Layer: kernel

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.


Module:Description:
corecommands

Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin.

corenetwork

Policy controlling access to network objects

devices

Device nodes and interfaces for many basic system devices.

domain

Core policy for domains.

files

Basic filesystem types and interfaces.

filesystem

Policy for filesystems.

kernel

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.

mcs

Multicategory security policy

mls

Multilevel security policy

selinux

Policy for kernel security interface, in particular, selinuxfs.

storage

Policy controlling access to storage devices

terminal

Policy for terminals.

ubac

User-based access control policy

unlabelednet

Policy for allowing confined domains to talk use unlabeled_t packets.



Layer: roles

Policy modules for user roles.


Module:Description:
auditadm

Audit administrator role

dbadm

Database administrator role

guest

Least privledge terminal user role

logadm

Log administrator role

secadm

Security administrator role

staff

Administrator's unprivileged user role

sysadm

General system administration role

unconfineduser

Unconfiend user role

unprivuser

Generic unprivileged user role

webadm

Web administrator role

xguest

Least privledge xwindows user role



Layer: admin

Policy modules for administrative functions, such as package management.


Module:Description:
acct

Berkeley process accounting

alsa

Ainit ALSA configuration tool.

amanda

Advanced Maryland Automatic Network Disk Archiver.

amtu

Abstract Machine Test Utility.

anaconda

Anaconda installer.

apt

APT advanced package tool.

backup

System backup scripts

bootloader

Policy for the kernel modules, kernel image, and bootloader.

brctl

Utilities for configuring the linux ethernet bridge

certwatch

Digital Certificate Tracking

consoletype

Determine of the console connected to the controlling terminal.

ddcprobe

ddcprobe retrieves monitor and graphics card information

dmesg

Policy for dmesg.

dmidecode

Decode DMI data for x86/ia64 bioses.

dpkg

Policy for the Debian package manager.

firstboot

Final system configuration run during the first boot after installation of Red Hat/Fedora systems.

kdump

Kernel crash dumping mechanism

kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

kudzu

Hardware detection and configuration tools

logrotate

Rotate and archive system logs

logwatch

System log analyzer and reporter

mcelog

policy for mcelog

mrtg

Network traffic graphing

ncftool

policy for ncftool

netutils

Network analysis utilities

portage

Portage Package Management System. The primary package management and distribution system for Gentoo.

prelink

Prelink ELF shared library mappings.

quota

File system quota management

readahead

Readahead, read files into page cache for improved performance

rpm

Policy for the RPM package manager.

sectoolm

Sectool security audit tool

shorewall

Shoreline Firewall high-level tool for configuring netfilter

shutdown

System shutdown command

smoltclient

The Fedora hardware profiler client

sosreport

sosreport - Generate debugging information for system

su

Run shells with substitute user and group

sudo

Execute a command with a substitute user

sxid

SUID/SGID program monitoring

tmpreaper

Manage temporary directory sizes and file ages

tripwire

Tripwire file integrity checker.

tzdata

Time zone updater

updfstab

Red Hat utility to change /etc/fstab.

usbmodules

List kernel modules of USB devices

usermanage

Policy for managing user accounts.

vbetool

run real-mode video BIOS code to alter hardware state

vpn

Virtual Private Networking client



Layer: apps

Policy modules for applications


Module:Description:
ada

GNAT Ada95 compiler

authbind

Tool for non-root processes to bind to reserved ports

awstats

AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically.

calamaris

Squid log analysis

cdrecord

Policy for cdrecord

chrome

policy for chrome

cpufreqselector

Command-line CPU frequency settings.

evolution

Evolution email client

execmem

execmem domain

firewallgui

policy for firewallgui

games

Games

gift

giFT peer to peer file sharing tool

gitosis

Tools for managing and hosting git repositories.

gnome

GNU network object model environment (GNOME)

gpg

Policy for GNU Privacy Guard and related programs.

irc

IRC client policy

java

Java virtual machine

kdumpgui

system-config-kdump GUI

livecd

Livecd tool for building alternate livecd for different os and policy versions.

loadkeys

Load keyboard mappings.

lockdev

device locking policy for lockdev

mediawiki

Mediawiki policy

mono

Run .NET server and client applications on Linux.

mozilla

Policy for Mozilla and related web browsers

mplayer

Mplayer media player and encoder

nsplugin

policy for nsplugin

openoffice

Openoffice

podsleuth

Podsleuth is a tool to get information about an Apple (TM) iPod (TM)

ptchown

helper function for grantpt(3), changes ownship and permissions of pseudotty

pulseaudio

Pulseaudio network sound server.

qemu

QEMU machine emulator and virtualizer

rssh

Restricted (scp/sftp) only shell

sambagui

system-config-samba dbus service policy

sandbox

policy for sandbox

screen

GNU terminal multiplexer

seunshare

Filesystem namespacing/polyinstantiation application.

slocate

Update database for mlocate

telepathy

Telepathy framework.

thunderbird

Thunderbird email client

tvtime

tvtime - a high quality television application

uml

Policy for UML

userhelper

SELinux utility to run a shell with a new role

usernetctl

User network interface configuration helper

vlock

Lock one or more sessions on the Linux console.

vmware

VMWare Workstation virtual machines

webalizer

Web server log analysis

wine

Wine Is Not an Emulator. Run Windows programs in Linux.

wireshark

Wireshark packet capture tool.

wm

X Window Managers

xscreensaver

X Screensaver

yam

Yum/Apt Mirroring



Layer: system

Policy modules for system functions from init to multi-user login.


Module:Description:
application

Policy for user executable applications.

authlogin

Common policy for authentication and user login.

clock

Policy for reading and setting the hardware clock.

daemontools

Collection of tools for managing UNIX services

fstools

Tools for filesystem management, such as mkfs and fsck.

getty

Policy for getty.

hostname

Policy for changing the system host name.

hotplug

Policy for hotplug system, for supporting the connection and disconnection of devices at runtime.

init

System initialization programs (init and init scripts).

ipsec

TCP/IP encryption

iptables

Policy for iptables.

iscsi

Establish connections to iSCSI devices

libraries

Policy for system libraries.

locallogin

Policy for local logins.

logging

Policy for the kernel message logger and system logging daemon.

lvm

Policy for logical volume management programs.

miscfiles

Miscelaneous files.

modutils

Policy for kernel module utilities

mount

Policy for mount.

netlabel

NetLabel/CIPSO labeled networking management

pcmcia

PCMCIA card management services

raid

RAID array management tools

selinuxutil

Policy for SELinux policy and userland applications.

setrans

SELinux MLS/MCS label translation service.

sysnetwork

Policy for network configuration: ifconfig and dhcp client.

udev

Policy for udev.

unconfined

The unconfined domain.

userdomain

Policy for user domains

xen

Xen hypervisor



Layer: services

Policy modules for system services, like cron, and network services, like sshd.


Module:Description:
abrt

ABRT - automated bug-reporting tool

accountsd

AccountsService and daemon for manipulating user account information via D-Bus

afs

Andrew Filesystem server

aiccu

Automatic IPv6 Connectivity Client Utility.

aide

Aide filesystem integrity checker

aisexec

Aisexec Cluster Engine

ajaxterm

policy for ajaxterm

amavis

Daemon that interfaces mail transfer agents and content checkers, such as virus scanners.

apache

Apache web server

apcupsd

APC UPS monitoring daemon

apm

Advanced power management daemon

arpwatch

Ethernet activity monitor.

asterisk

Asterisk IP telephony server

audioentropy

Generate entropy from audio input

automount

Filesystem automounter service.

avahi

mDNS/DNS-SD daemon implementing Apple ZeroConf architecture

bind

Berkeley internet name domain DNS server.

bitlbee

Bitlbee service

bluetooth

Bluetooth tools and system services.

boinc

policy for boinc

bugzilla

Bugzilla server

cachefilesd

policy for cachefilesd

canna

Canna - kana-kanji conversion server

ccs

Cluster Configuration System

certmaster

Certmaster SSL certificate distribution service

certmonger

Certificate status monitor and PKI enrollment client

cgroup

libcg is a library that abstracts the control group file system in Linux.

chronyd

Chrony NTP background daemon

cipe

Encrypted tunnel daemon

clamav

ClamAV Virus Scanner

clockspeed

Clockspeed simple network time protocol client

clogd

clogd - Clustered Mirror Log Server

cmirrord

policy for cmirrord

cobbler

Cobbler installation server.

