Layer: kernel

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.


Module:Description:
corecommands

Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin.

corenetwork

Policy controlling access to network objects

devices

Device nodes and interfaces for many basic system devices.

domain

Core policy for domains.

files

Basic filesystem types and interfaces.

filesystem

Policy for filesystems.

kernel

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.

mcs

Multicategory security policy

mls

Multilevel security policy

selinux

Policy for kernel security interface, in particular, selinuxfs.

storage

Policy controlling access to storage devices

terminal

Policy for terminals.

ubac

User-based access control policy



Layer: roles

Policy modules for user roles.


Module:Description:
auditadm

Audit administrator role

guest

Least privledge terminal user role

logadm

Log administrator role

secadm

Security administrator role

staff

Administrator's unprivileged user role

sysadm

General system administration role

unconfineduser

Unconfiend user role

unprivuser

Generic unprivileged user role

webadm

Web administrator role

xguest

Least privledge xwindows user role



Layer: admin

Policy modules for administrative functions, such as package management.


Module:Description:
acct

Berkeley process accounting

alsa

Ainit ALSA configuration tool

amanda

Automated backup program.

amtu

Abstract Machine Test Utility

anaconda

Policy for the Anaconda installer.

apt

APT advanced package toll.

backup

System backup scripts

bootloader

Policy for the kernel modules, kernel image, and bootloader.

brctl

Utilities for configuring the linux ethernet bridge

certwatch

Digital Certificate Tracking

consoletype

Determine of the console connected to the controlling terminal.

ddcprobe

ddcprobe retrieves monitor and graphics card information

dmesg

Policy for dmesg.

dmidecode

Decode DMI data for x86/ia64 bioses.

dpkg

Policy for the Debian package manager.

firstboot

Final system configuration run during the first boot after installation of Red Hat/Fedora systems.

kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

kudzu

Hardware detection and configuration tools

logrotate

Rotate and archive system logs

logwatch

System log analyzer and reporter

mrtg

Network traffic graphing

netutils

Network analysis utilities

portage

Portage Package Management System. The primary package management and distribution system for Gentoo.

prelink

Prelink ELF shared library mappings.

quota

File system quota management

readahead

Readahead, read files into page cache for improved performance

rpm

Policy for the RPM package manager.

su

Run shells with substitute user and group

sudo

Execute a command with a substitute user

sxid

SUID/SGID program monitoring

tmpreaper

Manage temporary directory sizes and file ages

tripwire

Tripwire file integrity checker.

tzdata

Time zone updater

updfstab

Red Hat utility to change /etc/fstab.

usbmodules

List kernel modules of USB devices

usermanage

Policy for managing user accounts.

vbetool

run real-mode video BIOS code to alter hardware state

vpn

Virtual Private Networking client



Layer: apps

Policy modules for applications


Module:Description:
ada

GNAT Ada95 compiler

authbind

Tool for non-root processes to bind to reserved ports

awstats

AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically.

calamaris

Squid log analysis

cdrecord

Policy for cdrecord

cpufreqselector

cpufreq-selector policy

ethereal

Ethereal packet capture tool.

evolution

Evolution email client

games

Games

gift

giFT peer to peer file sharing tool

gnome

GNU network object model environment (GNOME)

gpg

Policy for GNU Privacy Guard and related programs.

irc

IRC client policy

java

Java virtual machine

livecd

policy for livecd

loadkeys

Load keyboard mappings.

lockdev

device locking policy for lockdev

mono

Run .NET server and client applications on Linux.

mozilla

Policy for Mozilla and related web browsers

mplayer

Mplayer media player and encoder

nsplugin

policy for nsplugin

openoffice

Openoffice

podsleuth

Podsleuth is a tool to get information about an Apple (TM) iPod (TM)

pulseaudio

policy for pulseaudio

qemu

QEMU machine emulator and virtualizer

rssh

Restricted (scp/sftp) only shell

sambagui

system-config-samba policy

sandbox

policy for sandbox

screen

GNU terminal multiplexer

slocate

Update database for mlocate

thunderbird

Thunderbird email client

tvtime

tvtime - a high quality television application

uml

Policy for UML

userhelper

SELinux utility to run a shell with a new role

usernetctl

User network interface configuration helper

vmware

VMWare Workstation virtual machines

webalizer

Web server log analysis

wine

Wine Is Not an Emulator. Run Windows programs in Linux.

wireshark

Wireshark packet capture tool.

wm

Window Manager.

yam

Yum/Apt Mirroring



Layer: system

Policy modules for system functions from init to multi-user login.


