forked from SELinuxProject/selinux
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsepolicy-network.8
91 lines (80 loc) · 2.09 KB
/
sepolicy-network.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
.TH "sepolicy-network" "8" "20121005" "" ""
.SH "NAME"
sepolicy-network \- Examine the SELinux Policy and generate a network report
.SH "SYNOPSIS"
.br
.B sepolicy network [\-h] (\-l | \-a application [application ...] | \-p PORT [PORT ...] | \-t TYPE [TYPE ...] | \-d DOMAIN [DOMAIN ...])
.SH "DESCRIPTION"
Use sepolicy network to examine SELinux Policy and generate network reports.
.SH "OPTIONS"
.TP
.I \-a, \-\-application
Generate a report listing the ports to which the specified init application is allowed to connect and or bind.
.TP
.I \-d, \-\-domain
Generate a report listing the ports to which the specified domain is allowed to connect and or bind.
.TP
.I \-l, \-\-list
List all Network Port Types defined in SELinux Policy
.TP
.I \-h, \-\-help
Display help message
.TP
.I \-t, \-\-type
Generate a report listing the port numbers associate with the specified SELinux port type.
.TP
.I \-p, \-\-port
Generate a report listing the SELinux port types associate with the specified port number.
.SH "EXAMPLES"
.B sepolicy network -p 22
.br
22: tcp ssh_port_t 22
.br
22: udp reserved_port_t 1-511
.br
22: tcp reserved_port_t 1-511
.B sepolicy network -a /usr/sbin/sshd
.br
sshd_t: tcp name_connect
.br
111 (portmap_port_t)
.br
53 (dns_port_t)
.br
88, 750, 4444 (kerberos_port_t)
.br
9080 (ocsp_port_t)
.br
9180, 9701, 9443-9447 (pki_ca_port_t)
.br
32768-61000 (ephemeral_port_t)
.br
all ports < 1024 (reserved_port_type)
.br
all ports with out defined types (port_t)
.br
sshd_t: tcp name_bind
.br
22 (ssh_port_t)
.br
5900-5983, 5985-5999 (vnc_port_t)
.br
6000-6020 (xserver_port_t)
.br
32768-61000 (ephemeral_port_t)
.br
all ports > 500 and < 1024 (rpc_port_type)
.br
all ports with out defined types (port_t)
.br
sshd_t: udp name_bind
.br
32768-61000 (ephemeral_port_t)
.br
all ports > 500 and < 1024 (rpc_port_type)
.br
all ports with out defined types (port_t)
.SH "AUTHOR"
This man page was written by Daniel Walsh <[email protected]>
.SH "SEE ALSO"
sepolicy(8), selinux(8), semanage(8)