comsat

Comsat, a biff server.

consolekit

Framework for facilitating multiple user sessions on desktops.

corosync

Corosync Cluster Engine

courier

Courier IMAP and POP3 email servers

cpucontrol

Services for loading CPU microcode and CPU frequency scaling.

cron

Periodic execution of scheduled commands.

cups

Common UNIX printing system

cvs

Concurrent versions system

cyphesis

Cyphesis WorldForge game server

cyrus

Cyrus is an IMAP service intended to be run on sealed servers

dante

Dante msproxy and socks4/5 proxy server

dbskk

Dictionary server for the SKK Japanese input method system.

dbus

Desktop messaging bus

dcc

Distributed checksum clearinghouse spam filtering

ddclient

Update dynamic IP address at DynDNS.org

denyhosts

DenyHosts SSH dictionary attack mitigation

devicekit

Devicekit modular hardware abstraction layer

dhcp

Dynamic host configuration protocol (DHCP) server

dictd

Dictionary daemon

dirsrv

policy for dirsrv

dirsrv-admin

Administration Server for Directory Server, dirsrv-admin.

distcc

Distributed compiler daemon

djbdns

small and secure DNS daemon

dkim

DomainKeys Identified Mail milter.

dnsmasq

dnsmasq DNS forwarder and DHCP server

dovecot

Dovecot POP and IMAP mail server

drbd

policy for drbd

exim

Exim mail transfer agent

fail2ban

Update firewall filtering to ban IP addresses with too many password failures.

fetchmail

Remote-mail retrieval and forwarding utility

finger

Finger user information service.

fprintd

DBus fingerprint reader service

ftp

File transfer protocol service

gatekeeper

OpenH.323 Voice-Over-IP Gatekeeper

git

Fast Version Control System.

gnomeclock

Gnome clock handler for setting the time.

gpm

General Purpose Mouse driver

gpsd

gpsd monitor daemon

hadoop

Software for reliable, scalable, distributed computing.

hal

Hardware abstraction layer

hddtemp

hddtemp hard disk temperature tool running as a daemon.

howl

Port of Apple Rendezvous multicast DNS

i18n_input

IIIMF htt server

icecast

ShoutCast compatible streaming media server

ifplugd

Bring up/down ethernet interfaces based on cable detection.

imaze

iMaze game server

inetd

Internet services daemon.

inn

Internet News NNTP server

ircd

IRC server

irqbalance

IRQ balancing daemon

jabber

Jabber instant messaging server

kerberos

MIT Kerberos admin and KDC

kerneloops

Service for reporting kernel oopses to kerneloops.org

ksmtuned

Kernel Samepage Merging (KSM) Tuning Daemon

ktalk

KDE Talk daemon

ldap

OpenLDAP directory server

likewise

Likewise Active Directory support for UNIX.

lircd

Linux infared remote control daemon

lpd

Line printer daemon

mailman

Mailman is for managing electronic mail discussion and e-newsletter lists

memcached

high-performance memory object caching system

milter

Milter mail filters

mock

policy for mock

modemmanager

Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.

mojomojo

MojoMojo Wiki

monop

Monopoly daemon

mpd

policy for daemon for playing music

mta

Policy common to all email tranfer agents.

munin

Munin network-wide load graphing (formerly LRRD)

mysql

Policy for MySQL

nagios

Net Saint / NAGIOS - network monitoring server

nessus

Nessus network scanning daemon

networkmanager

Manager for dynamically switching between networks.

nis

Policy for NIS (YP) servers and clients

nscd

Name service cache daemon

nsd

Authoritative only name server

nslcd

nslcd - local LDAP name service daemon.

ntop

Network Top

ntp

Network time protocol daemon

nut

nut - Network UPS Tools

nx

NX remote desktop

oav

Open AntiVirus scannerdaemon and signature update

oddjob

Oddjob provides a mechanism by which unprivileged applications can request that specified privileged operations be performed on their behalf.

oident

SELinux policy for Oident daemon.

openca

OpenCA - Open Certificate Authority

openct

Service for handling smart card readers.

