Typos and punctuation

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2236 af4574ff-66df-0310-9fd7-8a98e5e911e0

general/genlib/expat/expat.ent

@@ -4,6 +4,7 @@
 <!ENTITY expat-desc SYSTEM "expat-desc.xml">
 <!ENTITY expat-version "1.95.7">
 <!ENTITY expat-download-http "http://umn.dl.sourceforge.net/sourceforge/expat/expat-&expat-version;.tar.gz">
+<!-- <!ENTITY expat-download-ftp "ftp://ftp.at.linuxfromscratch.org/opsys/linux/sf/e/expat/expat-&expat-version;.tar.gz"> -->
 <!ENTITY expat-download-ftp " ">
 <!ENTITY expat-size "290 KB">
 <!ENTITY expat-buildsize "3.2 MB">

general/genlib/fam/fam-desc.xml

@@ -1,9 +1,9 @@
 <sect2>
 <title>Contents</title>
 
-<para>The <application><acronym>FAM</acronym></application> package contains 
-<command>famd</command> executable and
-<filename>libfam</filename> libraries.</para>
+<para>The <application><acronym>FAM</acronym></application> package contains
+the <command>famd</command> executable and <filename>libfam</filename>
+libraries.</para>
 
 </sect2>
 

general/genlib/genlib.xml

@@ -10,7 +10,7 @@ example of a set of libraries is <application>glibc</application> which is
 installed during the <acronym>LFS</acronym> book.  This contains all of
 the <application>C</application> library functions which programs use.</para>
 
-<para>There are two types of library, static and shared.  Shared libraries 
+<para>There are two types of libraries: static and shared.  Shared libraries 
 (usually <filename>libXXX.so</filename>) are loaded into memory from the shared
 copy at runtime (hence the name).  Static libraries (<filename>libXXX.a
 </filename>) are actually linked into the program executable file itself, thus 
@@ -18,13 +18,13 @@ making the program file larger.  Quite often, you will find both static and
 shared copies of the same library on your system.</para>
 
 <para>Generally, you only need to install libraries when you are
-installing software which requires functionality which they supply.  In
-the <acronym>BLFS</acronym> book, each package is listed with a list of (known)
+installing software that needs the functionality they supply.  In
+the <acronym>BLFS</acronym> book, each package is presented with a list of (known)
 dependencies.  Thus, you can figure out which libraries you need to have
 before installing that program.  If you are installing something without
-using <acronym>BLFS</acronym> instructions, usually the <filename>README
-</filename>  or <filename>INSTALL</filename> file will contain details of the 
-programs requirements.</para>
+using <acronym>BLFS</acronym> instructions, usually the <filename>README</filename>
+or <filename>INSTALL</filename> file will contain details of the 
+program's requirements.</para>
 
 <para>There are certain libraries which nearly <emphasis>everyone</emphasis> 
 will need at some point.  In this chapter we list these and some others and 

general/genlib/gmp/gmp-intro.xml

@@ -2,7 +2,7 @@
 <title>Introduction to <application><acronym>GMP</acronym></application></title>
 
 <para>The <application><acronym>GMP</acronym></application> package
-contains an math library. This has useful functions for arbitrary precision 
+contains a math library. This has useful functions for arbitrary precision 
 arithmetic.</para>
 
 <sect3><title>Package information</title>

general/genlib/pcre/pcre-inst.xml

@@ -9,7 +9,7 @@ make install</command></userinput></screen>
 
 <para>If you reinstall <application>grep</application> after installing <application>pcre</application>,
 <application>grep</application> will get linked against <application>pcre</application> and
-may cause problems if <filename>/usr</filename> is a seperate mount point. To avoid this,
+may cause problems if <filename>/usr</filename> is a separate mount point. To avoid this,
 either pass the option <emphasis>--disable-perl-regexp</emphasis> when executing <command>./configure</command>
 for <application>grep</application> or move <filename>libpcre</filename> to <filename>/lib</filename>
 as follows.</para>

general/genlib/readline/readline-exp.xml

@@ -1,10 +1,10 @@
 <sect2>
 <title>Command explanations</title>
 
-<para><command>make SHLIB_LIBS=-lcurses</command>: These command makes
-the proper symbols available for applications that assume
-<application>readline</application> is compiled linked to
-<application>ncurses</application>.</para>
+<para><command>make SHLIB_LIBS=-lcurses</command>: This command makes the
+proper symbols available for applications that assume
+<application>readline</application> is compiled with
+<application>ncurses</application> links.</para>
 
