From 52859423a86eb9ff1b83dbf717dd426dc610cd5c Mon Sep 17 00:00:00 2001
From: Alexander Dupuy <alex.dupuy@mac.com>
Date: Thu, 20 Nov 2014 16:27:32 +0100
Subject: [PATCH 1/3] fix API spelling (unkown -> unknown)

---
 COMPLIANCE.md          | 18 +++++++++---------
 README.md              |  7 ++++---
 attributes/default.rb  |  4 ++--
 libraries/suid_sgid.rb |  2 +-
 recipes/suid_sgid.rb   | 11 ++++++-----
 5 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/COMPLIANCE.md b/COMPLIANCE.md
index 34d4164f..94f26b4e 100644
--- a/COMPLIANCE.md
+++ b/COMPLIANCE.md
@@ -7,15 +7,15 @@ See reference documentation [here](http://www.telekom.com/static/-/155996/7/tech
 
 #### 3.21 Unix Requirements v1.2 
 
-| Requirement |                      Configuration                       |
-|-------------|----------------------------------------------------------|
-| 6           | active by default                                        |
-| 9           | active by default                                        |
-| 11          | active by default                                        |
-| 10          | active by default                                        |
-| 14          | `['security']['suid_sgid']['remove_from_unkown'] = true` |
-| 16          | active by default                                        |
-| 17          | active by default                                        |
+| Requirement |                      Configuration                        |
+|-------------|-----------------------------------------------------------|
+| 6           | active by default                                         |
+| 9           | active by default                                         |
+| 11          | active by default                                         |
+| 10          | active by default                                         |
+| 14          | `['security']['suid_sgid']['remove_from_unknown'] = true` |
+| 16          | active by default                                         |
+| 17          | active by default                                         |
 
 #### 3.01 Technical Baseline Security for IT/NT Systems 
 
diff --git a/README.md b/README.md
index 50689f28..335fe637 100644
--- a/README.md
+++ b/README.md
@@ -82,10 +82,11 @@ We deprecated `sysctl` version before `0.6.0`. Future versions of this cookbook
   a list of paths which should have their SUID/SGID bits removed
 * `['security']['suid_sgid']['whitelist'] = []`
   a list of paths which should not have their SUID/SGID bits altered
-* `['security']['suid_sgid']['remove_from_unkown'] = false`
+* `['security']['suid_sgid']['remove_from_unknown'] = false`
   true if you want to remove SUID/SGID bits from any file, that is not explicitly configured in a `blacklist`. This will make every Chef run search through the mounted filesystems looking for SUID/SGID bits that are not configured in the default and user blacklist. If it finds an SUID/SGID bit, it will be removed, unless this file is in your `whitelist`.
-* `['security']['suid_sgid']['dry_run_on_unkown'] = false`
-  like `remove_from_unknown` above, only that SUID/SGID bits aren't removed. It will still search the filesystems to look for SUID/SGID bits but it will only print them in your log. This option is only ever recommended, when you first configure `remove_from_unkown` for SUID/SGID bits, so that you can see the files that are being changed and make adjustments to your `whitelist` and `blacklist`.
+* `['security']['suid_sgid']['dry_run_on_unknown'] = false`
+  like `remove_from_unknown` above, only that SUID/SGID bits aren't removed.
+  It will still search the filesystems to look for SUID/SGID bits but it will only print them in your log. This option is only ever recommended, when you first configure `remove_from_unknown` for SUID/SGID bits, so that you can see the files that are being changed and make adjustments to your `whitelist` and `blacklist`.
 * `['security']['packages']['clean']  = true` 
   removes packages with known issues. See section packages.
 
diff --git a/attributes/default.rb b/attributes/default.rb
index f351e477..94f15206 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -75,8 +75,8 @@
 default['security']['suid_sgid']['whitelist']          = []
 # if this is true, remove any suid/sgid bits from files that were not in the
 # whitelist
-default['security']['suid_sgid']['remove_from_unkown'] = false
-default['security']['suid_sgid']['dry_run_on_unkown']  = false
+default['security']['suid_sgid']['remove_from_unknown'] = false
+default['security']['suid_sgid']['dry_run_on_unknown']  = false
 
