Skip to content

Instantly share code, notes, and snippets.

@Bekcpear Bekcpear/SELinux_Tools
Last active Jun 17, 2017

Embed
What would you like to do?
* coreutils*
`-- coreutils package
`-- chcon - Change file SELinux security context. - relabeling
`-- runcon - Run command with specified SELinux security context. - runtime
`-- ... - Other tools which have nothing to do with SELinux. -
* policycoreutils*
`-- policycoreutils package
`-- sestatus - SELinux status tool. - debugging
`-- fixfiles - