Asciidoc conversion of hardening guide changes.

Corrections

Asciidoc conversion of new and revised content for hardening guide v4.

https://issues.redhat.com/browse/AAP-48749

Author: ianf77

downstream/assemblies/aap-hardening/assembly-hardening-aap.adoc

@@ -59,9 +59,9 @@ include::aap-hardening/proc-install-user-pki.adoc[leveloffset=+2]
 
 include::aap-hardening/ref-sensitive-variables-install-inventory.adoc[leveloffset=+2]
 
-include::aap-hardening/ref-install-rpm-deployment.adoc[leveloffset=+2]
+include::aap-hardening/ref-install-rpm-deployment.adoc[leveloffset=+3]
 
-include::aap-hardening/ref-install-containerized-deployment.adoc[leveloffset=+2]
+include::aap-hardening/ref-install-containerized-deployment.adoc[leveloffset=+3]
 
 //include::aap-hardening/con-controller-stig-considerations.adoc[leveloffset=+2]
 

downstream/modules/aap-hardening/con-create-dedicated-service-account.adoc

@@ -13,15 +13,15 @@ The remainder of this section uses "ansible" as the assumed name for a local ser
 The local service account is configured in the following manner:
 
 * It is granted sufficient privileges to run any automation job required.
-* It is limited to SSH key authentication only.No password authentication is allowed.
+* It is limited to SSH key authentication only. No password authentication is allowed.
 * Access is only granted to connections made from the {PlatformNameShort} {ControllerNames}s and execution nodes.
 +
 [NOTE] 
 ====
-To execute tasks in an Ansible playbook or job template as a user other than the service account, use the 'become' and 'become_user' keywords. Connecting to the managed node as a different user is not necessary.
+To execute tasks in an Ansible playbook or job template as a user other than the service account, use the `become` and `become_user` keywords. Connecting to the managed node as a different user is not necessary.
 ====
 
-* The 'useradd' command can be used to create a local service account. For example:
+* The `useradd` command can be used to create a local service account. For example:
 
 ----
 sudo useradd ansible \

downstream/modules/aap-hardening/con-hashicorp-vault-external-secrets.adoc

@@ -1,5 +1,5 @@
 [id="con-hashicorp-vault-external-secrets"]
 
-= Use HashiCorp vault for external secrets management
+= Using HashiCorp vault for external secrets management
 
-Learn how to integrate HashiCorp Vault with {PlatformNameShort} to manage and retrieve sensitive data.
+You can integrate HashiCorp Vault with {PlatformNameShort} to manage and retrieve sensitive data.

downstream/modules/aap-hardening/con-more_compliance-profile-considerations.adoc

@@ -3,4 +3,4 @@
 = Compliance profile considerations
 
 In many environments, you can use {PlatformNameShort} to manage systems where security controls have been applied to managed RHEL nodes to meet the requirements of a compliance profile such as CIS, PCI/DSS, the DISA STIG, or similar. 
-The following sections detail the specific set of security controls that must be modified for {PlatformNameShort} to manage the RHEL nodes properly in such environments, 
+The following sections detail the specific set of security controls that must be modified for {PlatformNameShort} to manage the RHEL nodes properly in such environments.

downstream/modules/aap-hardening/proc-configure-hashicorp-vault.adoc

@@ -7,7 +7,7 @@ One of the most common and recommended authentication methods for the HashiCorp
 To configure {PlatformNameShort} to use secrets stored in HashiCorp vault, set up a new credential with the type of HashiCorp Vault Secret Lookup. 
 For information on how to do this, see link:{URLControllerAdminGuide}/assembly-controller-secret-management#ref-hashicorp-vault-lookup[Hashicorp vault secret lookup]. 
 
-Enter relevant information such as an identifiable credential name, organization, and the URL of the vault server, for example, https://vault.domain.com:8200
+Enter relevant information such as an identifiable credential name, organization, and the URL of the vault server, for example, https://vault.domain.com:8200.
 
 Populate the necessary fields with your information such as Token, AppRole role_id, and AppRole secret_id, then select v2 for the API version.
 
@@ -19,7 +19,7 @@ To test the credential to test for functionally and operation, use the following
 +
 [NOTE]
 ====
-The *Path to Secret* will be prefixed by `kv` if storing a key-value pair (e.g. `kv/key_name`).
+The *Path to Secret* will be prefixed by `kv` if storing a key-value pair, for example, `kv/key_name`.
 ==== 
 
 . Click btn:[Run]. 

downstream/modules/aap-hardening/proc-create-fapolicyd-rules.adoc

@@ -4,7 +4,7 @@
 
 Where the `fapolicyd` service must enforce its rules, consider crafting a custom set of rules to permit {PlatformNameShort} to execute its Python code.  
 
-The following procedure treats the "ansible" service account as a trusted entity and enables it to execute content in the local Ansible temporary directory (by default, `$HOME/.ansible/tmp`)
+The following procedure treats the "ansible" service account as a trusted entity and enables it to execute content in the local Ansible temporary directory (by default, `$HOME/.ansible/tmp`).
 
 .Procedure
 . Create the file `/etc/fapolicy/rules.d/50-ansible.rules` with the following content:

downstream/modules/aap-hardening/ref-sensitive-variables-install-inventory.adoc

@@ -7,7 +7,7 @@
 
 [role="_abstract"]
 
-The installation inventory file for {PlatformNameShort }contains a number of sensitive variables, such as default administrative and database passwords. 
+The installation inventory file for {PlatformNameShort}contains a number of sensitive variables, such as default administrative and database passwords. 
 By default, these are stored in plain text. 
 To enhance security and comply with organizational policies, encrypt these variables using an Ansible vault file.