Chris PeBenito e3a8e3
<html>
Chris PeBenito e3a8e3
<head>
Chris PeBenito e3a8e3
<title>
Chris PeBenito e3a8e3
 Security Enhanced Linux Reference Policy
Chris PeBenito e3a8e3
 </title>
Chris PeBenito e3a8e3
<style type="text/css" media="all">@import "style.css";</style>
Chris PeBenito e3a8e3
</head>
Chris PeBenito e3a8e3
<body>
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		admin
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		apps
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		kernel
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		services
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			apache
Chris PeBenito 862a1e
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			apm
Chris PeBenito 862a1e
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			arpwatch
Chris PeBenito 862a1e
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			bind
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			bluetooth
Chris PeBenito 862a1e
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			comsat
Chris PeBenito e376ad
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			cpucontrol
Chris PeBenito 44a4c2
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			cron
Chris PeBenito e3a8e3
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			cvs
Chris PeBenito 44a4c2
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			dbus
Chris PeBenito e376ad
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			dhcp
Chris PeBenito e376ad
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			dictd
Chris PeBenito e376ad
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			finger
Chris PeBenito 862a1e
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			ftp
Chris PeBenito 862a1e
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			gpm
Chris PeBenito c2ecf0
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			hal
Chris PeBenito e376ad
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			howl
Chris PeBenito c2ecf0
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			inetd
Chris PeBenito e3a8e3
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			inn
Chris PeBenito e376ad
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			kerberos
Chris PeBenito e3a8e3
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			ktalk
Chris PeBenito 44a4c2
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			ldap
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			mailman
Chris PeBenito 862a1e
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			mta
Chris PeBenito e3a8e3
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			mysql
Chris PeBenito c2ecf0
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			nis
Chris PeBenito e3a8e3
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			nscd
Chris PeBenito 8b1125
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			ntp
Chris PeBenito e376ad
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			portmap
Chris PeBenito 44a4c2
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			postgresql
Chris PeBenito 44a4c2
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			ppp
Chris PeBenito 862a1e
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			privoxy
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			radvd
Chris PeBenito 862a1e
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			remotelogin
Chris PeBenito e3a8e3
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			rlogin
Chris PeBenito 44a4c2
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			rshd
Chris PeBenito c2ecf0
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			rsync
Chris PeBenito c2ecf0
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			samba
Chris PeBenito 44a4c2
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			sasl
Chris PeBenito 862a1e
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			sendmail
Chris PeBenito e3a8e3
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			snmp
Chris PeBenito 44a4c2
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			squid
Chris PeBenito e376ad
		
Chris PeBenito e3a8e3
			   - 
Chris PeBenito e3a8e3
			ssh
Chris PeBenito e3a8e3
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			stunnel
Chris PeBenito 44a4c2
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			tcpd
Chris PeBenito c2ecf0
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			telnet
Chris PeBenito 44a4c2
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			tftp
Chris PeBenito 44a4c2
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			uucp
Chris PeBenito 44a4c2
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			zebra
Chris PeBenito 44a4c2
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		system
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
	

Chris PeBenito 8b1125
	* Global Booleans 
Chris PeBenito 8b1125
	

Chris PeBenito 8b1125
	* Global Tunables 
Chris PeBenito 8b1125
	


Chris PeBenito 8b1125
	* Layer Index
Chris PeBenito 8b1125
	

Chris PeBenito 8b1125
	* Interface Index
Chris PeBenito e3a8e3
	

Chris PeBenito 8b1125
	* Template Index
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3

Layer: services

Chris PeBenito e3a8e3

Module: ssh

Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Interfaces
Chris PeBenito e3a8e3
Templates
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3

Description:

Chris PeBenito e3a8e3
Chris PeBenito 767266

Secure shell client and server policy.

Chris PeBenito 767266
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3

Interfaces:

Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
ssh_dontaudit_read_server_keys(
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		domain
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Summary
Chris PeBenito e3a8e3

Read ssh server keys

Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Return
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3

Templates:

Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
ssh_per_userdomain_template(
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		userdomain_prefix
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e376ad
		
Chris PeBenito e376ad
			,
Chris PeBenito e376ad
		
Chris PeBenito e376ad
		
Chris PeBenito e376ad
		
Chris PeBenito e376ad
		user_domain
Chris PeBenito e376ad
		
Chris PeBenito e376ad
	
Chris PeBenito e376ad
		
Chris PeBenito e376ad
			,
Chris PeBenito e376ad
		
Chris PeBenito e376ad
		
Chris PeBenito e376ad
		
Chris PeBenito e376ad
		user_role
Chris PeBenito e376ad
		
Chris PeBenito e376ad
	
Chris PeBenito e3a8e3
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Summary
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
The per user domain template for the ssh module.
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Description
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
This template creates a derived domains which are used
Chris PeBenito e3a8e3
for ssh client sessions and user ssh agents.  A derived
Chris PeBenito e3a8e3
type is also created to protect the user ssh keys.
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
This template is invoked automatically for each user, and
Chris PeBenito e3a8e3
generally does not need to be invoked directly
Chris PeBenito e3a8e3
by policy writers.
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
userdomain_prefix
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
The prefix of the user domain (e.g., user
Chris PeBenito e3a8e3
is the prefix for user_t).
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e376ad
Chris PeBenito e376ad
user_domain
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
The type of the user domain.
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
No
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
user_role
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
The role associated with the user domain.
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
No
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
ssh_server_template(
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
		userdomain_prefix
Chris PeBenito e3a8e3
		
Chris PeBenito e3a8e3
	
Chris PeBenito e3a8e3
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Summary
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
The template to define a ssh server.
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Description
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
This template creates a domains to be used for
Chris PeBenito e3a8e3
creating a ssh server.  This is typically done
Chris PeBenito e3a8e3
to have multiple ssh servers of different sensitivities,
Chris PeBenito e3a8e3
such as for an internal network-facing ssh server, and
Chris PeBenito e3a8e3
a external network-facing ssh server.
Chris PeBenito e3a8e3

Chris PeBenito e3a8e3

Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
userdomain_prefix
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
The prefix of the server domain (e.g., sshd
Chris PeBenito e3a8e3
is the prefix for sshd_t).
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Return
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e376ad
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
</body>
Chris PeBenito e3a8e3
</html>