improved ssh-root-login command + updated prompts to sudo

* improved ssh-root-login command + updated prompts to sudo

tasks/alp-post-deployment-considerations.xml

@@ -33,7 +33,7 @@
         During the &productnameshort; deployment, you entered a password that is used for disk
         encryption. To change the password, run the following command:
       </para>
-<screen>&prompt.root;fdectl passwd</screen>
+<screen>&prompt.sudo;fdectl passwd</screen>
     </section>
     <section xml:id="alp-post-deploy-full-disk-encryption-tpm">
       <title>TPM device</title>
@@ -75,7 +75,7 @@
     <para>
       To set &selnx; to the permissive mode temporarily, run:
     </para>
-<screen>&prompt.root;setenforce 0</screen>
+<screen>&prompt.sudo;setenforce 0</screen>
     <tip>
       <para>
         To set &selnx; to the permissive mode permanently, edit
@@ -91,8 +91,8 @@
         system:
       </para>
 <screen>
-&prompt.root;touch /etc/selinux/.autorelabel
-&prompt.root;reboot
+&prompt.sudo;touch /etc/selinux/.autorelabel
+&prompt.sudo;reboot
 </screen>
     </important>
     <para>
@@ -107,15 +107,15 @@ tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=0
     <para>
       To filter such messages, you can use the following commands:
     </para>
-<screen>&prompt.root;tail -f /var/log/audit/audit.log | grep -i AVC</screen>
+<screen>&prompt.sudo;tail -f /var/log/audit/audit.log | grep -i AVC</screen>
     <para>
       and
     </para>
-<screen>&prompt.root;journalctl -f | grep -i AVC</screen>
+<screen>&prompt.sudo;journalctl -f | grep -i AVC</screen>
     <para>
       For more advanced search, use the following command:
     </para>
-<screen>&prompt.root;ausearch -m avc,user_avc,selinux_err -i</screen>
+<screen>&prompt.sudo;ausearch -m avc,user_avc,selinux_err -i</screen>
     <para>
       If such messages appear while using the application that did not behave correctly when
       &selnx; was set to the enforce mode, the policies are too restrictive and need updating. You
@@ -136,22 +136,24 @@ tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=0
     <itemizedlist>
       <listitem>
         <para>
-          install the <package>openssh-server-config-rootlogin</package> package and reboot the
+          Install the <package>openssh-server-config-rootlogin</package> package and reboot the
           system.
         </para>
 <screen>
-&prompt.root;<command>transactional-update pkg in openssh-server-config-rootlogin</command>
-&prompt.root;<command>reboot</command>
+&prompt.sudo;<command>transactional-update pkg in openssh-server-config-rootlogin</command>
+&prompt.sudo;<command>reboot</command>
 </screen>
       </listitem>
       <listitem>
         <para>
-          Add a file containing the snippet <literal>PermitRootLogin yes</literal> in the
-          <filename>/etc/sshd/sshd_config.d/</filename> directory and reboot, for example:
+          Add a file containing <literal>PermitRootLogin yes</literal> in the
+          <filename>/etc/sshd/sshd_config.d/</filename> directory and restart the <systemitem
+          class="daemon">sshd</systemitem> service, for example:
         </para>
 <screen>
-&prompt.root;echo 'PermitRootLogin yes' &gt;&gt; /etc/sshd/sshd_config.d/root_login_config
-&prompt.root;<command>reboot</command>
+&prompt.sudo;mkdir -p /etc/sshd/sshd_config.d/ &amp;&amp; echo 'PermitRootLogin yes' \
+  &gt;&gt; /etc/sshd/sshd_config.d/root_login_config
+&prompt.sudo;<command>systemctl restart sshd.service</command>
 </screen>
       </listitem>
     </itemizedlist>