import authentication section, minor edits to linux & windows tutorials

draft/core/security.txt

@@ -6,7 +6,7 @@ Authentication and Security
 
 As with all software running in a networked environment,
 administrators of MongoDB must consider security and risk
-exposures for a MongoDB deployment. There are no magic solution for risk
+exposures for a MongoDB deployment. There are no magic solutions for risk
 mitigation, and maintaining a secure MongoDB deployment is an ongoing
 process. This document takes a *Defense in Depth* approach to securing
 MongoDB deployments, and addresses a number of different methods for
@@ -80,7 +80,8 @@ By default, listens for connections on the following ports:
 
 ``27017``
    This is the default port :program:`mongod` and :program:`mongos`
-   instances. You can change this port with :setting:`port`.
+   instances. You can change this port with :setting:`port` or
+   :option:`--port <mongod --port>`.
 
 ``27018``
    This is the default port when running with :option:`--shardsvr
@@ -89,7 +90,7 @@ By default, listens for connections on the following ports:
 
 ``27019``
    This is the default port when running with :option:`--configsvr
-   <mongod --configsvr>` runtime operation or :setting:`commonsvr`
+   <mongod --configsvr>` runtime operation or :setting:`configsvr`
    setting.
 
 ``28017``
@@ -278,7 +279,7 @@ authentication system:
 
 - When setting up authentication for the first time you must either: 
 
-  a. add at least one user to the ``admin`` database before starting
+  #. add at least one user to the ``admin`` database before starting
      the :program:`mongod` instance with :setting:`auth`. 
 
   #. add the first user to the ``admin`` database when connected to
@@ -291,10 +292,10 @@ authentication system:
 
 Consider the
 :doc:`/tutorial/use-authentication-to-control-access-to-mongodb`
-document which outlines procedures for configuraing and maintaing
+document which outlines procedures for configuring and maintaining
 users and access with MongoDB's authentication system.
 
-.. [#sharded-localhost] Becasue of :issue:`SERVER-6591`, you cannot
+.. [#sharded-localhost] Because of :issue:`SERVER-6591`, you cannot
    add the first user to a sharded cluster using the ``localhost``
    connection in 2.2. If you are running a 2.2 sharded cluster, and
    want to enable authentication, you must deploy the cluster and add
@@ -304,19 +305,19 @@ users and access with MongoDB's authentication system.
 Interfaces
 ----------
 
-Simply limiting access to a :program:`mongod` is not a sufficent for
-totally controling risk expsorure. Consider the recomendaitons in the
+Simply limiting access to a :program:`mongod` is not a sufficient for
+totally controlling risk exposure. Consider the recommendations in the
 following section, for limiting exposure other interface-related
 risks.
 
-JavaScript and the Security of the ``mongo`` Sell
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+JavaScript and the Security of the ``mongo`` Shell
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Be aware of the following capabilities and behaviors of the
 :program:`mongo` shell: 
 
 - :program:`mongo` will evaluate a ``.js`` file passed to the
-  :option:`mongo --eval` operation. command. The :program:`mongo`
+  :option:`mongo --eval` option. The :program:`mongo`
   shell does not validate the input of JavaScript input to
   :option:`--eval <mongo --eval>`.
 
@@ -325,25 +326,25 @@ Be aware of the following capabilities and behaviors of the
   :option:`mongo --norc`` option. 
 
   On Linux and Unix systems, :program:`mongo` reads the
-  ``.mongorc.js`` file from ``$HOME/.mongorc.js``
-  (i.e. ``~/.mongorc.js``), and Windows :program:`mongo` reads the
-  ``.mongorc.js`` file from ``%HOME%\.mongorc.js`` or
-  ``%HOMEDRIVE%\%HOMEPATH%\.mongorc.js``.
+  :file:`.mongorc.js` file from :file:`{$HOME}/.mongorc.js`
+  (i.e. :file:`~/.mongorc.js`), and Windows :program:`mongo.exe` reads the
+  :file:`.mongorc.js` file from :file:`{%HOME%}\.mongorc.js` or
+  :file:`{%HOMEDRIVE%}\{%HOMEPATH%}\.mongorc.js`.
 
 HTTP Status Interface
 ~~~~~~~~~~~~~~~~~~~~~
 
 The HTTP status interface provides a web-based interface that includes
 a variety of operational data, logs, and status reports regarding the
 :program:`mongod` or :program:`mongos` instance. The HTTP interface is
-always avalible on the the port numbered ``1000`` greater than the
+always available on the the port numbered ``1000`` greater than the
 primary :program:`mongod` port. By default this is ``28017``, but is
 indirectly using the :setting:`port` option which allows you to
 configure the primary :program:`mongod` port.
 
 Without the :setting:`rest` setting, this interface is entirely
-read-only, and limited in scope; nevertheless, this iterface may
-represent an exposure. To diable the HTTP interface, set the
+read-only, and limited in scope; nevertheless, this interface may
+represent an exposure. To disable the HTTP interface, set the
 :setting:`nohttpinterface` run time option or the
 :option:`--nohttpinterface <mongod --nohttpinterface>` command line
 option.
@@ -372,15 +373,15 @@ the REST API interface:
 Data Encryption
 ---------------
 
-To support audit requirements, you may need to envrypt data stored in
+To support audit requirements, you may need to encrypt data stored in
 MongoDB. For best results you can encrypt this data in the application
-layer, by encrytping the content of fields that hold secure data. 
+layer, by encrypting the content of fields that hold secure data. 
 
 Additionally, `10gen`_ has a `partnership`_ with `Gazzang`_ to encrypt
-and secure senitive data within MongoDB. The solution encrypts data in
+and secure sensitive data within MongoDB. The solution encrypts data in
 real time and Gazzang provides advanced key management that ensures
-only authorized processes and can access this data. THe Gazzang
-software ensures that the cryptogrpahic keys rmeain safe and ensures
+only authorized processes and can access this data. The Gazzang
+software ensures that the cryptographic keys remain safe and ensures
 compliance with standards including HIPPA, PCI-DSS, and FERPA. For
 more information consider the following resources: 
 

draft/tutorial/configure-linux-iptables-firewall.txt

@@ -2,6 +2,8 @@
 Configure Linux ``iptables`` Firewall for MongoDB
 =================================================
 
+.. default-domain:: mongodb
+
 The ``iptables`` program manages the firewall rules on Linux and
 typically comes built in with each Linux distribution. For this
 article we only need to worry about two ``iptables`` chains:

draft/tutorial/configure-windows-netsh-firewall.txt

@@ -2,6 +2,7 @@
 Configure Windows ``netsh`` Firewall for MongoDB
 ================================================
 
+.. default-domain:: mongodb
 
 The Windows Firewall is configured on the cli, using ``netsh``. Here
 are some example firewall rules for MongoDB traffic -