Standardize our apostrophes

Most editors flag these Signed-off-by: Tim Smith <[email protected]>
mondoohq · Jan 17, 2025 · 534d0c3 · 534d0c3
1 parent 69d62b9
commit 534d0c3
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 19 deletions.
diff --git a/core/mondoo-azure-security.mql.yaml b/core/mondoo-azure-security.mql.yaml
@@ -352,7 +352,7 @@ queries:
           - Check for rules where the protocol is set to `TCP`.
           - The destination port or port range includes `3389`.
           - The source address prefix is too broad, such as 'Any', '0.0.0.0', '<nw>/0', '/0', 'internet', or 'any'.
-        5. Note down any NSG rules that do not comply with your organization’s security policy regarding restricted access to RDP. These rules should ideally allow access only from trusted, secure networks, and not from the open internet.
+        5. Note down any NSG rules that do not comply with your organization's security policy regarding restricted access to RDP. These rules should ideally allow access only from trusted, secure networks, and not from the open internet.
 
         1. Navigate to **Virtual Machines** in the Azure Portal.
         2. For each VM, select the **Networking** blade to review network configurations.

diff --git a/core/mondoo-dns-security.mql.yaml b/core/mondoo-dns-security.mql.yaml
@@ -84,9 +84,9 @@ queries:
         * Non-compliance with DNS standards: DNS resolvers expect NS and MX records to point to hostnames. Using IPs can lead to unpredictable behavior or DNS resolution failures.
         * Security risks: Directly exposing IP addresses can make your infrastructure more vulnerable to attacks, such as DDoS or reconnaissance efforts.
       remediation: |
-        For NS records: Always configure them to point to the authoritative DNS server’s FQDN (e.g., ns1.example.com).
+        For NS records: Always configure them to point to the authoritative DNS server's FQDN (e.g., ns1.example.com).
 
-        For MX records: Always point them to a valid mail server’s FQDN (e.g., mail.example.com).
+        For MX records: Always point them to a valid mail server's FQDN (e.g., mail.example.com).
   - uid: mondoo-dns-security-no-legacy-office-365-mx-records
     title: Ensure legacy MX records are not used with Office 365
     impact: 80
@@ -119,16 +119,16 @@ queries:
         containsOnly(["aspmx.l.google.com.", "alt1.aspmx.l.google.com.", "alt2.aspmx.l.google.com.", "alt3.aspmx.l.google.com.", "alt4.aspmx.l.google.com."])
     docs:
       desc: |
-        This security check verifies that the domain’s MX (Mail Exchange) records are correctly configured to use the Google Workspace (formerly G Suite) email servers. Proper configuration ensures reliable email delivery and leverages Google’s advanced email security and management features.
+        This security check verifies that the domain's MX (Mail Exchange) records are correctly configured to use the Google Workspace (formerly G Suite) email servers. Proper configuration ensures reliable email delivery and leverages Google's advanced email security and management features.
 
         Why this is important:
 
         * Reliable email delivery: Incorrect or missing MX records can result in undelivered email.
         * Security risks: Using incorrect MX records can route email through untrusted servers, exposing the organization to spoofing, phishing, or data interception attacks.
         * Google Workspace functionality: Google Workspace requires specific MX records to activate its full suite of email features, including spam protection, encryption, and account-based email management.
-        * Compliance and best practices: Adhering to Google Workspace’s DNS configuration guidelines ensures compatibility and minimizes the risk of service disruptions.
+        * Compliance and best practices: Adhering to Google Workspace's DNS configuration guidelines ensures compatibility and minimizes the risk of service disruptions.
       remediation: |
-        Ensure the domain’s MX records point to Google’s designated email servers:
+        Ensure the domain's MX records point to Google's designated email servers:
           *	ASPMX.L.GOOGLE.COM
           *	ALT1.ASPMX.L.GOOGLE.COM
           *	ALT2.ASPMX.L.GOOGLE.COM

diff --git a/core/mondoo-dockerfile-security.mql.yaml b/core/mondoo-dockerfile-security.mql.yaml
@@ -59,7 +59,7 @@ policies:
 
