Minor bug fixes after going through github view.

Minor typo/formatting cleanups after going through wiki on github.

Falco-Alerts.md

@@ -15,7 +15,7 @@ When configured to send alerts via standard output, a line is printed for each a
 ```
 10:20:05.408091526: Warning Sensitive file opened for reading by non-trusted program (user=root command=cat /etc/shadow file=/etc/shadow)
 ```
-When run in the background via the `-d/--daemon` command line option, standard output output is discarded.
+When run in the background via the `-d/--daemon` command line option, standard output messages are discarded.
 
 ## File Output
 

Falco-Configuration.md

@@ -7,15 +7,41 @@ Any configuration option can be overridden on the command line via the `-o/--opt
 
 The current configuration keys are:
 
- * `rules_file: <path>`: the location of the rules file. This can also be overridden on the command line via `-r`.
- * `json_output: [true|false]`: whether to use JSON output for alert messages.
- * `log_stderr: [true|false]`: if true, log messages describing falco's activity will be logged to stderr. Note these are *not* alert messages--these are log messages for falco itself.
- * `log_syslog: [true|false]`: if true, log messages describing falco's activity will be logged to syslog.
- * `syslog_output`: a list containing these sub-keys:
- ** `enabled: [true|false]`: if true, falco alerts will be sent via syslog
- * `file_output`: a list containing these sub-keys:
- ** `enabled: [true|false]`: if true, falco alerts will be sent to the specified file
- ** `filename: <path>`: the location of the file to which alerts will be sent
- * `stdout_output`: a list containing thse sub-keys:
- ** `enabled: [true|false]`: if true, falco alerts will be sent to standard output
+####`rules_file: <path>`
+
+the location of the rules file. This can also be overridden on the command line via `-r`.
+
+####`json_output: [true|false]`
+
+whether to use JSON output for alert messages.
+
+####`log_stderr: [true|false]`
+
+if true, log messages describing falco's activity will be logged to stderr. Note these are *not* alert messages--these are log messages for falco itself.
+
+####`log_syslog: [true|false]`
+
+if true, log messages describing falco's activity will be logged to syslog.
+
+
+####`syslog_output`
+
+a list containing these sub-keys:
+
+* `enabled: [true|false]`: if true, falco alerts will be sent via syslog
+
+
+####`file_output`
+
+a list containing these sub-keys:
+
+* `enabled: [true|false]`: if true, falco alerts will be sent to the specified file
+* `filename: <path>`: the location of the file to which alerts will be sent
+
+
+####`stdout_output`
+
+a list containing thse sub-keys:
+
+* `enabled: [true|false]`: if true, falco alerts will be sent to standard output
 

Falco-Examples.md

@@ -2,7 +2,7 @@
 
 Here are some examples of the types of behavior falco can detect.
 
-For a more comprehnsive set of examples, see the full rules file at `falco_rules.yaml`
+For a more comprehnsive set of examples, see the full rules file at `falco_rules.yaml`.
 
 ##A shell is run in a container
 

Falco-Rules.md

@@ -2,7 +2,7 @@
 
 _Call for contributions: If you come up with additional rules which you'd like to see in the core repository - PR welcome!_
 
-A falco rules file is a [YAML](http://www.yaml.org/start.html) file containing two kinds of elements: *rules* and *macros*. Rules consiste of a *condition* under which an alert should be generated and a *output string* to send with the alert.
+A falco rules file is a [YAML](http://www.yaml.org/start.html) file containing two kinds of elements: *rules* and *macros*. Rules consist of a *condition* under which an alert should be generated and a *output string* to send with the alert.
 
 Macros are simply rule condition snippets that can be re-used inside rules and other macros, providing a way to factor out and name common patterns.
 
@@ -33,7 +33,7 @@ A complete rule using the above condition might be:
 - rule: shell_in_container
   desc: notice shell activity within a container
   condition: container.id != host and proc.name = bash
-  output: "shell in a container (user=%user.name container_id=%container.id container_name=%container.name shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline)
+  output: shell in a container (user=%user.name container_id=%container.id container_name=%container.name shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline)
   priority: WARNING
 ```
 

Home.md

@@ -17,7 +17,7 @@ On this wiki, you can find information about sysdig falco. If this is your first
 * [Falco Alerts](Falco Alerts): Describing the alert channels
 * [Falco Examples](Falco Examples): Examples of what falco can detect
 * Helpful blog posts
-** [Introducing Falco](https://sysdig.com/blog/sysdig-falco/)
+    * [Introducing Falco](https://sysdig.com/blog/sysdig-falco/)
 
 ####Releases
 * [List of falco releases](https://github.com/draios/falco/releases)

How-to-Install-Falco-for-Linux.md

@@ -17,7 +17,7 @@ curl -s -o /etc/yum.repos.d/draios.repo http://download.draios.com/stable/rpm/dr
 ```
 - Install the EPEL repository
 
-Note: The following command is required only if DKMS is not available in the distribution. You can verify if DKMS is available with yum list dkms
+Note: The following command is required only if DKMS is not available in the distribution. You can verify if DKMS is available with `yum list dkms`. If required, install using:
 
 `rpm -i http://mirror.us.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm`
 
@@ -46,7 +46,7 @@ apt-get update
 
 - Install kernel headers
 
-Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly
+Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly.
 
 `apt-get -y install linux-headers-$(uname -r)`
 

How-to-Install-Falco-from-Source.md

@@ -1,5 +1,7 @@
 # Building falco from source
 
+Building falco requires having `cmake` and `g++` installed.
+
 ## Check out source code
 
 Clone this repo in a directory that also contains the sysdig source repo. The result should be something like:

How-to-Install-Falco-using-Containers.md

@@ -33,9 +33,3 @@ curl -s https://s3.amazonaws.com/download.draios.com/stable/install-falco | bash
 sysdig-probe-loader
 ```
 
-
-
-## Building and running falco locally from source
-Building falco requires having `cmake` and `g++` installed.
-
-