 </sect2>
 

general/prog/jdk/j2sdk-inst.xml

@@ -4,10 +4,9 @@
 <para>Both versions will be installed in parallel. You may choose to keep 
 either or both.</para>
 
-<para>Installation of the precompiled <acronym>JDK</acronym> is easy, change 
-the executable bit for the downloaded file, change to the directory where you 
-want it installed and execute the downloaded file. The following (slightly
-cryptic version) allows automatic installation.</para>
+<para>Installation of the precompiled <acronym>JDK</acronym> is easy: 
+create a directory to install from, copy the .bin there, and run the 
+following commands:</para>
 
 <screen><userinput><command>VERSION=&j2sdk-bin-version; &amp;&amp;
 MV=`echo $VERSION | cut -d "_" -f 1,1` &amp;&amp;
@@ -21,7 +20,7 @@ cd j2sdk${VERSION} &amp;&amp;
 install -d /opt/j2sdk/j2sdk-precompiled-${MV} &amp;&amp;
 mv * /opt/j2sdk/j2sdk-precompiled-${MV}</command></userinput></screen>
 
-<para>The binary version is now installed.</para>
+<para>The binary version is now installed.  </para>
 
 <para>If you don't want to compile the source or are not in a postition to download the source
 owing to license restrictions, skip ahead to the configuration

gnome/add/gnome-games/gnome-games-inst.xml

@@ -2,7 +2,7 @@
 <title>Installation of <application><acronym>GNOME</acronym> Games</application></title>
 
 <para><application><acronym>GNOME</acronym> Games</application> needs to
-be setgid to track high scores. Create a seperate user and group for games.
+be setgid to track high scores. Create a separate user and group for games.
 See the <filename>README</filename> file in the source directory for more
 information:</para>
 

postlfs/config/bootdisk.xml

@@ -71,7 +71,7 @@ command prompt.  Along the same lines, if you have <xref linkend="gcc2"/>, it
 is known to produce smaller kernels.  So you might want to use that
 compiler for this kernel.  If you do so, don't overlook any loadable
 modules (which are not addressed here) you might need - they need to be
-compiled with same compiler used to make the kernel.</para>
+compiled with the same compiler used to make the kernel.</para>
 
 <para>The rescue image must include support for the file system of your
 choice (we presume ext2/3 here), ramdisk and initial ramdisk (initrd).
@@ -406,7 +406,7 @@ expects to find. Use the following commands to do the install.</para>
 
 <screen><userinput><command>mv GNUmakefile Makefile &amp;&amp;
 make &amp;&amp;
-make PREFIX=/mnt/loop1 install &amp;&amp;</command></userinput></screen>
+make PREFIX=/mnt/loop1 install</command></userinput></screen>
 
 <para><emphasis>Install part of <application>e2fsprogs</application></emphasis></para>
 
@@ -495,11 +495,11 @@ shown next.</para>
 needed will be minimal.  You can add them to the ramdisk image with:</para>
 
 <screen><userinput><command>strip -p --strip-unneeded --remove-section=.comment \
-&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/libc.so.6 /lib/libc-2.3.2.so &amp;&amp;
+&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/libc.so.6 /lib/libc-2.3.3.so &amp;&amp;
 strip -p --strip-unneeded --remove-section=.comment \
-&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/ld-linux.so.2 /lib/ld-2.3.2.so &amp;&amp;
+&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/ld-linux.so.2 /lib/ld-2.3.3.so &amp;&amp;
 strip -p --strip-unneeded --remove-section=.comment \
-&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/libdl.so.2 /lib/libdl-2.3.2.so &amp;&amp;
+&nbsp;&nbsp;&nbsp;&nbsp;-o /mnt/loop1/lib/libdl.so.2 /lib/libdl-2.3.3.so &amp;&amp;
 chmod 555 /mnt/loop1/lib/{libc.so.6,ld-linux.so.2,libdl.so.2}</command></userinput></screen>  
 
