fix spelling

administration/accounts.md

@@ -4,12 +4,12 @@ A account is used to bind information to a single person or a group of people. A
 
 ## Organization Accounts
 
-User accounts can be assigned to an organization account (or multiple) if so desired. This way it's possible to create a relation between user accounts and organization accounts. The organization account can manage permissions for all assigned user accounts. This way the organization account can give the assigned useres the same or less permissions than itself has. This way user accounts assigned to the organization account can have access to the same features and information as the organization account. 
+User accounts can be assigned to an organization account (or multiple) if so desired. This way it's possible to create a relation between user accounts and organization accounts. The organization account can manage permissions for all assigned user accounts. This way the organization account can give the assigned users the same or less permissions than itself has. This way user accounts assigned to the organization account can have access to the same features and information as the organization account.
 
 A simple example could be an organization account which has invoices and support tickets. The organization account can give user accounts the permission to read the invoices and tickets assigned to that organization. This way an accountant can get assigned the permissions to see the invoices but not the support tickets (which he not necessarily needs).
 
 ## Permissions
 
-Accounts can be assigned to groups and thus inherit the permissions of these groups, directly get assigned permissions, or inherit the permissions assigned by organization accounts. Assigning permissions to groups and than assigning these groups to user/organization accounts is the preferred way to manage permissions. 
+Accounts can be assigned to groups and thus inherit the permissions of these groups, directly get assigned permissions, or inherit the permissions assigned by organization accounts. Assigning permissions to groups and than assigning these groups to user/organization accounts is the preferred way to manage permissions.
 
 The reason for this is that in case the permissions need to be changed, they only have to be changed once in the group and all assigned user/organization accounts get updated. If permissions are directly assigned to accounts and they need to be changed in the future, every single account needs to be modified instead of just one or two groups.

administration/groups.md

@@ -1,7 +1,7 @@
 # Groups
 
-User groups are used for permission management, process flow as well internally by modules for user grouping. There should be no fear of creating too many user groups. A well structured user group management is key for maintianing permissions and efficient work flow. Don't be afraid to implement many groups for all kinds of purposes. 
+User groups are used for permission management, process flow as well internally by modules for user grouping. There should be no fear of creating too many user groups. A well structured user group management is key for maintaining permissions and efficient work flow. Don't be afraid to implement many groups for all kinds of purposes.
 
 User groups **cannot** inherit permissions of other user groups. The reason for this is that it becomes difficult to keep track of all of the inheritances and dependencies.
 
-Permissions in general are following the whitelist approach. You cannot assign permissions that block users from performing or accessing sensitive data and functions, it's only possible to grant users the permissions for accessing these. It's highly recommended to only grant permissions to a group/user in a step-by-step aproach. All changes to groups and permissions for user accounts are logged and can be documented with comments as well documents through file upload.
+Permissions in general are following the whitelist approach. You cannot assign permissions that block users from performing or accessing sensitive data and functions, it's only possible to grant users the permissions for accessing these. It's highly recommended to only grant permissions to a group/user in a step-by-step approach. All changes to groups and permissions for user accounts are logged and can be documented with comments as well documents through file upload.

administration/jobs.md

@@ -2,7 +2,7 @@
 
 Depending on the server environment it's possible to setup automated jobs/tasks that run at a specific time or interval. This can be useful for automatic updates, backups etc. The application provides a list of default jobs that it can setup. Other modules may provide additional jobs which can also be monitored in the jobs overview.
 
-Simple web servers usually don't allow to register automated jobs. For this purpose jobs can get registered on our own servers which then in return call your application thorugh an api interface. While this enables the use of automated jobs/tasks in situations where this usually wouldn't be possible also is highly dependent on a stable internet connection and server. If possible the local registration of jobs is always prefered. 
+Simple web servers usually don't allow to register automated jobs. For this purpose jobs can get registered on our own servers which then in return call your application through an api interface. While this enables the use of automated jobs/tasks in situations where this usually wouldn't be possible also is highly dependent on a stable internet connection and server. If possible the local registration of jobs is always preferred.
 