 # remove packages with known issues
 default['security']['packages']['clean']               = true
diff --git a/libraries/suid_sgid.rb b/libraries/suid_sgid.rb
index bb6ad259..ee46f0b8 100644
--- a/libraries/suid_sgid.rb
+++ b/libraries/suid_sgid.rb
@@ -52,7 +52,7 @@ def self.remove_suid_sgid_from_blacklist(blacklist)
           end
       end
 
-      def self.remove_suid_sgid_from_unkown(whitelist = [], root = '/', dry_run = false)
+      def self.remove_suid_sgid_from_unknown(whitelist = [], root = '/', dry_run = false)
         all_suid_sgid_files = find_all_suid_sgid_files(root).select do|file|
           in_whitelist = whitelist.include?(file)
           Chef::Log.info "suid_sgid: Whitelisted file '#{file}', not altering SUID/SGID bit" if in_whitelist && !dry_run
diff --git a/recipes/suid_sgid.rb b/recipes/suid_sgid.rb
index 0504535a..0db156cb 100644
--- a/recipes/suid_sgid.rb
+++ b/recipes/suid_sgid.rb
@@ -29,7 +29,7 @@
 whitelist = (sw - b + w).uniq
 
 # root    = "/"
-dry_run   = node['security']['suid_sgid']['dry_run_on_unkown']
+dry_run   = node['security']['suid_sgid']['dry_run_on_unknown']
 root      = node['env']['root_path']
 
 # walk the blacklist and remove suid and sgid bits from these items
@@ -39,9 +39,10 @@
   end
 end
 
-# remove suid bits from unkown, if desired
-ruby_block 'remove_suid_from_unkown' do
+# remove suid bits from unknown, if desired
+ruby_block 'remove_suid_from_unknown' do
   block do
-    SuidSgid.remove_suid_sgid_from_unkown(whitelist, root, dry_run)
+    SuidSgid.remove_suid_sgid_from_unknown(whitelist, root, dry_run)
   end
-end if node['security']['suid_sgid']['remove_from_unkown'] || node['security']['suid_sgid']['dry_run_on_unkown']
+end if node['security']['suid_sgid']['remove_from_unknown'] ||
+    node['security']['suid_sgid']['dry_run_on_unknown']

From 1319174006d609a50bbcac9db76611b75aa27389 Mon Sep 17 00:00:00 2001
From: Alexander Dupuy <alex.dupuy@mac.com>
Date: Wed, 28 Jan 2015 14:33:06 +0100
Subject: [PATCH 2/3] fix typo in TUTORIAL.md as well

---
 TUTORIAL.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/TUTORIAL.md b/TUTORIAL.md
index befdc534..e4d6d1d5 100644
--- a/TUTORIAL.md
+++ b/TUTORIAL.md
@@ -51,7 +51,7 @@ EOF
 cat > solo.json <<EOF
 {
     "security" : {"suid_sgid": {
-        "remove_from_unkown" : true,
+        "remove_from_unknown" : true,
         "system_whitelist" : []
         }
     },

From 609f726eea09a62bcb53e3283970ebcf2cbbb8ee Mon Sep 17 00:00:00 2001
From: Alexander Dupuy <alex.dupuy@mac.com>
Date: Wed, 28 Jan 2015 14:43:52 +0100
Subject: [PATCH 3/3] fix operand alignment for rubocop

---
 recipes/suid_sgid.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes/suid_sgid.rb b/recipes/suid_sgid.rb
index 0db156cb..3e3e63de 100644
--- a/recipes/suid_sgid.rb
+++ b/recipes/suid_sgid.rb
@@ -45,4 +45,4 @@
     SuidSgid.remove_suid_sgid_from_unknown(whitelist, root, dry_run)
   end
 end if node['security']['suid_sgid']['remove_from_unknown'] ||
-    node['security']['suid_sgid']['dry_run_on_unknown']
+       node['security']['suid_sgid']['dry_run_on_unknown']