From 0931ad1530e0d88a28501216bbf4bca5016626ff Mon Sep 17 00:00:00 2001
From: Roman Gorshunov <roman.gorshunov@att.com>
Date: Tue, 12 Feb 2019 13:33:40 +0100
Subject: [PATCH] Fix: docs formatting

Change-Id: If2782de681c737c25d03428da2219d201aae1ea9
---
 doc/source/code-conventions.rst |  4 +++-
 doc/source/security/guide.rst   |  3 +++
 doc/source/security/haproxy.rst |  2 +-
 doc/source/security/ubuntu.rst  | 29 ++++++++++++++++-------------
 4 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/doc/source/code-conventions.rst b/doc/source/code-conventions.rst
index 62a5d571..16cb3ab7 100644
--- a/doc/source/code-conventions.rst
+++ b/doc/source/code-conventions.rst
@@ -35,6 +35,7 @@ that chart.
 
 e.g.: For project ``foo``, which also maintains the charts for ``bar`` and
 ``baz``:
+
 -  foo/charts/foo contains the chart for ``foo``
 -  foo/charts/bar contains the chart for ``bar``
 -  foo/charts/baz contains the chart for ``baz``
@@ -50,7 +51,8 @@ will contain subdirectories for each of the images created as part of that
 project. The subdirectory will contain the dockerfile that can be used to
 generate the image.
 
-e.g.: For project ``foo``, which also produces a Docker image for ``bar``
+e.g.: For project ``foo``, which also produces a Docker image for ``bar``:
+
 -  foo/images/foo contains the dockerfile for ``foo``
 -  foo/images/bar contains the dockerfile for ``bar``
 
diff --git a/doc/source/security/guide.rst b/doc/source/security/guide.rst
index 61db00f3..35dfc7e6 100644
--- a/doc/source/security/guide.rst
+++ b/doc/source/security/guide.rst
@@ -33,11 +33,14 @@ be listed as well as the project scope.
 
   * Project Scope: Which Airship projects address this security item.
   * Solution: The solution is how this security concern is addressed in the platform
+
     * Remediated: The item is solved for automatically
     * Configurable: The item is based on configuration. Guidance will be provided.
     * Mitigated: The item currently mitigated while a permanent remediation is in progress.
     * Pending: Addressing the item is in-progress
+
   * Audit: Auditing the item provides for ongoing monitoring to ensure there is no regression
+
     * Testing: The item is tested for in an automated test pipeline during development
     * Validation: The item is reported on by a validation framework after a site deployment
     * Pending: Auditing is in-progress
diff --git a/doc/source/security/haproxy.rst b/doc/source/security/haproxy.rst
index dc24a627..7185020e 100644
--- a/doc/source/security/haproxy.rst
+++ b/doc/source/security/haproxy.rst
@@ -52,4 +52,4 @@ value to an existing header.
 References
 ----------
 
-HAProxy Configuration Guide - http://cbonte.github.io/haproxy-dconv/1.8/configuration.html
+`HAProxy Configuration Guide <http://cbonte.github.io/haproxy-dconv/1.8/configuration.html>`_
diff --git a/doc/source/security/ubuntu.rst b/doc/source/security/ubuntu.rst
index 5418e092..aaf8737f 100644
--- a/doc/source/security/ubuntu.rst
+++ b/doc/source/security/ubuntu.rst
@@ -61,9 +61,10 @@ The mounts ``/tmp``, ``/var``, ``/var/log``, ``/var/log/audit`` and ``/home`` sh
 individual file systems.
 
   - Project Scope: Drydock
-  - Solution *Configurable*: Drydock supports user designed partitioning, see `Filesystem Configuration`_.
+  - Solution *Configurable*: Drydock supports user designed partitioning, see
+    `Filesystem Configuration`_.
   - Audit: *Testing*: The Airship testing pipeline will validate that nodes are partitioned
-           as described in the site definition.
+    as described in the site definition.
 