 Jobs don't have to be used they simply provide a convenient way to automate certain tasks that otherwise have to be performed manually.
 

administration/permissions.md

@@ -1,6 +1,6 @@
 # Permissions
 
-Permissions can be assigned to accounts or groups. In most cases it is recommended to assign to groups since it's easier to modify the permissions of one group instead of the permissions of multiple accounts. 
+Permissions can be assigned to accounts or groups. In most cases it is recommended to assign to groups since it's easier to modify the permissions of one group instead of the permissions of multiple accounts.
 
 ## Permission
 
@@ -45,7 +45,7 @@ These permissions can be assigned on multiple levels (descending in the followin
 
 ### Unit/Organization
 
-`Orange Management` supports the definition of multiple units/organizations which is especially usefull for organizations with subsidiaries or business units etc. For each unit/organization permissions can be assigned to accounts.
+`Orange Management` supports the definition of multiple units/organizations which is especially useful for organizations with subsidiaries or business units etc. For each unit/organization permissions can be assigned to accounts.
 
 ### Application
 
@@ -57,7 +57,7 @@ Different modules provide different features, by defining the modules permission
 
 ### Type
 
-Often a module provides multiple features or functionalities. The type can be used to give accounts even more specific permissions. In a organization an account may be allowed to create new invoices for customers but is not allowed to create a new customer. 
+Often a module provides multiple features or functionalities. The type can be used to give accounts even more specific permissions. In a organization an account may be allowed to create new invoices for customers but is not allowed to create a new customer.
 
 ### Element
 
@@ -69,11 +69,11 @@ The component is the lowest level for permissions. This is used in order to defi
 
 ### Example
 
-For permissions always the next higher level (recursive) is considered (inclusive) in order to check if an account has the necessary permissions. 
+For permissions always the next higher level (recursive) is considered (inclusive) in order to check if an account has the necessary permissions.
 
-If for example an account has all permissions (CRUDP) for one unit/organization but only reading permissions (R) assigned for a certain module in that unit/organization this user will still have all the other permissions (CRUDP) for that module since the unit/orgainization permission definition superseeds the module permissions 
+If for example an account has all permissions (CRUDP) for one unit/organization but only reading permissions (R) assigned for a certain module in that unit/organization this user will still have all the other permissions (CRUDP) for that module since the unit/organization permission definition supersedes the module permissions
 
-e.g. Account A has the following two permissions: 
+e.g. Account A has the following two permissions:
 
 1. `CRUDP` for organization `Orange`
 2. `R` for module `News` in the organization `Orange`

maintenance/backup.md

@@ -1,15 +1,15 @@
 # Backups
 
-Backups are very important in order to reset or retrive lost data. The application provides an all around eco system for generating and importing exports. Be aware that backups of different versions may not necessarily work with the current installed version which is why it is so important to perform regular backups. 
+Backups are very important in order to reset or retrieve lost data. The application provides an all around eco system for generating and importing exports. Be aware that backups of different versions may not necessarily work with the current installed version which is why it is so important to perform regular backups.
 
 ## Export
 
-Depending on your server environment you can implement automated backups for files and database data. Unscheduled backups can also be generated by a simple click of a button. The backend system automatically generates backup files for the database and local files. In case of limited stroage it's also possible to only backup the database. 
+Depending on your server environment you can implement automated backups for files and database data. Unscheduled backups can also be generated by a simple click of a button. The backend system automatically generates backup files for the database and local files. In case of limited storage it's also possible to only backup the database.
 
 The backup files will be stored on the server where they are getting generated and can be downloaded afterwards. The storage location is completely configurable and can be even a remote location. For security reasons make sure the socket or web applications don't have delete permissions on any files at these locations.
 
