| sepolicy-network(8) | sepolicy-network(8) | 
NAME¶
sepolicy-network - Examine the SELinux Policy and generate a network report
SYNOPSIS¶
sepolicy network [-h] (-l | -a application [application ...] | -p PORT [PORT ...] | -t TYPE [TYPE ...] | -d DOMAIN [DOMAIN ...])
DESCRIPTION¶
Use sepolicy network to examine SELinux Policy and generate network reports.
OPTIONS¶
- -a, --application
- Generate a report listing the ports to which the specified init application is allowed to connect and or bind
- -d, --domain
- Generate a report listing the ports to which the specified domain is allowed to connect and or bind
- -l, --list
- List all Network Port Types defined in SELinux Policy
- -h, --help
- Display help message
- -t, --type
- Generate a report listing the port numbers associate with the specified SELinux port type
- -p, --port
- Generate a report listing the SELinux port types associate with the specified port number
EXAMPLES¶
sepolicy network -p 22
  
  22: tcp ssh_port_t 22
  
  22: udp reserved_port_t 1-511
  
  22: tcp reserved_port_t 1-511
sepolicy network -a /usr/sbin/sshd
  
  sshd_t: tcp name_connect
  
  	111 (portmap_port_t)
  
  	53 (dns_port_t)
  
  	88, 750, 4444 (kerberos_port_t)
  
  	9080 (ocsp_port_t)
  
  	9180, 9701, 9443-9447 (pki_ca_port_t)
  
  	32768-61000 (ephemeral_port_t)
  
  	all ports < 1024 (reserved_port_type)
  
  	all ports with out defined types (port_t)
  
  sshd_t: tcp name_bind
  
  	22 (ssh_port_t)
  
  	5900-5983, 5985-5999 (vnc_port_t)
  
  	6000-6020 (xserver_port_t)
  
  	32768-61000 (ephemeral_port_t)
  
  	all ports > 500 and < 1024 (rpc_port_type)
  
  	all ports with out defined types (port_t)
  
  sshd_t: udp name_bind
  
  	32768-61000 (ephemeral_port_t)
  
  	all ports > 500 and < 1024 (rpc_port_type)
  
  	all ports with out defined types (port_t)
AUTHOR¶
This man page was written by Daniel Walsh <dwalsh@redhat.com>
SEE ALSO¶
| 20121005 |