 <para>Note that the above commands change the names of the libraries,

postlfs/config/compressdoc.xml

@@ -5,7 +5,7 @@
 <para>Man and info reader programs can transparently process gzip'ed or
 bzip2'ed pages, a feature you can use to free some disk space while keeping
 your documentation available. However, things are not that simple: man
-directories tend to contain links - hard and symbolic - which defeat simple
+directories tend to contain links&mdash;hard and symbolic&mdash;which defeat simple
 ideas like recursively calling <command>gzip</command> on them. A better way 
 to go is to use the script below.
 </para>
@@ -459,12 +459,12 @@ chmod 755 /usr/sbin/compressdoc</command></userinput></screen>
 <para>Now, as root, you can issue a 
 <command>compressdoc --bz2</command> to compress all your system man 
 pages. You can also run <command>compressdoc --help</command> to get 
-a comprehensive help about what the script is able to do.</para>
+comprehensive help about what the script is able to do.</para>
 
 <para> Don't forget that a few programs, like the <application>X</application> 
-Window system, <application>XEmacs</application>, also install their 
+Window system and <application>XEmacs</application> also install their 
 documentation in non standard places (such as <filename class="directory"> 
-/usr/X11R6/man</filename>, etc...). Don't forget to add those locations in the 
+/usr/X11R6/man</filename>, etc...). Be sure to add these locations to the 
 file <filename>/etc/man.conf</filename>, as a
 <envar>MANPATH</envar>=<replaceable>/path</replaceable> section.</para>
 <para> Example:</para><screen><userinput>

postlfs/config/inputrc.xml

@@ -4,8 +4,8 @@
 
 <para><filename>Inputrc</filename> deals with the mapping of the keyboard for 
 certain situations.  This file is the start-up file used by
-<application>readline</application> - the input related library used by 
-<application>Bash</application> and most other shells.</para>
+<application>readline</application>&mdash;the input related library used by 
+<application>bash</application> and most other shells.</para>
 
 <para>For more information see <command>info bash</command> -- <emphasis
 role="strong">Node: Readline Init</emphasis> file as well as

postlfs/config/netfs.xml

@@ -3,11 +3,11 @@
 <title>Configuring for Network Filesystems</title>
 
 <para>While <acronym>LFS</acronym> is capable of mounting network file
-systems such as <acronym>NFS</acronym> these are not mounted by
-<filename>mountfs</filename> init script since the tools needed to mount
-these systems may not be available on the root partition and also since
-network file systems need to be mounted after the networking is on and
-need to be unmounted before the network goes down.</para>
+systems such as <acronym>NFS</acronym> these are not mounted by the
+<filename>mountfs</filename> init script.  The tools needed to mount
+these systems may not be available on the root partition and the
+network file systems need to be mounted after the networking is activated.
+These file systems also need to be unmounted before the network goes down.</para>
 
 <para>Install the <filename>/etc/rc.d/init.d/netfs</filename>
 network mount script included with the

postlfs/config/skel.xml

@@ -52,7 +52,7 @@ can be set in the <filename>/etc/default/useradd</filename> file.</para>
 
 <para><emphasis>/etc/skel</emphasis></para>
 
-<para>To get started create an <filename class="directory">/etc/skel</filename> directory
+<para>To get started, create an <filename class="directory">/etc/skel</filename> directory
 and make sure it is writable only by the system administrator, usually
 root. Creating the directory as root is the best way to go.</para>
 
@@ -94,7 +94,7 @@ of any other user already in the system.</para>
 
 <para><emphasis>When Adding a User</emphasis></para>
 
-<para>When adding a new user with <command>useradd</command> use
+<para>When adding a new user with <command>useradd</command>, use
 the <option>-m</option> parameter, which tells
 <command>useradd</command> to create the user's home directory and
 copy files from <filename class="directory">/etc/skel</filename> (can be overridden) to

postlfs/config/vimrc.xml

@@ -2,14 +2,13 @@
 <?dbhtml filename="vimrc.html"?>
 <title>/etc/vimrc, ~/.vimrc</title>
 
