sepolicy-network (8) Linux Manual Page

sepolicy-network – Examine the SELinux Policy and generate a network report

Synopsis

sepolicy network [-h] (-l | -a application [application …] | -p PORT [PORT …] | -t TYPE [TYPE …] | -d DOMAIN [DOMAIN …])

Description

Use sepolicy network to examine SELinux Policy and generate network reports.

Options

-a, –application

Generate a report listing the ports to which the specified init application is allowed to connect and or bind.

-d, –domain

Generate a report listing the ports to which the specified domain is allowed to connect and or bind.

-l, –list

List all Network Port Types defined in SELinux Policy

-h, –help

Display help message

-t, –type

Generate a report listing the port numbers associate with the specified SELinux port type.

-p, –port

Generate a report listing the SELinux port types associate with the specified port number.

Examples

sepolicy network -p 22
22: tcp ssh_port_t 22
22: udp reserved_port_t 1-511
22: tcp reserved_port_t 1-511 sepolicy network -a /usr/sbin/sshd
sshd_t: tcp name_connect
       111 (portmap_port_t)

       53 (dns_port_t)

       88, 750, 4444 (kerberos_port_t)

       9080 (ocsp_port_t)

       9180, 9701, 9443-9447 (pki_ca_port_t)

       32768-61000 (ephemeral_port_t)

       all ports < 1024 (reserved_port_type)

       all ports with out defined types (port_t)

sshd_t: tcp name_bind
       22 (ssh_port_t)

       5900-5983, 5985-5999 (vnc_port_t)

       6000-6020 (xserver_port_t)

       32768-61000 (ephemeral_port_t)

       all ports > 500 and < 1024 (rpc_port_type)

       all ports with out defined types (port_t)

sshd_t: udp name_bind
       32768-61000 (ephemeral_port_t)

       all ports > 500 and < 1024 (rpc_port_type)

       all ports with out defined types (port_t)

Author

This man page was written by Daniel Walsh <dwalsh [at] redhat.com>

See Also

sepolicy(8), selinux(8), semanage(8)