issues**: If the benchmark does not execute as expected, ensure that you have the necessary permissions to access all resources in your AWS account.
 
-If you encounter a problem that is not addressed in this guide, feel free to raise an issue in this GitHub repository. For more complex or ongoing issues, consider participating in our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
+If you encounter a problem that is not addressed in this guide, feel free to raise an issue in this GitHub repository. For more complex or ongoing issues, consider participating in our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!

aws/ec2-instance-connect/README.md

@@ -44,4 +44,4 @@ This command executes a security scan on your EC2 instance.
 - **AWS CLI and EC2 Instance Connect**: Ensure the latest AWS CLI is installed and configured correctly. Verify that you are using the correct region, availability zone, and instance ID. If you encounter permission errors, check your AWS IAM role and permissions.
 - **SSH connection issues**: If you cannot connect to your EC2 instance, make sure you are using the correct username (usually "ec2-user" for Amazon Linux instances).
 
-For more complex or ongoing issues, feel free to participate in our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
+For more complex or ongoing issues, feel free to participate in our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!

aws/ec2-instances/README.md

@@ -37,8 +37,8 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
 | Oracle 8 cnspec            | Latest Oracle 8 image with latest cnspec                                 | `create_oracle8_cnspec`         |                                                                                                                                                                       |
 | Oracle 8 CIS               | CIS Oracle Linux 8 Benchmark - Level 1                                   | `create_oracle8_cis`            | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa)                 |
 | Oracle 8 CIS cnspec        | CIS Oracle Linux 8 Benchmark - Level 1 with latest cnspec                | `create_oracle8_cis_cnspec`     | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa)                 |
-| RHEL 8                     | Latest RedHat Enterprise Linux 8                                         | `create_rhel8`                  |                                                                                                                                                                       |
-| RHEL 8 cnspec              | Latest RedHat Enterprise Linux 8 with latest cnspec                      | `create_rhel8_cnspec`           |                                                                                                                                                                       |
+| RHEL 8                     | Latest Red Hat Enterprise Linux 8                                        | `create_rhel8`                  |                                                                                                                                                                       |
+| RHEL 8 cnspec              | Latest Red Hat Enterprise Linux 8 with latest cnspec                     | `create_rhel8_cnspec`           |                                                                                                                                                                       |
 | RHEL 8 CIS                 | CIS Red Hat Enterprise Linux 8 STIG Benchmark                            | `create_rhel8_cis`              | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa)          |
 | RHEL 8 CIS cnspec          | CIS Red Hat Enterprise Linux 8 STIG Benchmark with latest cnspec         | `create_rhel8_cis_cnspec`       | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa)          |
 | RHEL 9                     | Latest RHEL 9 image                                                      | `create_rhel9`                  |                                                                                                                                                                       |

aws/iam-mfa/README.md

@@ -32,4 +32,4 @@ The output will be a list of IAM usernames with a check on whether MFA is enable
 - **AWS CLI**: Ensure that AWS CLI is installed and configured correctly. Verify that you are using the correct AWS credentials. If you encounter permission errors, check your AWS IAM role and permissions.
 - **Policy execution issues**: If the policy does not execute as expected, ensure that you have the necessary permissions to access all resources in your AWS account.
 
-Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this Github repository. For ongoing issues or broader discussions, we invite you to join us over at our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
+Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this GitHub repository. For ongoing issues or broader discussions, we invite you to join us over at our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!

aws/public-s3/README.md

@@ -7,7 +7,7 @@ This example uses `cnspec` to check for publicly exposed AWS S3 buckets within y
 ## Pre-requisites
 
 - You should have an AWS account and the necessary credentials (Access Key ID and Secret Access Key) available.
-- Install cnspec following the instructions provided at the installation page of the cnspec Github repository.
+- Install cnspec following the instructions provided at the installation page of the cnspec GitHub repository.
 
 ## Instructions
 
@@ -35,4 +35,4 @@ If you encounter any issues while running the scan:
 
 - **`cnspec` Installation Issues:** If you have trouble installing cnspec, ensure you're following the instructions on the installation page correctly.
 
-Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this Github repository. For ongoing issues or broader discussions, we invite you to join us over at our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
+Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this GitHub repository. For ongoing issues or broader discussions, we invite you to join us over at our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!

azure/README.md

@@ -46,7 +46,7 @@ terraform apply -auto-approve plan.out
 
 ### Connect to VM using `xfreerdp` from Ubuntu
 
-Run the following command to see the the connection details (including sensitive values)
+Run the following command to see the connection details (including sensitive values)
 
 ```bash
 terraform output -raw summary

gcp/cis-benchmark/README.md

@@ -7,7 +7,7 @@ This guide provides an example on how to scan a GCP project against the CIS Goog
 ## Pre-requisites
 
 - You should have the `cnspec` installed. You can follow the [installation instructions](https://github.com/mondoohq/cnspec#installation) to set it up.
-- You need an Google Cloud service account account and the necessary permissions.
+- You need an Google Cloud service account and the necessary permissions.
 - The Google Cloud SDK installed and configured with access to the project you wish to scan.
 
 ## Instructions
@@ -32,4 +32,4 @@ This command instructs `cnspec` to scan a Google Cloud project using the CIS Goo
 - **gcloud SDK CLI**: Ensure that `gcloud` CLI is [installed and configured](https://cloud.google.com/sdk/docs/install-sdk) correctly. Verify that you are using the correct account or service account credentials. If you encounter permission errors, check your IAM role and permissions.
 - **Benchmark execution issues**: If the benchmark does not execute as expected, ensure that you have the necessary permissions to access all resources in your Google Cloud project.
 
-If you encounter a problem that is not addressed in this guide, feel free to raise an issue in this GitHub repository. For more complex or ongoing issues, consider participating in our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
+If you encounter a problem that is not addressed in this guide, feel free to raise an issue in this GitHub repository. For more complex or ongoing issues, consider participating in our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!

github/cis-supply-chain/README.md

@@ -4,11 +4,11 @@
 
 ## Overview
 
-This guide provides an example on how to execute the CIS (Center for Internet Security) GitHub Benchmark on GitHub repositories and organizations using the `cnspec` and Mondoo platform. These benchmarks offer a standardized set of procedures to assess the security posture of GitHub repositories and organizations, helping to identify vulnerabilities or potential areas for security enhancements.
+This guide provides an example on how to execute the CIS (Center for Internet Security) GitHub Benchmark on GitHub repositories and organizations using the `cnspec` and Mondoo Platform. These benchmarks offer a standardized set of procedures to assess the security posture of GitHub repositories and organizations, helping to identify vulnerabilities or potential areas for security enhancements.
 
 ## Pre-requisites
 
-- Mondoo Space: Create a new space on the Mondoo platform and activate the 'CIS GitHub Benchmark - Level 1' benchmark in the Security Registry.
+- Mondoo Space: Create a new space on Mondoo Platform and activate the 'CIS GitHub Benchmark - Level 1' benchmark in the Security Registry.
 - `cnspec` Login: Authenticate with your newly created Mondoo space using `cnspec login -t <yourtoken>` .
 - Organization Access: Ensure you have access to the target GitHub organization, for example https://github.com/lunalectric.
 - GitHub Token: Generate a GitHub token with Resource owner set to lunalectric and all permissions set to read.
@@ -57,4 +57,4 @@ If you encounter any issues while performing these steps:
 - Permission Issues: Verify that you have the necessary permissions to access and scan the GitHub organization or repositories. This may involve checking the settings of your GitHub token and your role within the organization.
 - Command Execution Issues: If the `cnspec`` commands are not executing as expected, ensure that cnspec is installed and updated to the latest version.
 
-Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this Github repository. For ongoing issues or broader discussions, we invite you to join us over at our [Github discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!
+Should you encounter a problem that is not addressed in this guide, feel free to open an issue in this GitHub repository. For ongoing issues or broader discussions, we invite you to join us over at our [GitHub discussions](https://github.com/orgs/mondoohq/discussions) page. We're here to help!