-<para>The <acronym>LFS</acronym> book installs
-<application>vim</application> as its editor.  At this point we should
-state that there are a <emphasis>lot</emphasis> of different editors out
-there including <application>emacs</application>,
-<application>nano</application>, <application>joe</application> and many 
-more.  Anyone who has been around the Internet (especially usenet) for a 
-short time will certainly have observed at least one flame war, usually 
-involving <application>vim</application> and
+<para>The <acronym>LFS</acronym> book installs <application>vim</application>
+as its text editor.  At this point we should state that there are a
+<emphasis>lot</emphasis> of different editing applications out there including
+<application>emacs</application>, <application>nano</application>,
+<application>joe</application> and many more.  Anyone who has been around the
+Internet (especially usenet) for a short time will certainly have observed at
+least one flame war, usually involving <application>vim</application> and
 <application>emacs</application> users!</para>
 
 <para>The <acronym>LFS</acronym> book gives a basic <filename>vimrc
@@ -28,7 +27,7 @@ you put it into <filename>/etc/skel/.vimrc</filename> instead, it will
 be made available to users you add to the system later. You can also copy
 the file from <filename>/etc/skel/.vimrc</filename> to
 <filename>/etc/vimrc</filename> and the home directory of users already
-on the system, like root. Be sure to set permissions, owner and group if
+on the system, like root. Be sure to set permissions, owner, and group if
 you do copy anything directly from <filename>/etc/skel</filename>.</para>
 
 <screen>" Begin .vimrc

postlfs/editors/emacs/emacs-desc.xml

@@ -28,8 +28,9 @@
 code.</para></sect3>
 
 <sect3><title>ebrowse</title>
-<para><command>ebrowse</command> permits browsing of C++ class
-hierarchies from within emacs.</para></sect3>
+
+<para><command>ebrowse</command> permits browsing of C++ class hierarchies from
+within emacs.</para></sect3>
 
 <sect3><title>emacsclient</title>
 <para><command>emacsclient</command> attaches an emacs session to an already running

postlfs/filesystems/reiser/reiser-desc.xml

@@ -11,10 +11,11 @@
 <sect2><title>Description</title>
 
 <sect3><title>debugreiserfs</title>
-<para><command>debugreiserfs</command> can sometimes help to solve problems 
-with <application>ReiserFS</application> file systems.  If it is called without 
-options, it prints the super 
-block of any reiserfs file system found on the device.</para></sect3>
+
+<para><command>debugreiserfs</command> can sometimes help to solve problems
+with <application>ReiserFS</application> file systems.  If it is called without
+options, it prints the super block of any reiserfs file system found on the
+device.</para></sect3>
 
 <sect3><title>mkreiserfs</title>
 <para><command>mkreiserfs</command> creates a

postlfs/security/cracklib/cracklib-intro.xml

@@ -1,9 +1,8 @@
 <sect2>
 <title>Introduction to <application>cracklib</application></title>
 
-<para>The cracklib package contains a library used to enforce strong 
-passwords by comparing user selected passwords to words in a 
-chosen wordlist.</para>
+<para>The cracklib package contains a library used to enforce strong passwords
+by comparing user selected passwords to words in a chosen wordlist.</para>
 
 <sect3><title>Package information</title>
 <itemizedlist spacing='compact'>
@@ -26,12 +25,12 @@ url="&patch-root;/cracklib-&cracklib-version;-blfs-1.patch"/></para></listitem>
 url="&patch-root;/cracklib-&cracklib-version;-heimdal-1.patch"/></para></listitem>
 </itemizedlist>
 
-<para>You will also need to download a wordlist for use with cracklib.  
-There are two wordlists to choose from at the following location.
-Use the <filename>cracklib</filename> word list for good security,
-or opt for the <filename>allwords</filename> word list for
-lightweight machines short on <acronym>RAM</acronym>.  You can of course choose any other
-word list that you have at your disposal.</para>
+<para>You will also need to download a wordlist for use with cracklib.  There
+are two wordlists to choose from at the following location.  Use the
+<filename>cracklib</filename> word list for good security, or opt for the
+<filename>allwords</filename> word list for lightweight machines short on
+<acronym>RAM</acronym>.  You can of course choose any other word list that you
+have at your disposal.</para>
 
 <para>cracklib (&crackdict-size;): <ulink url="http://www.cotse.com/wordlists/cracklib"/></para>
 <para>allwords (&alldict-size;): <ulink url="http://www.cotse.com/wordlists/allwords"/></para>

postlfs/security/firewalling/busybox.xml

@@ -10,9 +10,9 @@ goes far beyond the scope of this document,
 see <xref linkend="postlfs-security-fw-disclaimer"/>.</para>
 