 ## Import
 
-The import of the backups is also straight forward by simply clicking import and selecting the backup file. In case the backup version is not support by the current application or module version you'll receive a error message. 
+The import of the backups is also straight forward by simply clicking import and selecting the backup file. In case the backup version is not support by the current application or module version you'll receive a error message.
 
 During the import process it's also possible to choose which modules should be imported for better control. Before importing data into the application it's recommended to perform a backup in case of data corruption. In fact the application automatically offers you to perform a backup right before the import.

maintenance/monitoring.md

@@ -2,15 +2,15 @@
 
 ## Internal
 
-The application provides activity monitoring through error logging as well as audit trails. 
+The application provides activity monitoring through error logging as well as audit trails.
 
 ### Error Logging
 
-The error logging creates log entries whenever an error occures. These error logs contain specific information about what, when, where and who caused the error. These error messages indicate that something is not working as intended and require immediate attention. These errors however are not known to the development team since they are application specific; in order to inform the development team that there is an error it's possible to forward this error via a simple click of a button. This error can now get inspected and fixed. Make sure to report all errors so that they can get fixed. Errors that appear because of changes in the source code will be ignored since customer or third party code changes are not supported or allowed.
+The error logging creates log entries whenever an error occurs. These error logs contain specific information about what, when, where and who caused the error. These error messages indicate that something is not working as intended and require immediate attention. These errors however are not known to the development team since they are application specific; in order to inform the development team that there is an error it's possible to forward this error via a simple click of a button. This error can now get inspected and fixed. Make sure to report all errors so that they can get fixed. Errors that appear because of changes in the source code will be ignored since customer or third party code changes are not supported or allowed.
 
 ### Audit Trails
 
-The audit trails are used by modules in order to log user and system activities such as changes/updates to existing elements or the creation and deletion of elements. Elements in this context referes to all database data and state changes. These logs are important in order to investigate changes by certain people or to certain elements. Activity logs can be an important factor for audits as they prove that all changes can be inspected, supervised and tracked back. These log files can be used for complience reports as well as approval reports where certain activities need to be approved. While there are modules like the `Workflow` module which allow pre-approval in some cases a post-approval may be necessary and in these situations these logs can be used to generate a report which then can be approved.
+The audit trails are used by modules in order to log user and system activities such as changes/updates to existing elements or the creation and deletion of elements. Elements in this context refers to all database data and state changes. These logs are important in order to investigate changes by certain people or to certain elements. Activity logs can be an important factor for audits as they prove that all changes can be inspected, supervised and tracked back. These log files can be used for compliance reports as well as approval reports where certain activities need to be approved. While there are modules like the `Workflow` module which allow pre-approval in some cases a post-approval may be necessary and in these situations these logs can be used to generate a report which then can be approved.
 
 ## External
 

maintenance/updates_patches.md

@@ -1,8 +1,8 @@
 # Updates & Patches
 
-Updates provide functionality improvements where patches provide security and bug fixes. It is always recommended to keep all application components up-to-date. The application either informs administrators about updates for installation or automatically installs them depending on the settings. 
+Updates provide functionality improvements where patches provide security and bug fixes. It is always recommended to keep all application components up-to-date. The application either informs administrators about updates for installation or automatically installs them depending on the settings.
 
-Updates and patches are only concerned with the application and libraries it comes with, system and application updates such as OS, database etc. have to be updated by the system administrator. It is adviced to only perform database updates once they are confirmed to work by Orange Management. 
+Updates and patches are only concerned with the application and libraries it comes with, system and application updates such as OS, database etc. have to be updated by the system administrator. It is advised to only perform database updates once they are confirmed to work by Orange Management.
 
