1sepolicy-network(8)                                        sepolicy-network(8)
2
3
4

NAME

6       sepolicy-network  -  Examine  the SELinux Policy and generate a network
7       report
8
9

SYNOPSIS

11       sepolicy network [-h] (-l | -a application [application ...] | -p  PORT
12       [PORT ...] | -t TYPE [TYPE ...] | -d DOMAIN [DOMAIN ...])
13
14

DESCRIPTION

16       Use sepolicy network to examine SELinux Policy and generate network re‐
17       ports.
18
19

OPTIONS

21       -a, --application
22              Generate a report listing the ports to which the specified  init
23              application is allowed to connect and or bind
24
25       -d, --domain
26              Generate  a  report listing the ports to which the specified do‐
27              main is allowed to connect and or bind
28
29       -l, --list
30              List all Network Port Types defined in SELinux Policy
31
32       -h, --help
33              Display help message
34
35       -t, --type
36              Generate a report listing the port numbers  associate  with  the
37              specified SELinux port type
38
39       -p, --port
40              Generate  a report listing the SELinux port types associate with
41              the specified port number
42
43

EXAMPLES

45       sepolicy network -p 22
46       22: tcp ssh_port_t 22
47       22: udp reserved_port_t 1-511
48       22: tcp reserved_port_t 1-511
49
50       sepolicy network -a /usr/sbin/sshd
51       sshd_t: tcp name_connect
52            111 (portmap_port_t)
53            53 (dns_port_t)
54            88, 750, 4444 (kerberos_port_t)
55            9080 (ocsp_port_t)
56            9180, 9701, 9443-9447 (pki_ca_port_t)
57            32768-61000 (ephemeral_port_t)
58            all ports < 1024 (reserved_port_type)
59            all ports with out defined types (port_t)
60       sshd_t: tcp name_bind
61            22 (ssh_port_t)
62            5900-5983, 5985-5999 (vnc_port_t)
63            6000-6020 (xserver_port_t)
64            32768-61000 (ephemeral_port_t)
65            all ports > 500 and  < 1024 (rpc_port_type)
66            all ports with out defined types (port_t)
67       sshd_t: udp name_bind
68            32768-61000 (ephemeral_port_t)
69            all ports > 500 and  < 1024 (rpc_port_type)
70            all ports with out defined types (port_t)
71
72
73

AUTHOR

75       This man page was written by Daniel Walsh <dwalsh@redhat.com>
76
77

SEE ALSO

79       sepolicy(8), selinux(8), semanage(8)
80
81
82
83                                   20121005                sepolicy-network(8)
Impressum