 <para>Be cautious.  Every service you offer and have enabled makes your
-setup more complex and your box less secure: You induce the risks of 
-misconfigured services or running a service with an exploitable bug, both risks 
-that a firewall principally should be immune of. See the introduction to 
+setup more complex and your box less secure. You induce the risks of 
+misconfigured services or running a service with an exploitable bug.  A firewall
+should generally not run any extra services.  See the introduction to 
 <xref linkend="postlfs-security-fw-masqRouter"/> for some more details.</para>
 
 <para>If the services you'd like to offer do not need to access the Internet 
@@ -30,8 +30,8 @@ to, you could open OUTPUT generally and restrict INPUT.</para>
 <screen>iptables -A INPUT -m state --state ESTABLISHED,RELATED	-j ACCEPT
 iptables -A OUTPUT                                      -j ACCEPT</screen>
 
-<para>However, it is generally not advisable to leave OUTPUT unrestricted: you lose 
-any control on trojans who'd like to "call home", and a bit of redundancy in case 
+<para>However, it is generally not advisable to leave OUTPUT unrestricted. You lose 
+any control over trojans who'd like to "call home", and a bit of redundancy in case 
 you've (mis-)configured a service so that it does broadcast its existence to the 
 world.</para>
 
@@ -58,9 +58,9 @@ it's still alive:</para>
 iptables -A OUTPUT -p icmp -m icmp --icmp-type echo-reply   -j ACCEPT</screen></listitem>
 
 <listitem><para><anchor id='postlfs-security-fw-BB-4' xreflabel="example no. 4"/>If you are 
-frequently accessing ftp-servers or enjoy chatting you might notice certain 
+frequently accessing ftp-servers or enjoy chatting, you might notice certain 
 delays because some implementations of these daemons have the feature of 
-querying an identd on your box for your username for logging.
+querying an identd on your box for logging usernames.
 Although there's really no harm in this, having an identd running is not 
 recommended because some implementations are known to be vulnerable.</para>
 
@@ -70,8 +70,8 @@ with a 'tcp-reset':</para>
 <screen>iptables -A INPUT  -p tcp --dport 113 -j REJECT --reject-with tcp-reset
 iptables -A OUTPUT -p tcp --sport 113 -m state --state RELATED -j ACCEPT</screen></listitem>
 
-<listitem><para>To log and drop invalid packets, mostly harmless packets
-that came in after netfilter's timeout, sometimes scans:</para>
+<listitem><para>To log and drop invalid packets (harmless packets
+that came in after netfilter's timeout or some types of network scans):</para>
 
 <screen>iptables -I INPUT 1 -p tcp -m state --state INVALID -j LOG --log-prefix \ 
 "FIREWALL:INVALID"

postlfs/security/firewalling/disclaimer.xml

@@ -5,12 +5,12 @@
 ARE RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THIS 
 DOCUMENT.</emphasis></para> -->
 
-<para>This document is meant as an introduction to how to setup a
-firewall - it is not a complete guide to securing systems.  Firewalling
-is a complex issue that requires careful configuration.
-The scripts quoted here are simply intended to give examples as to how
-a firewall works, they are not intended to fit into any imaginable 
-configuration and may not prevent any imaginable attack.</para>
+<para>This document is meant as an introduction to how to setup a firewall.  It
+is not a complete guide to securing systems.  Firewalling is a complex issue
+that requires careful configuration.  The scripts quoted here are simply
+intended to give examples as to how a firewall works, they are not intended to
+fit into any imaginable configuration and may not prevent any imaginable
+attack.</para>
 
 <para>The purpose of this text is simply to give you a hint on how to get
 started with a firewall.</para>

postlfs/security/firewalling/intro.xml

@@ -4,13 +4,13 @@
 <para>The general purpose of a firewall is to protect a network 
 against malicious access by using a single machine as a firewall. 
 This does imply that the firewall is to be considered a single point 
-of failure, but it can make the administrators life a lot easier.</para>
+of failure, but it can make the administrator's life a lot easier.</para>
 