 ## Security
 
@@ -10,7 +10,7 @@ All updates and patches as signed by the provider to make sure that they cannot
 
 ## Automatic Updates
 
-Automatic updates can be activated in the application settings. In order use automatic updates either Cron or Windows Task Scheduler is required. Updates can be pulled in a custom defined interval thus allowing to perform updates at times with low application load to minimize user interuption.
+Automatic updates can be activated in the application settings. In order use automatic updates either Cron or Windows Task Scheduler is required. Updates can be pulled in a custom defined interval thus allowing to perform updates at times with low application load to minimize user interruption.
 
 ## Security Ratings
 

security/application.md

@@ -22,7 +22,7 @@ Passwords should be changed every 3 month. Enforced password changes are very co
 
 ## Permissions
 
-The application allows permission handling by user groups and directly by users. It is strongly recommended to lay out a basic organisation schematic and job description for every area. Based on these job descriptions groups should be generated. The permission management through groups is preferred since it's much more verbose and shows a clear structure. While permissions on user basis are in some cases more convenient for quick permission handling they indicate that the actual job function compared to the organization layout is not coherent with the actual tasks that person is performing. Permission handling on user level is strongly advised against and restructuing groups and creating new groups is much cleaner even if in some cases a group only has one account assigned. Permissions for accounts should also get re-evaluated on a regular basis in order to prevent non-active accounts or accounts whose job description changed to have permissions they no longer need.
+The application allows permission handling by user groups and directly by users. It is strongly recommended to lay out a basic organization schematic and job description for every area. Based on these job descriptions groups should be generated. The permission management through groups is preferred since it's much more verbose and shows a clear structure. While permissions on user basis are in some cases more convenient for quick permission handling they indicate that the actual job function compared to the organization layout is not coherent with the actual tasks that person is performing. Permission handling on user level is strongly advised against and re-structuring groups and creating new groups is much cleaner even if in some cases a group only has one account assigned. Permissions for accounts should also get re-evaluated on a regular basis in order to prevent non-active accounts or accounts whose job description changed to have permissions they no longer need.
 
 ## Updates
 

security/mentality.md

@@ -1,6 +1,6 @@
 # Security Mentality
 
-Security layers and guidelines are usually seen by the every-day-user as necessary evil. However without a good mindset no amount of guidelines or even technical security measurments will protect the integrity of the server and data. The thought process often goes along these lines:
+Security layers and guidelines are usually seen by the every-day-user as necessary evil. However without a good mindset no amount of guidelines or even technical security measurements will protect the integrity of the server and data. The thought process often goes along these lines:
 
 1. I will not get attacked!
 2. I don't have any data that need protection!
@@ -12,10 +12,10 @@ Security layers and guidelines are usually seen by the every-day-user as necessa
 Here are some of the responses to such a mentality:
 
 1. It will happen! Hundreds of attacks get executed on simple personal web pages which really don't have any interesting data on them. Many attacks are automated and don't even require any man power, starting with simple password attacks.
-2. Just because data seems to be not important doesn't mean other people will think the same (especially your clients or business partner). 
+2. Just because data seems to be not important doesn't mean other people will think the same (especially your clients or business partner).
-3. "Some people just want to watch the world burn" and others hope to gain some monetairy benefit from either returning the data or not publishing the information from you on the internet.
+3. "Some people just want to watch the world burn" and others hope to gain some monetary benefit from either returning the data or not publishing the information from you on the internet.
-4. Unless someone has a fundamental IT understanding of the network, permission and application structure it's most definately not possible to know where seemingly minor security infringement could cause severe damages. Even server administrators or software developers may not see the implications in their own network/application at first.
+4. Unless someone has a fundamental IT understanding of the network, permission and application structure it's most definitely not possible to know where seemingly minor security infringement could cause severe damages. Even server administrators or software developers may not see the implications in their own network/application at first.
-5. As an employee you could get fired for careless behavior or depending on your residence even face legal actions. As server administrator or company owner you'll most definately be legally responsible for all kinds of security infringements (even if they are executed by your employees or indirectly caused by third parties).
+5. As an employee you could get fired for careless behavior or depending on your residence even face legal actions. As server administrator or company owner you'll most definitely be legally responsible for all kinds of security infringements (even if they are executed by your employees or indirectly caused by third parties).
 6. It is way more time consuming calling your employees, customers, suppliers that their information have been compromised. In case of data loss you'll have to pay large sums for data recovery, potential legal fees etc.
 