openvpn

full-featured SSL VPN solution

pads

Passive Asset Detection System

passenger

Passenger policy

pcscd

PCSC smart card service

pegasus

The Open Group Pegasus CIM/WBEM Server.

perdition

Perdition POP and IMAP proxy

pingd

Pingd of the Whatsup cluster node up/down detection utility

piranha

policy for piranha

plymouthd

Plymouth graphical boot

policykit

Policy framework for controlling privileges for system-wide services.

portmap

RPC port mapping service.

portreserve

Reserve well-known ports in the RPC port range.

portslave

Portslave terminal server software

postfix

Postfix email server

postfixpolicyd

Postfix policy server

postgresql

PostgreSQL relational database

postgrey

Postfix grey-listing server

ppp

Point to Point Protocol daemon creates links in ppp networks

prelude

Prelude hybrid intrusion detection system

privoxy

Privacy enhancing web proxy.

procmail

Procmail mail delivery agent

psad

Intrusion Detection and Log Analysis with iptables

publicfile

publicfile supplies files to the public through HTTP and FTP

puppet

Puppet client daemon

pxe

Server for the PXE network boot protocol

pyicqt

PyICQt is an ICQ transport for XMPP server.

pyzor

Pyzor is a distributed, collaborative spam detection and filtering network.

qmail

Qmail Mail Server

qpidd

policy for qpidd

radius

RADIUS authentication and accounting server.

radvd

IPv6 router advertisement daemon

razor

A distributed, collaborative, spam detection and filtering network.

rdisc

Network router discovery daemon

remotelogin

Policy for rshd, rlogind, and telnetd.

resmgr

Resource management daemon

rgmanager

rgmanager - Resource Group Manager

rhcs

RHCS - Red Hat Cluster Suite

rhgb

Red Hat Graphical Boot

ricci

Ricci cluster management agent

rlogin

Remote login daemon

roundup

Roundup Issue Tracking System policy

rpc

Remote Procedure Call Daemon for managment of network based process communication

rpcbind

Universal Addresses to RPC Program Number Mapper

rshd

Remote shell service.

rsync

Fast incremental file transfer for synchronization

rtkit

Realtime scheduling for user processes.

rwho

Who is logged in on other machines?

samba

SMB and CIFS client/server programs for UNIX and name Service Switch daemon for resolving names from Windows NT servers.

sasl

SASL authentication server

sendmail

Policy for sendmail.

setroubleshoot

SELinux troubleshooting service

slrnpull

Service for downloading news feeds the slrn newsreader.

smartmon

Smart disk monitoring daemon policy

smokeping

Smokeping network latency measurement.

snmp

Simple network management protocol services

snort

Snort network intrusion detection system

soundserver

sound server for network audio server programs, nasd, yiff, etc

spamassassin

Filter used for removing unsolicited email.

speedtouch

Alcatel speedtouch USB ADSL modem

squid

Squid caching http proxy server

ssh

Secure shell client and server policy.

sssd

System Security Services Daemon

stunnel

SSL Tunneling Proxy

sysstat

Policy for sysstat. Reports on various system states

tcpd

Policy for TCP daemon.

telnet

Telnet daemon

tftp

Trivial file transfer protocol daemon

tgtd

Linux Target Framework Daemon.

timidity

MIDI to WAV converter and player configured as a service

tor

TOR, the onion router

transproxy

HTTP transperant proxy

tuned

Dynamic adaptive system tuning daemon

ucspitcp

ucspitcp policy

ulogd

Iptables/netfilter userspace logging daemon.

uptime

Uptime daemon

usbmuxd

USB multiplexing daemon for communicating with Apple iPod Touch and iPhone

uucp

Unix to Unix Copy

uwimap

University of Washington IMAP toolkit POP3 and IMAP mail server

varnishd

Varnishd http accelerator daemon

vdagent

policy for vdagent

vhostmd

Virtual host metrics daemon

virt

Libvirt virtualization API

vnstatd

policy for vnstatd

w3c

W3C Markup Validator

watchdog

Software watchdog

xfs

X Windows Font Server

xprint

X print server

xserver

X Windows Server

zabbix

Distributed infrastructure monitoring

zarafa

policy for zarafa services

zebra

Zebra border gateway protocol network routing service

zosremote

policy for z/OS Remote-services Audit dispatcher plugin