Karl MacMillan 660bf7
<html>
Karl MacMillan 660bf7
<head>
Karl MacMillan 660bf7
<title>
Karl MacMillan 660bf7
 Security Enhanced Linux Reference Policy
Karl MacMillan 660bf7
 </title>
Karl MacMillan 660bf7
<style type="text/css" media="all">@import "style.css";</style>
Karl MacMillan 660bf7
</head>
Karl MacMillan 660bf7
<body>
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		admin
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			consoletype
Chris PeBenito e3a8e3
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			dmesg
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			logrotate
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			netutils
Chris PeBenito e3a8e3
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			rpm
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			usermanage
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		apps
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			gpg
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		kernel
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			bootloader
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			corenetwork
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			devices
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			filesystem
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			kernel
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			selinux
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			storage
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			terminal
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		services
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			cron
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			inetd
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			kerberos
Chris PeBenito e3a8e3
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			mta
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			nis
Chris PeBenito e3a8e3
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			remotelogin
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			sendmail
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			ssh
Chris PeBenito e3a8e3
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		system
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			authlogin
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			clock
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			corecommands
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			files
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			fstools
Chris PeBenito e3a8e3
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			getty
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			hostname
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			hotplug
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			init
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			iptables
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			libraries
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			locallogin
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			logging
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			lvm
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			miscfiles
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			modutils
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			mount
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			selinuxutil
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			sysnetwork
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			udev
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			userdomain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	

Karl MacMillan 660bf7
	* Interface Index
Chris PeBenito e3a8e3
	

Chris PeBenito e3a8e3
	* Template Index
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7

Layer: admin

Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Module:Description:
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			consoletype
Chris PeBenito e3a8e3
			

Chris PeBenito e3a8e3
Determine of the console connected to the controlling terminal.
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			dmesg
Karl MacMillan 660bf7
			

Policy for dmesg.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			logrotate
Chris PeBenito e3a8e3
			

Rotate and archive system logs

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			netutils
Chris PeBenito e3a8e3
			

Network analysis utilities

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			rpm
Karl MacMillan 660bf7
			

Policy for the RPM package manager.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			usermanage
Karl MacMillan 660bf7
			

Policy for managing user accounts.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Karl MacMillan 660bf7
Karl MacMillan 660bf7



Karl MacMillan 660bf7
Karl MacMillan 660bf7

Layer: kernel

Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Module:Description:
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			bootloader
Karl MacMillan 660bf7
			

Policy for the kernel modules, kernel image, and bootloader.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			corenetwork
Karl MacMillan 660bf7
			

Policy controlling access to network objects

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			devices
Karl MacMillan 660bf7
			

Karl MacMillan 660bf7
Device nodes and interfaces for many basic system devices.
Karl MacMillan 660bf7

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			filesystem
Karl MacMillan 660bf7
			

Policy for filesystems.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			kernel
Karl MacMillan 660bf7
			

Chris PeBenito e3a8e3
Policy for kernel threads, proc filesystem,
Karl MacMillan 660bf7
and unlabeled processes and objects.
Karl MacMillan 660bf7

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			selinux
Karl MacMillan 660bf7
			

Karl MacMillan 660bf7
Policy for kernel security interface, in particular, selinuxfs.
Karl MacMillan 660bf7

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			storage
Karl MacMillan 660bf7
			

Policy controlling access to storage devices

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			terminal
Karl MacMillan 660bf7
			

Policy for terminals.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
Karl MacMillan 660bf7



Karl MacMillan 660bf7
Chris PeBenito e3a8e3

Layer: apps

Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Module:Description:
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			gpg
Chris PeBenito e3a8e3
			

Policy for GNU Privacy Guard and related programs.

Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
Karl MacMillan 660bf7



Karl MacMillan 660bf7
Karl MacMillan 660bf7

Layer: system

Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Module:Description:
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			authlogin
Karl MacMillan 660bf7
			

Common policy for authentication and user login.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			clock
Karl MacMillan 660bf7
			

Policy for reading and setting the hardware clock.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			corecommands
Karl MacMillan 660bf7
			

Karl MacMillan 660bf7
Core policy for shells, and generic programs
Karl MacMillan 660bf7
in /bin, /sbin, /usr/bin, and /usr/sbin.
Karl MacMillan 660bf7

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			domain
Karl MacMillan 660bf7
			

Core policy for domains.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			files
Karl MacMillan 660bf7
			

Karl MacMillan 660bf7
Basic filesystem types and interfaces.
Karl MacMillan 660bf7

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			fstools
Chris PeBenito e3a8e3
			

Tools for filesystem management, such as mkfs and fsck.

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			getty
Karl MacMillan 660bf7
			

Policy for getty.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			hostname
Karl MacMillan 660bf7
			

Policy for changing the system host name.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			hotplug
Karl MacMillan 660bf7
			

Karl MacMillan 660bf7
Policy for hotplug system, for supporting the
Karl MacMillan 660bf7
connection and disconnection of devices at runtime.
Karl MacMillan 660bf7

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			init
Karl MacMillan 660bf7
			

System initialization programs (init and init scripts).

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			iptables
Karl MacMillan 660bf7
			

Policy for iptables.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			libraries
Karl MacMillan 660bf7
			

Policy for system libraries.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			locallogin
Karl MacMillan 660bf7
			

Policy for local logins.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			logging
Karl MacMillan 660bf7
			

Policy for the kernel message logger and system logging daemon.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			lvm
Karl MacMillan 660bf7
			

Policy for logical volume management programs.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			miscfiles
Karl MacMillan 660bf7
			

Miscelaneous files.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			modutils
Karl MacMillan 660bf7
			

Policy for kernel module utilities

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			mount
Karl MacMillan 660bf7
			

Policy for mount.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			selinuxutil
Karl MacMillan 660bf7
			

Policy for SELinux policy and userland applications.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			sysnetwork
Karl MacMillan 660bf7
			

Policy for network configuration: ifconfig and dhcp client.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			udev
Karl MacMillan 660bf7
			

Policy for udev.

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			
Karl MacMillan 660bf7
			userdomain
Karl MacMillan 660bf7
			

Policy for user domains

Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
Karl MacMillan 660bf7



Karl MacMillan 660bf7
Chris PeBenito e3a8e3

Layer: services

Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Module:Description:
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			cron
Chris PeBenito e3a8e3
			

Periodic execution of scheduled commands.

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			inetd
Chris PeBenito e3a8e3
			

Internet services daemon.

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			kerberos
Chris PeBenito e3a8e3
			

MIT Kerberos admin and KDC

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			mta
Chris PeBenito e3a8e3
			

Policy common to all email tranfer agents.

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			nis
Chris PeBenito e3a8e3
			

Policy for NIS (YP) servers and clients

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			remotelogin
Chris PeBenito e3a8e3
			

Policy for rshd, rlogind, and telnetd.

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			sendmail
Chris PeBenito e3a8e3
			

Policy for sendmail.

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			
Chris PeBenito e3a8e3
			ssh
Chris PeBenito e3a8e3
			

Secure shell client and server policy.

Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3



Chris PeBenito e3a8e3
Karl MacMillan 660bf7
Karl MacMillan 660bf7
</body>
Karl MacMillan 660bf7
</html>