Module:Description:
application

Policy for user executable applications.

authlogin

Common policy for authentication and user login.

clock

Policy for reading and setting the hardware clock.

daemontools

Collection of tools for managing UNIX services

fstools

Tools for filesystem management, such as mkfs and fsck.

getty

Policy for getty.

hostname

Policy for changing the system host name.

hotplug

Policy for hotplug system, for supporting the connection and disconnection of devices at runtime.

init

System initialization programs (init and init scripts).

ipsec

TCP/IP encryption

iptables

Policy for iptables.

iscsi

Establish connections to iSCSI devices

libraries

Policy for system libraries.

locallogin

Policy for local logins.

logging

Policy for the kernel message logger and system logging daemon.

lvm

Policy for logical volume management programs.

miscfiles

Miscelaneous files.

modutils

Policy for kernel module utilities

mount

Policy for mount.

netlabel

NetLabel/CIPSO labeled networking management

pcmcia

PCMCIA card management services

raid

RAID array management tools

selinuxutil

Policy for SELinux policy and userland applications.

setrans

SELinux MLS/MCS label translation service.

sysnetwork

Policy for network configuration: ifconfig and dhcp client.

udev

Policy for udev.

unconfined

The unconfined domain.

userdomain

Policy for user domains

virtual

Virtual machine emulator and virtualizer

xen

Xen hypervisor



Layer: services

Policy modules for system services, like cron, and network services, like sshd.


Module:Description:
afs

Andrew Filesystem server

aide

Aide filesystem integrity checker

amavis

Daemon that interfaces mail transfer agents and content checkers, such as virus scanners.

apache

Apache web server

apcupsd

APC UPS monitoring daemon

apm

Advanced power management daemon

arpwatch

Ethernet activity monitor.

asterisk

Asterisk IP telephony server

audioentropy

Generate entropy from audio input

automount

Filesystem automounter service.

avahi

mDNS/DNS-SD daemon implementing Apple ZeroConf architecture

bind

Berkeley internet name domain DNS server.

bitlbee

Bitlbee service

bluetooth

Bluetooth tools and system services.

canna

Canna - kana-kanji conversion server

ccs

Cluster Configuration System

certmaster

policy for certmaster

cipe

Encrypted tunnel daemon

clamav

ClamAV Virus Scanner

clockspeed

Clockspeed simple network time protocol client

comsat

Comsat, a biff server.

consolekit

Framework for facilitating multiple user sessions on desktops.

courier

Courier IMAP and POP3 email servers

cpucontrol

Services for loading CPU microcode and CPU frequency scaling.

cron

Periodic execution of scheduled commands.

cups

Common UNIX printing system

cvs

Concurrent versions system

cyphesis

Cyphesis WorldForge game server

cyrus

Cyrus is an IMAP service intended to be run on sealed servers

dante

Dante msproxy and socks4/5 proxy server

dbskk

Dictionary server for the SKK Japanese input method system.

dbus

Desktop messaging bus

dcc

Distributed checksum clearinghouse spam filtering

ddclient

Update dynamic IP address at DynDNS.org

devicekit

policy for devicekit

dhcp

Dynamic host configuration protocol (DHCP) server

dictd

Dictionary daemon

distcc

Distributed compiler daemon

djbdns

small and secure DNS daemon

dnsmasq

dnsmasq DNS forwarder and DHCP server

dovecot

Dovecot POP and IMAP mail server

exim

Exim mail transfer agent

fail2ban

Update firewall filtering to ban IP addresses with too many password failures.

fetchmail

Remote-mail retrieval and forwarding utility

finger

Finger user information service.

fprintd

policy for fprintd

ftp

File transfer protocol service

gatekeeper

OpenH.323 Voice-Over-IP Gatekeeper

git

GIT revision control system

gnomeclock

policy for gnomeclock

gpm

General Purpose Mouse driver

gpsd

gpsd monitor daemon

hal

Hardware abstraction layer

howl

Port of Apple Rendezvous multicast DNS

i18n_input

IIIMF htt server

ifplugd

policy for ifplugd

imaze

iMaze game server

inetd

Internet services daemon.

inn

Internet News NNTP server

ircd

IRC server

irqbalance

IRQ balancing daemon

jabber

Jabber instant messaging server

kerberos

MIT Kerberos admin and KDC

kerneloops

Service for reporting kernel oopses to kerneloops.org

ktalk

KDE Talk daemon

ldap

OpenLDAP directory server

lircd

Lirc daemon

lpd

Line printer daemon

mailman

Mailman is for managing electronic mail discussion and e-newsletter lists

memcached

high-performance memory object caching system

milter

Milter mail filters

monop

Monopoly daemon

mta

Policy common to all email tranfer agents.

