python/sepolicy/sepolicy-network.8 - platform/external/selinux - Git at Google

 .TH "sepolicy-network" "8" "20121005" "" ""
 .SH "NAME"
 sepolicy-network \- Examine the SELinux Policy and generate a network report

 .SH "SYNOPSIS"

 .br
 .B sepolicy network [\-h] (\-l | \-a application [application ...] | \-p PORT [PORT ...] | \-t TYPE [TYPE ...] | \-d DOMAIN [DOMAIN ...])

 .SH "DESCRIPTION"
 Use sepolicy network to examine SELinux Policy and generate network reports.

 .SH "OPTIONS"
 .TP
 .I                \-a, \-\-application
 Generate a report listing the ports to which the specified init application is allowed to connect and or bind.
 .TP
 .I                \-d, \-\-domain
 Generate a report listing the ports to which the specified domain is allowed to connect and or bind.
 .TP
 .I                \-l, \-\-list
 List all Network Port Types defined in SELinux Policy
 .TP
 .I                \-h, \-\-help
 Display help message
 .TP
 .I                \-t, \-\-type
 Generate a report listing the port numbers associate with the specified SELinux port type.
 .TP
 .I                \-p, \-\-port
 Generate a report listing the SELinux port types associate with the specified port number.

 .SH "EXAMPLES"

 .B sepolicy network -p 22
 .br
 22: tcp ssh_port_t 22
 .br
 22: udp reserved_port_t 1-511
 .br
 22: tcp reserved_port_t 1-511

 .B sepolicy network -a /usr/sbin/sshd
 .br
 sshd_t: tcp name_connect
 .br
 	111 (portmap_port_t)
 .br
 	53 (dns_port_t)
 .br
 	88, 750, 4444 (kerberos_port_t)
 .br
 	9080 (ocsp_port_t)
 .br
 	9180, 9701, 9443-9447 (pki_ca_port_t)
 .br
 	32768-61000 (ephemeral_port_t)
 .br
 	all ports < 1024 (reserved_port_type)
 .br
 	all ports with out defined types (port_t)
 .br
 sshd_t: tcp name_bind
 .br
 	22 (ssh_port_t)
 .br
 	5900-5983, 5985-5999 (vnc_port_t)
 .br
 	6000-6020 (xserver_port_t)
 .br
 	32768-61000 (ephemeral_port_t)
 .br
 	all ports > 500 and  < 1024 (rpc_port_type)
 .br
 	all ports with out defined types (port_t)
 .br
 sshd_t: udp name_bind
 .br
 	32768-61000 (ephemeral_port_t)
 .br
 	all ports > 500 and  < 1024 (rpc_port_type)
 .br
 	all ports with out defined types (port_t)


 .SH "AUTHOR"
 This man page was written by Daniel Walsh <dwalsh@redhat.com>

 .SH "SEE ALSO"
 sepolicy(8), selinux(8), semanage(8)
	.TH "sepolicy-network" "8" "20121005" "" ""
	.SH "NAME"
	sepolicy-network \- Examine the SELinux Policy and generate a network report

	.SH "SYNOPSIS"

	.br
	.B sepolicy network [\-h] (\-l \| \-a application [application ...] \| \-p PORT [PORT ...] \| \-t TYPE [TYPE ...] \| \-d DOMAIN [DOMAIN ...])

	.SH "DESCRIPTION"
	Use sepolicy network to examine SELinux Policy and generate network reports.

	.SH "OPTIONS"
	.TP
	.I \-a, \-\-application
	Generate a report listing the ports to which the specified init application is allowed to connect and or bind.
	.TP
	.I \-d, \-\-domain
	Generate a report listing the ports to which the specified domain is allowed to connect and or bind.
	.TP
	.I \-l, \-\-list
	List all Network Port Types defined in SELinux Policy
	.TP
	.I \-h, \-\-help
	Display help message
	.TP
	.I \-t, \-\-type
	Generate a report listing the port numbers associate with the specified SELinux port type.
	.TP
	.I \-p, \-\-port
	Generate a report listing the SELinux port types associate with the specified port number.

	.SH "EXAMPLES"

	.B sepolicy network -p 22
	.br
	22: tcp ssh_port_t 22
	.br
	22: udp reserved_port_t 1-511
	.br
	22: tcp reserved_port_t 1-511

	.B sepolicy network -a /usr/sbin/sshd
	.br
	sshd_t: tcp name_connect
	.br
	111 (portmap_port_t)
	.br
	53 (dns_port_t)
	.br
	88, 750, 4444 (kerberos_port_t)
	.br
	9080 (ocsp_port_t)
	.br
	9180, 9701, 9443-9447 (pki_ca_port_t)
	.br
	32768-61000 (ephemeral_port_t)
	.br
	all ports < 1024 (reserved_port_type)
	.br
	all ports with out defined types (port_t)
	.br
	sshd_t: tcp name_bind
	.br
	22 (ssh_port_t)
	.br
	5900-5983, 5985-5999 (vnc_port_t)
	.br
	6000-6020 (xserver_port_t)
	.br
	32768-61000 (ephemeral_port_t)
	.br
	all ports > 500 and < 1024 (rpc_port_type)
	.br
	all ports with out defined types (port_t)
	.br
	sshd_t: udp name_bind
	.br
	32768-61000 (ephemeral_port_t)
	.br
	all ports > 500 and < 1024 (rpc_port_type)
	.br
	all ports with out defined types (port_t)


	.SH "AUTHOR"
	This man page was written by Daniel Walsh <dwalsh@redhat.com>

	.SH "SEE ALSO"
	sepolicy(8), selinux(8), semanage(8)