 <para>In a perfect world where you knew that every daemon or service 
 on every machine was perfectly configured and was immune to, e.g., 
 buffer-overflows and any other imaginable problem regarding its 
 security, and where you trusted every user accessing your services 
-to aim no harm, you wouldn't need to do have a firewall!  
+to aim no harm, you wouldn't need to have a firewall!  
 In the real world however, daemons may be misconfigured, 
 exploits against essential services are freely available, you 
 may wish to choose which services are accessible by certain machines, 
@@ -20,8 +20,8 @@ apps or users.
 In these situations you might  benefit by using a firewall.</para>
 
 <para>Don't assume however, that having a firewall makes careful
-configuration redundant, nor that it makes any negligent
-misconfiguration harmless, nor that it prevents anyone from exploiting a
+configuration redundant, or that it makes any negligent
+misconfiguration harmless. It also doesn't prevent anyone from exploiting a
 service you intentionally offer but haven't recently updated or patched
 after an exploit went public.  Despite having a firewall, you need to
 keep applications and daemons on your system well-configured and
@@ -39,9 +39,9 @@ up-to-date; a firewall is not a cure-all!</para>
 <para>This is a setup or program, for Windows commercially sold by 
 companies such as Symantec, of which they claim or pretend that it
 secures a home or desktop-pc with Internet access. This topic is 
-highly relevant for users who do not know the ways their computers 
-might be accessed via the Internet and how to disable these, 
-especially if they are always online and if they are connected via 
+highly relevant for users who do not know the methods their computers 
+might be accessed via the Internet or how to disable them, 
+especially if they are always online and connected via 
 broadband links.</para></sect3>
 
 <sect3><title><xref linkend="postlfs-security-fw-masqRouter"/></title>
@@ -58,7 +58,7 @@ itself) are commonly considered harmless.</para></sect3>
 <para>This is often an old box you may have retired and nearly forgotten, 
 performing masquerading or routing functions, but offering a bunch of 
 services, e.g., web-cache, mail, etc.  This may be very commonly used 
-for home networks, but can definitely not to be considered as secure 
+for home networks, but can definitely not be considered as secure 
 anymore because the combining of server and router on one machine raises 
 the complexity of the setup.</para></sect3>
 

postlfs/security/firewalling/kernel.xml

@@ -2,14 +2,15 @@
 <title>Getting a firewall enabled Kernel</title>
 
 <para>If you want your Linux-Box to have a firewall, you must first ensure 
-that your kernel has been compiled with the relevant options turned on
+that your kernel has been compiled with the relevant options turned on.
 <!-- <footnote><para>If you needed assistance how to configure, compile and install 
 a new kernel, refer back to chapter VIII of the LinuxFromScratch book, 
 <ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/kernel.html">Installing a kernel</ulink>
  and eventually 
 <ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/lilo.html">Making the LFS system bootable</ulink>
 ; note, that you'll need to reboot 
-to actually run your new kernel.</para></footnote>-->.</para>
+to actually run your new kernel.</para></footnote>-->
+</para>
 
 <para>How to configure your kernel, with enabling the options to be 
 either compiled into the kernel or as modules, depends on your personal 

postlfs/security/firewalling/masqrouter.xml

@@ -81,11 +81,11 @@ done
 echo 1 > /proc/sys/net/ipv4/ip_forward
 <command>EOF</command></userinput></screen>
 
-<para>With this script your intranet should be sufficiently 
-secure against external attacks: no one should be able to setup a 
-new connection to any internal service and, if it's masqueraded, 
-it s even invisible; furthermore, your firewall should be nearly immune 
-because there are no services running that a cracker could attack.</para>
+<para>With this script your intranet should be sufficiently secure against
+external attacks. No one should be able to setup a new connection to any
+internal service and, if it's masqueraded, it's even invisible. Furthermore,
+your firewall should be nearly immune because there are no services running
+that a cracker could attack.</para>
 
 <para>Note: if the interface you're connecting to the Internet 
 doesn't connect via ppp, you will need to change
@@ -96,7 +96,7 @@ interface such as <emphasis role="strong">eth0</emphasis>,
 on both interfaces.</para>
 
 <para>If you need stronger security (e.g., against DOS, connection 
-highjacking, spoofing, etc.) have a look at the list of 
+highjacking, spoofing, etc.), have a look at the list of 
 <xref linkend="postlfs-security-fw-library"/> at the end of this section.</para>
 