munin

Munin network-wide load graphing (formerly LRRD)

mysql

Policy for MySQL

nagios

Net Saint / NAGIOS - network monitoring server

nessus

Nessus network scanning daemon

networkmanager

Manager for dynamically switching between networks.

nis

Policy for NIS (YP) servers and clients

nscd

Name service cache daemon

nsd

Authoritative only name server

ntop

Network Top

ntp

Network time protocol daemon

nx

NX remote desktop

oav

Open AntiVirus scannerdaemon and signature update

oddjob

Oddjob provides a mechanism by which unprivileged applications can request that specified privileged operations be performed on their behalf.

oident

SELinux policy for Oident daemon.

openca

OpenCA - Open Certificate Authority

openct

Service for handling smart card readers.

openvpn

full-featured SSL VPN solution

pads

SELinux policy for PADS daemon.

pcscd

PCSC smart card service

pegasus

The Open Group Pegasus CIM/WBEM Server.

perdition

Perdition POP and IMAP proxy

pingd

policy for pingd

polkit

policy for polkit_auth

portmap

RPC port mapping service.

portreserve

policy for portreserve

portslave

Portslave terminal server software

postfix

Postfix email server

postfixpolicyd

Postfix policy server

postgresql

PostgreSQL relational database

postgrey

Postfix grey-listing server

ppp

Point to Point Protocol daemon creates links in ppp networks

prelude

Prelude hybrid intrusion detection system

privoxy

Privacy enhancing web proxy.

procmail

Procmail mail delivery agent

psad

Psad SELinux policy

publicfile

publicfile supplies files to the public through HTTP and FTP

pxe

Server for the PXE network boot protocol

pyzor

Pyzor is a distributed, collaborative spam detection and filtering network.

qmail

Qmail Mail Server

radius

RADIUS authentication and accounting server.

radvd

IPv6 router advertisement daemon

razor

A distributed, collaborative, spam detection and filtering network.

rdisc

Network router discovery daemon

remotelogin

Policy for rshd, rlogind, and telnetd.

resmgr

Resource management daemon

rhgb

Red Hat Graphical Boot

ricci

Ricci cluster management agent

rlogin

Remote login daemon

roundup

Roundup Issue Tracking System policy

rpc

Remote Procedure Call Daemon for managment of network based process communication

rpcbind

Universal Addresses to RPC Program Number Mapper

rshd

Remote shell service.

rsync

Fast incremental file transfer for synchronization

rwho

Who is logged in on other machines?

samba

SMB and CIFS client/server programs for UNIX and name Service Switch daemon for resolving names from Windows NT servers.

sasl

SASL authentication server

sendmail

Policy for sendmail.

setroubleshoot

SELinux troubleshooting service

shorewall

policy for shorewall

slrnpull

Service for downloading news feeds the slrn newsreader.

smartmon

Smart disk monitoring daemon policy

snmp

Simple network management protocol services

snort

Snort network intrusion detection system

soundserver

sound server for network audio server programs, nasd, yiff, etc

spamassassin

Filter used for removing unsolicited email.

speedtouch

Alcatel speedtouch USB ADSL modem

squid

Squid caching http proxy server

ssh

Secure shell client and server policy.

sssd

policy for sssd

stunnel

SSL Tunneling Proxy

sysstat

Policy for sysstat. Reports on various system states

tcpd

Policy for TCP daemon.

telnet

Telnet daemon

tftp

Trivial file transfer protocol daemon

timidity

MIDI to WAV converter and player configured as a service

tor

TOR, the onion router

transproxy

HTTP transperant proxy

ucspitcp

ucspitcp policy

ulogd

policy for ulogd

uptime

Uptime daemon

uucp

Unix to Unix Copy

uwimap

University of Washington IMAP toolkit POP3 and IMAP mail server

varnishd

Varnishd http accelerator daemon

virt

Libvirt virtualization API

w3c

W3C Markup Validator

watchdog

Software watchdog

xfs

X Windows Font Server

xprint

X print server

xserver

X Windows Server

zabbix

Distributed infrastructure monitoring

zebra

Zebra border gateway protocol network routing service

zosremote

policy for z/OS Remote-services Audit dispatcher plugin