 queries:
   - uid: mondoo-docker-security-no-management-ports
-    title: Don’t expose management ports
+    title: Don't expose management ports
     impact: 100
     mql: |
       docker.file.stages.all(expose.all(port != 22))
@@ -89,7 +89,7 @@ queries:
         - Review the Dockerfile and ensure that package managers are configured to use SSL certificate validation.
         - Use secure practices for package installations to maintain system integrity: Remove any insecure options such as `--nogpgcheck`, `--no-check-certificate`, `--no-gpg-check`, and similar flags.
   - uid: mondoo-docker-security-no-insecure-certificate-validation-apt
-    title: Don’t disable certificate validation in APT
+    title: Don't disable certificate validation in APT
     impact: 100
     mql: |
       docker.file.stages.all(run.none(script.contains("--allow-insecure-repositories")))
@@ -101,7 +101,7 @@ queries:
         - Review the Dockerfile `RUN` instructions to ensure that APT commands do not use the `--allow-insecure-repositories` option.
         - Configure APT to use secure repositories and avoid options that bypass certificate validation.
   - uid: mondoo-docker-security-no-insecure-certificate-validation-curl
-    title: Don’t disable certificate validation in curl
+    title: Don't disable certificate validation in curl
     impact: 100
     mql: |
       docker.file.stages.all(run.none(script.contains("--insecure")))
@@ -115,7 +115,7 @@ queries:
         - Avoid using `curl` with `--insecure` or `-k` options.
         - Ensure that proper SSL certificate validation is enabled for all `curl` operations.
   - uid: mondoo-docker-security-no-insecure-certificate-validation-wget
-    title: Don’t disable certificate validation in Wget
+    title: Don't disable certificate validation in Wget
     impact: 100
     mql: |
       docker.file.stages.all(run.none(script.contains("--no-check-certificate")))
@@ -127,7 +127,7 @@ queries:
         - Review the Dockerfile `RUN` instructions to ensure that `wget` commands do not use the `--no-check-certificate` option.
         - Configure Wget to use certificate validation to enhance the security of your container configurations.
   - uid: mondoo-docker-security-no-sudo-commands
-    title: Don’t run commands using sudo
+    title: Don't run commands using sudo
     impact: 100
     mql: |
       docker.file.stages.all(run.none(script.contains("sudo")))
@@ -141,7 +141,7 @@ queries:
         - Ensure that all commands are executed with the least privileges required.
         - Configure containers to operate with non-root users where possible, and avoid privilege escalation techniques.
   - uid: mondoo-docker-security-no-gpg-skip-yum
-    title: Don’t skip GPG validation in YUM/DNF
+    title: Don't skip GPG validation in YUM/DNF
     impact: 100
     mql: |
       docker.file.stages.all(run.none(script.contains("--nogpgcheck")))
@@ -190,7 +190,7 @@ queries:
         - Verify the necessity of each `ADD` instruction and ensure it is used correctly.
         - Perform a security review to ensure that any use of `ADD` does not introduce vulnerabilities or expose sensitive information.
   - uid: mondoo-docker-best-practice-no-latest-tag
-    title: Don’t build containers from latest tags
+    title: Don't build containers from latest tags
     impact: 100
     mql: |
       docker.file.stages.all(from.tag != "latest")

diff --git a/core/mondoo-tls-security.mql.yaml b/core/mondoo-tls-security.mql.yaml
@@ -65,10 +65,10 @@ queries:
     title: Certificate's domain name must match
     impact: 90
     docs:
-      desc: | 
+      desc: |
         The domain name in an SSL/TLS certificate must match the hostname it is intended to secure. Mismatched certificates indicate potential misconfigurations or malicious activity. This can lead to user trust issues and browser warnings, causing service interruptions or loss of user confidence.
       remediation: |
-        Ensure the certificate’s Common Name (CN) or Subject Alternative Name (SAN) fields match the intended domain name. Obtain a valid certificate for the domain from a trusted Certificate Authority (CA) and install it on the server.
+        Ensure the certificate's Common Name (CN) or Subject Alternative Name (SAN) fields match the intended domain name. Obtain a valid certificate for the domain from a trusted Certificate Authority (CA) and install it on the server.
     mql: |
       checkA1 = tls.certificates.first.subject.commonName == asset.fqdn
 
@@ -102,7 +102,7 @@ queries:
     impact: 95
     docs:
       desc: |
-        Certificates nearing expiration or expired can lead to service interruptions and browser security warnings. This can affect user trust and potentially allow MITM attacks if not addressed promptly.   
+        Certificates nearing expiration or expired can lead to service interruptions and browser security warnings. This can affect user trust and potentially allow MITM attacks if not addressed promptly.
       remediation: |
         Monitor certificate expiration dates and renew them well in advance.
     mql: |
@@ -180,7 +180,7 @@ queries:
       desc: |
         RC4 is a weak cipher prone to cryptographic attacks. Its use is discouraged as it does not provide sufficient encryption strength for modern applications.
       remediation: |
-        Remove RC4 from the server’s list of supported ciphers. Configure preferred ciphers to use modern, secure options such as AES-GCM.
+        Remove RC4 from the server's list of supported ciphers. Configure preferred ciphers to use modern, secure options such as AES-GCM.
     mql: |
       tls.ciphers.none( /rc4/i )
   - uid: mondoo-tls-security-no-null-cipher-suites
@@ -196,7 +196,7 @@ queries:
   - uid: mondoo-tls-security-no-export-cipher-suites
     title: Avoid export ciphers suites
     impact: 95
-    docs: 
+    docs:
       desc: |
         Export cipher suites are intentionally weakened cryptographic algorithms designed to meet outdated export regulations. They are vulnerable to brute-force attacks and compromise encryption security.
       remediation: |
@@ -216,7 +216,7 @@ queries:
   - uid: mondoo-tls-security-no-weak-block-ciphers
     title: Avoid weak block ciphers
     impact: 85
-    docs: 
+    docs:
       desc: |
         Weak block ciphers, such as DES or 3DES, are vulnerable to modern cryptographic attacks, including brute force and collision attacks, reducing the overall security of the communication.
       remediation: |