mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-11 16:44:59 +00:00
e6a1298e54
Too difficult to break out into seperate patches at this point. Since almost no other groups are using sepolicy yet, I will push together.
92 lines
2.1 KiB
Groff
92 lines
2.1 KiB
Groff
.TH "sepolicy-network" "8" "20121005" "" ""
|
|
.SH "NAME"
|
|
sepolicy-network \- Examine the SELinux Policy and generate a network report
|
|
|
|
.SH "SYNOPSIS"
|
|
|
|
.br
|
|
.B sepolicy network [\-h] (\-l | \-a application [application ...] | \-p PORT [PORT ...] | \-t TYPE [TYPE ...] | \-d DOMAIN [DOMAIN ...])
|
|
|
|
.SH "DESCRIPTION"
|
|
Use sepolicy network to examine SELinux Policy and generate network reports.
|
|
|
|
.SH "OPTIONS"
|
|
.TP
|
|
.I \-a, \-\-application
|
|
Generate a report listing the ports to which the specified init application is allowed to connect and or bind.
|
|
.TP
|
|
.I \-d, \-\-domain
|
|
Generate a report listing the ports to which the specified domain is allowed to connect and or bind.
|
|
.TP
|
|
.I \-l, \-\-list
|
|
List all Network Port Types defined in SELinux Policy
|
|
.TP
|
|
.I \-h, \-\-help
|
|
Display help message
|
|
.TP
|
|
.I \-t, \-\-type
|
|
Generate a report listing the port numbers associate with the specified SELinux port type.
|
|
.TP
|
|
.I \-p, \-\-port
|
|
Generate a report listing the SELinux port types associate with the specified port number.
|
|
|
|
.SH "EXAMPLES"
|
|
|
|
.B sepolicy network -p 22
|
|
.br
|
|
22: tcp ssh_port_t 22
|
|
.br
|
|
22: udp reserved_port_t 1-511
|
|
.br
|
|
22: tcp reserved_port_t 1-511
|
|
|
|
.B sepolicy network -a /usr/sbin/sshd
|
|
.br
|
|
sshd_t: tcp name_connect
|
|
.br
|
|
111 (portmap_port_t)
|
|
.br
|
|
53 (dns_port_t)
|
|
.br
|
|
88, 750, 4444 (kerberos_port_t)
|
|
.br
|
|
9080 (ocsp_port_t)
|
|
.br
|
|
9180, 9701, 9443-9447 (pki_ca_port_t)
|
|
.br
|
|
32768-61000 (ephemeral_port_t)
|
|
.br
|
|
all ports < 1024 (reserved_port_type)
|
|
.br
|
|
all ports with out defined types (port_t)
|
|
.br
|
|
sshd_t: tcp name_bind
|
|
.br
|
|
22 (ssh_port_t)
|
|
.br
|
|
5900-5983, 5985-5999 (vnc_port_t)
|
|
.br
|
|
6000-6020 (xserver_port_t)
|
|
.br
|
|
32768-61000 (ephemeral_port_t)
|
|
.br
|
|
all ports > 500 and < 1024 (rpc_port_type)
|
|
.br
|
|
all ports with out defined types (port_t)
|
|
.br
|
|
sshd_t: udp name_bind
|
|
.br
|
|
32768-61000 (ephemeral_port_t)
|
|
.br
|
|
all ports > 500 and < 1024 (rpc_port_type)
|
|
.br
|
|
all ports with out defined types (port_t)
|
|
|
|
|
|
.SH "AUTHOR"
|
|
This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
|
|
|
.SH "SEE ALSO"
|
|
sepolicy(8), selinux(8), semanage(8)
|
|
|