 Filesystem Hardening
 ^^^^^^^^^^^^^^^^^^^^
@@ -73,7 +74,7 @@ Disallow symlinks and hardlinks to files not owned by the user. Set ``fs.protect
 
   - Project Scope: Diving Bell
   - Solution *Configurable*: Diving Bell overrides will enforce this kernel tunable. By default
-             MAAS deploys nodes in compliance.
+    MAAS deploys nodes in compliance.
   - Audit: *Pending*: This will be verified on an ongoing basis via a Sonobuoy plugin.
 
 Execution Environment Hardening
@@ -84,8 +85,8 @@ disabling core dumps (``hard core 0``)
 
   - Project Scope: DivingBell, Drydock
   - Solution *Configurable*: Diving Bell overrides will enforce this kernel tunable, by default
-             MAAS deploys nodes with ``fs.suid_dumpable = 2``. A boot action will put in place
-             the hard limit.
+    MAAS deploys nodes with ``fs.suid_dumpable = 2``. A boot action will put in place the hard
+    limit.
   - Audit: *Pending*: This will be verified on an ongoing basis via a Sonobuoy plugin
 
 Randomizing stack space can make it harder to exploit buffer overflow vulnerabilities. Enable
@@ -93,7 +94,7 @@ the kernel tunable ``kernel.randomize_va_space = 2``.
 
   - Project Scope: DivingBell
   - Solution *Configurable*: Diving Bell overrides will enforce this kernel tunable, by default
-             MAAS deploys nodes in compliance.
+    MAAS deploys nodes in compliance.
   - Audit: *Pending*: This will be verified on an ongoing basis via a Sonobuoy plugin
 
 Mandatory Access Control
@@ -104,9 +105,9 @@ to use it.
 
   - Project Scope: Drydock, Promenade
   - Solution *Configurable*: A bootaction will put in place the default AppArmor profile. Promenade
-             will deploy a Docker configuration to enforce the default policy.
+    will deploy a Docker configuration to enforce the default policy.
   - Audit: *Pending*: This will be verified on an ongoing basis via a Sonobuoy plugin probing
-           ``/proc/<pid>/attr/current``.
+    ``/proc/<pid>/attr/current``.
 
 Put in place an approved AppArmor profile to be used by containers that will manipulate the
 on-host AppArmor profiles. This allows an init container in Pods to put customized AppArmor
@@ -114,7 +115,7 @@ profile in place and load them.
 
   - Project Scope: Drydock
   - Solution *Configurable*: A bootaction will put in place the profile-manager AppArmor profile and
-             load it on each boot.
+    load it on each boot.
   - Audit: *Pending*: The availability of this profile will be verified by a Sonobuoy plugin.
 
 .. IMPORTANT::
@@ -135,7 +136,8 @@ Run `rsyslogd` to log events.
 Run a monitor for logging kernel audit events such as auditd.
 
   - Project Scope: Non-Airship
-  - Solution *Remediated*: The Sysdig Falco <https://sysdig.com/opensource/falco/> will be used and
+  - Solution *Remediated*: The `Sysdig Falco <https://sysdig.com/opensource/falco/>`_ will be used
+    and
   - Audit: *Pending*: This will be verified on an ongoing basis via a Sonobuoy plugin.
 
 Watch the watchers. Ensure that monitoring services are up and responsive.
@@ -239,6 +241,7 @@ Temporary Mitigation Status
 References
 ----------
 
-OpenSCAP for Ubuntu 16.04 - https://static.open-scap.org/ssg-guides/ssg-ubuntu1604-guide-common.html
-Ubuntu 16.04 Server Guide - https://help.ubuntu.com/16.04/serverguide/security.html
-Canonical MAAS 2.x TLS - https://docs.maas.io/2.3/en/installconfig-network-ssl & https://docs.maas.io/2.4/en/installconfig-network-ssl
+  * `OpenSCAP for Ubuntu 16.04 <https://static.open-scap.org/ssg-guides/ssg-ubuntu1604-guide-common.html>`_
+  * `Ubuntu 16.04 Server Guide <https://help.ubuntu.com/16.04/serverguide/security.html>`_
+  * `Canonical MAAS 2.3 TLS <https://docs.maas.io/2.3/en/installconfig-network-ssl>`_
+  * `Canonical MAAS 2.4 TLS <https://docs.maas.io/2.4/en/installconfig-network-ssl>`_