-A guideline and training for IT security and user data is a must for every person but it's much more important to live these security guidelines in a top down approach. Only if the management has a positive attitude towards them the other employees will follow. As soon as someone doesn't understand a certain guideline make sure to explain them the reason behind it and if you hear someone complaining about it try to change their oppinion by conveying your positive view. Even by just agreeing that they are annoying the management or team leaders can undermine the integrity of the policy.
+A guideline and training for IT security and user data is a must for every person but it's much more important to live these security guidelines in a top down approach. Only if the management has a positive attitude towards them the other employees will follow. As soon as someone doesn't understand a certain guideline make sure to explain them the reason behind it and if you hear someone complaining about it try to change their opinion by conveying your positive view. Even by just agreeing that they are annoying the management or team leaders can undermine the integrity of the policy.

security/server.md

@@ -8,7 +8,7 @@ In general only whitelist user access permissions instead of blacklisting them.
 
 ## HTTPS
 
-HTTPS is a protocol or form of encrypted communication between client and server. It prevents attackers from reading the data beeing sent back and forth between server and client, which can be very critical when we are talking about user, company, customer, employee, private information. Nowadays it's fairly simple and cheap to setup and a must have for every website and application that is accessible through the internet browser. It is recommended to use the free service of Let's encrypt. Since https is a matter of server configuration this cannot be achived by the application itself. Follow the step-by-step instructions of https://certbot.eff.org/ in order to setup https for your own server. Normal webhosting services usually optionally offer https for a premium which you should definately consider. While you'll most likely have to pay your webhosting agency they will do the setup for you. Just remember that the actual certificate can be optained for free and while services may try to sell you more expensive certificates they are essentially the same as the free alternative.
+HTTPS is a protocol or form of encrypted communication between client and server. It prevents attackers from reading the data being sent back and forth between server and client, which can be very critical when we are talking about user, company, customer, employee, private information. Nowadays it's fairly simple and cheap to setup and a must have for every website and application that is accessible through the internet browser. It is recommended to use the free service of Let's encrypt. Since https is a matter of server configuration this cannot be achieved by the application itself. Follow the step-by-step instructions of https://certbot.eff.org/ in order to setup https for your own server. Normal webhosting services usually optionally offer https for a premium which you should definitely consider. While you'll most likely have to pay your webhosting agency they will do the setup for you. Just remember that the actual certificate can be obtained for free and while services may try to sell you more expensive certificates they are essentially the same as the free alternative.
 
 ## Root Login
 
@@ -20,11 +20,11 @@ Keep your software updated. This doesn't only apply for the operating system but
 
 ## Login
 
-Implement passwordless login. This way you don't login into your server by using a login password but by generating a specific authentication key. This can be achieved by using ssh authentication and provides another layer of security to your server. At least implement some form of password policy which requires you to change your passwords from time to time.
+Implement passwordless login via key based authentication. This way you don't login into your server by using a login password but by generating a specific authentication key. This can be achieved by using ssh authentication and provides another layer of security to your server. At least implement some form of password policy which requires you to change your passwords from time to time.
 
 ## Other
 
-There are still many more uncovered topics and tools which definately are worth reading up on.
+There are still many more uncovered topics and tools which definitely are worth reading up on.
 
 * Iptables
 * Monitoring

setup/server.md

@@ -43,7 +43,7 @@ Some of these modules are already provided and only need to be activated in your
 
 Depending on your use case you may have to install the following software as well:
 
-* Memchache or Redis (prefered)
+* Memchache or Redis (preferred)
 
 ## Windows