sepolicy-network(8) [centos man page]
sepolicy-network(8) sepolicy-network(8) NAME
sepolicy-network - Examine the SELinux Policy and generate a network report SYNOPSIS
sepolicy network [-h] (-l | -a application [application ...] | -p PORT [PORT ...] | -t TYPE [TYPE ...] | -d DOMAIN [DOMAIN ...]) DESCRIPTION
Use sepolicy network to examine SELinux Policy and generate network reports. OPTIONS
-a, --application Generate a report listing the ports to which the specified init application is allowed to connect and or bind. -d, --domain Generate a report listing the ports to which the specified domain is allowed to connect and or bind. -l, --list List all Network Port Types defined in SELinux Policy -h, --help Display help message -t, --type Generate a report listing the port numbers associate with the specified SELinux port type. -p, --port Generate a report listing the SELinux port types associate with the specified port number. EXAMPLES
sepolicy network -p 22 22: tcp ssh_port_t 22 22: udp reserved_port_t 1-511 22: tcp reserved_port_t 1-511 sepolicy network -a /usr/sbin/sshd sshd_t: tcp name_connect 111 (portmap_port_t) 53 (dns_port_t) 88, 750, 4444 (kerberos_port_t) 9080 (ocsp_port_t) 9180, 9701, 9443-9447 (pki_ca_port_t) 32768-61000 (ephemeral_port_t) all ports < 1024 (reserved_port_type) all ports with out defined types (port_t) sshd_t: tcp name_bind 22 (ssh_port_t) 5900-5983, 5985-5999 (vnc_port_t) 6000-6020 (xserver_port_t) 32768-61000 (ephemeral_port_t) all ports > 500 and < 1024 (rpc_port_type) all ports with out defined types (port_t) sshd_t: udp name_bind 32768-61000 (ephemeral_port_t) all ports > 500 and < 1024 (rpc_port_type) all ports with out defined types (port_t) AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com> SEE ALSO
sepolicy(8), selinux(8), semanage(8) 20121005 sepolicy-network(8)
Check Out this Related Man Page
semanage-port(8) semanage-port(8) NAME
semanage port- SELinux Policy Management port mapping tool SYNOPSIS
semanage port [-h] [-n] [-N] [-s STORE] [ --add -t TYPE -p PROTOCOL -r RANGE port_name | port_range | --delete -p PROTOCOL port_name | port_range | --deleteall | --extract | --list [-C] | --modify -t TYPE -p PROTOCOL -r RANGE port_name | port_range ] DESCRIPTION
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage port controls the port number to port type defitions. OPTIONS
-h, --help show this help message and exit -n, --noheading Do not print heading when listing the specified object type -N, --noreload Do not reload policy after commit -S STORE, --store STORE Select an alternate SELinux Policy Store to manage -C, --locallist List local customizations -a, --add Add a record of the specified object type -d, --delete Delete a record of the specified object type -m, --modify Modify a record of the specified object type -l, --list List records of the specified object type -E, --extract Extract customizable commands, for use within a transaction -D, --deleteall Remove all local customizations -t TYPE, --type TYPE SELinux type for the object -r RANGE, --range RANGE MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0. -p PROTO, --proto PROTO Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6). EXAMPLE
List all port defitions # semanage port -l Allow Apache to listen on tcp port 81 # semanage port -a -t http_port_t -p tcp 81 Allow sshd to listen on tcp port 8991 # semanage port -a -t ssh_port_t -p tcp 8991 SEE ALSO
selinux (8), semanage (8) AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com> 20130617 semanage-port(8)