 </sect3>

postlfs/security/firewalling/persfw.xml

@@ -1,11 +1,12 @@
 <sect3 id="postlfs-security-fw-persFw" xreflabel="Personal Firewall">
 <title>Personal Firewall</title>
 
-<para>A Personal Firewall is supposed to let you access the all services
+<para>A Personal Firewall is supposed to let you access all the services
 offered on the Internet, but keep your box secure and your data private.</para>
 
-<para>Below is a slightly modified version of Rusty Russell's
-recommendation from the <ulink url="http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html">Linux
+<para>Below is a slightly modified version of Rusty Russell's recommendation
+from the <ulink
+url="http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html">Linux
 2.4 Packet Filtering HOWTO</ulink>:</para>
 
 <screen><userinput><command>cat &gt; /etc/rc.d/init.d/firewall &lt;&lt; "EOF"</command>
@@ -55,7 +56,7 @@ surfing the Internet you are unlikely to exceed its limits.</para>
 please have a look at <xref linkend="postlfs-security-fw-busybox"/> - 
 <xref linkend="postlfs-security-fw-BB-4"/>.</para>
 
-<para>Even if you have daemons / services running on your box, these
+<para>Even if you have daemons or services running on your box, these
 should be inaccessible everywhere but from your box itself.
 If you want to allow access to services on your machine, such as ssh or pinging, 
 take a look at <xref linkend="postlfs-security-fw-busybox"/>.</para> 

postlfs/security/pam/linux_pam-config.xml

@@ -8,10 +8,9 @@
 
 <sect3><title>Configuration Information</title>
 
-<para>Configuration information is placed in <filename>/etc/pam.d</filename> or 
-<filename>/etc/pam.conf</filename> depending on the application that is using 
-<application><acronym>PAM</acronym></application>. Below are example files of
-each type:</para>
+<para>Configuration information is placed in <filename>/etc/pam.d</filename> or
+<filename>/etc/pam.conf</filename> depending on user preference.  Below are
+example files of each type:</para>
 
 <screen># Begin /etc/pam.d/other
 

postlfs/security/pam/linux_pam-exp.xml

@@ -11,7 +11,8 @@ static <acronym>PAM</acronym> libraries as well as the dynamic libraries.</para>
 <para><parameter>--with-mailspool=/var/mail</parameter>: This switch makes
 the mailspool directory <acronym>FHS</acronym> compliant.</para>
 
-<para><option>--enable-read-both-confs</option>: This switch lets the local administrator choose which configuration file setup to use.</para>
+<para><option>--enable-read-both-confs</option>: This switch lets the local
+administrator choose which configuration file setup to use.</para>
 
 <para><command>mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a
 /usr/lib</command>: This command moves the static libraries to

postlfs/security/security.xml

@@ -15,7 +15,7 @@ commonly referred to as a firewall.</para>
 
 <para>Prevention of breaches, like a trojan, are assisted by applications like 
 <application>GnuPG</application>, specifically the ability to confirm signed 
-packages, which prevents modification of the <acronym>TAR</acronym> ball after 
+packages, which recognizes modifications of the <acronym>TAR</acronym> ball after 
 the packager creates it.</para>
 
 <para> Finally, we touch on detection with a package that stores "signatures" 

postlfs/security/shadow/shadow-config.xml

@@ -6,7 +6,7 @@ with <application>shadow</application></title>
 <para><filename>/etc/pam.d/login</filename>,
 <filename>/etc/pam.d/passwd</filename>,
 <filename>/etc/pam.d/su</filename>,
-<filename>/etc/pam.d/shadow</filename>,
+<filename>/etc/pam.d/shadow</filename>, and
 <filename>/etc/pam.d/useradd</filename></para>
 </sect3>
 

postlfs/security/tripwire/tripwire-config.xml

@@ -37,9 +37,9 @@ class="directory">/etc/tripwire/</filename> you may begin the configuration step
 <screen><userinput><command>twadmin -m P /etc/tripwire/twpol.txt &amp;&amp;
 tripwire -m i</command></userinput></screen>
 
