selinux/python/sepolicy/sepolicy-network.8

92 lines
2.1 KiB
Groff
Raw Normal View History

.TH "sepolicy-network" "8" "20121005" "" ""
.SH "NAME"
sepolicy-network \- Examine the SELinux Policy and generate a network report
.SH "SYNOPSIS"
.br
.B sepolicy network [\-h] (\-l | \-a application [application ...] | \-p PORT [PORT ...] | \-t TYPE [TYPE ...] | \-d DOMAIN [DOMAIN ...])
.SH "DESCRIPTION"
Use sepolicy network to examine SELinux Policy and generate network reports.
.SH "OPTIONS"
.TP
.I \-a, \-\-application
Generate a report listing the ports to which the specified init application is allowed to connect and or bind.
.TP
.I \-d, \-\-domain
Generate a report listing the ports to which the specified domain is allowed to connect and or bind.
.TP
.I \-l, \-\-list
List all Network Port Types defined in SELinux Policy
.TP
.I \-h, \-\-help
Display help message
.TP
.I \-t, \-\-type
Generate a report listing the port numbers associate with the specified SELinux port type.
.TP
.I \-p, \-\-port
Generate a report listing the SELinux port types associate with the specified port number.
.SH "EXAMPLES"
.B sepolicy network -p 22
.br
22: tcp ssh_port_t 22
.br
22: udp reserved_port_t 1-511
.br
22: tcp reserved_port_t 1-511
.B sepolicy network -a /usr/sbin/sshd
.br
sshd_t: tcp name_connect
.br
111 (portmap_port_t)
.br
53 (dns_port_t)
.br
88, 750, 4444 (kerberos_port_t)
.br
9080 (ocsp_port_t)
.br
9180, 9701, 9443-9447 (pki_ca_port_t)
.br
32768-61000 (ephemeral_port_t)
.br
all ports < 1024 (reserved_port_type)
.br
all ports with out defined types (port_t)
.br
sshd_t: tcp name_bind
.br
22 (ssh_port_t)
.br
5900-5983, 5985-5999 (vnc_port_t)
.br
6000-6020 (xserver_port_t)
.br
32768-61000 (ephemeral_port_t)
.br
all ports > 500 and < 1024 (rpc_port_type)
.br
all ports with out defined types (port_t)
.br
sshd_t: udp name_bind
.br
32768-61000 (ephemeral_port_t)
.br
all ports > 500 and < 1024 (rpc_port_type)
.br
all ports with out defined types (port_t)
.SH "AUTHOR"
This man page was written by Daniel Walsh <dwalsh@redhat.com>
.SH "SEE ALSO"
sepolicy(8), selinux(8), semanage(8)