-<para>During configuration <application>Tripwire</application> will create two (2) keys: a site key and
- a local key which will be stored in <filename class="directory">/etc/tripwire/
-</filename>.</para>
+<para>During installation <application>Tripwire</application> will create two
+(2) keys: a site key and a local key which will be stored in <filename
+class="directory">/etc/tripwire/</filename>.</para>
 
 </sect3>
 
@@ -58,7 +58,7 @@ the report or email and then modify the
 <application>Tripwire</application> database of the files
 on your system so that <application>Tripwire</application> will not continually notify you that
 files you intentionally changed are a security violation. To do this you
-must first <command>ls /var/lib/tripwire/report/</command> and note
+must first <command>ls -l /var/lib/tripwire/report/</command> and note
 the name of the newest file which starts with <filename>linux-</filename> and 
 ends in <filename>.twr</filename>. This encrypted file was created during the 
 last report creation and is needed to update the

postlfs/shells/ash/ash-intro.xml

@@ -2,7 +2,7 @@
 <title>Introduction to <application>ASH</application></title>
 
 <para><command>ash</command> is a shell that is the most compliant with the
-Bourne Shell (not to be confused with Bourne Again SHell i.e. <application>Bash</application>
+Bourne Shell (not to be confused with Bourne Again SHell i.e., <application>Bash</application>
 installed in <acronym>LFS</acronym>) without any additional features.
 Bourne Shell is available on most commercial
 <acronym>UNIX</acronym> systems. Hence <command>ash</command> is useful for testing

postlfs/shells/tcsh/tcsh.ent

@@ -4,7 +4,7 @@
 <!ENTITY tcsh-exp SYSTEM "tcsh-exp.xml">
 <!ENTITY tcsh-config SYSTEM "tcsh-config.xml">
 <!ENTITY tcsh-desc SYSTEM "tcsh-desc.xml">
-<!ENTITY tcsh-version "6.12.00">
+<!ENTITY tcsh-version "6.13.00">
 <!ENTITY tcsh-download-http "http://gd.tuwien.ac.at/utils/shells/tcsh/tcsh-&tcsh-version;.tar.gz">
 <!ENTITY tcsh-download-ftp " ">
 <!ENTITY tcsh-size "804 KB">

postlfs/shells/zsh/zsh-config.xml

@@ -5,7 +5,7 @@
 <para>There are a whole host of configuration files for
 <application>ZSH</application> including
 <filename>/etc/zshenv</filename>, <filename>/etc/zprofile</filename>,
-<filename>/etc/zshrc</filename>, <filename>/etc/zlogin</filename> and
+<filename>/etc/zshrc</filename>, <filename>/etc/zlogin</filename>, and
 <filename>/etc/zlogout</filename>.  You can find more information on
 these in the <filename>zsh(1)</filename> and related 
 man pages.</para>

server/other/rsync/rsync-config.xml

@@ -8,7 +8,7 @@
 <sect3><title>Configuration Information</title>
 
 <para>This is a simple download-only configuration. See the rsyncd man-page for
-additional options (i.e. user authentication).</para>
+additional options (i.e., user authentication).</para>
 
 <screen><userinput><command>cat &gt; /etc/rsyncd.conf &lt;&lt; "EOF"</command>
 # This is a basic rsync configuration file

xsoft/graphweb/mozilla/mozilla-intro.xml

@@ -6,13 +6,13 @@ sibling of <application>Netscape</application>. It includes the browser,
 composer, mail client, a calendar client and an <acronym>IRC</acronym> client.</para>
 
 <para>The Mozilla project also hosts two subprojects that aim to cater to the needs
-of users who don't need the complete browser suite or like to have seperate applications
+of users who don't need the complete browser suite or like to have separate applications
 for browsing and e-mail. These subprojects are
 <ulink url="http://www.mozilla.org/products/firefox/">Mozilla Firefox</ulink>,
 (a stand-alone browser based on the Mozilla source code) and
 <ulink url="http://www.mozilla.org/projects/thunderbird/">Mozilla Thunderbird</ulink>,
 (a stand-alone mail client based on the Mozilla source code). The build instructions
-for these two applications are discussed in seperate sections:</para>
+for these two applications are discussed in separate sections:</para>
 
 <itemizedlist>
 <listitem><para><xref linkend="firefox"/></para></listitem>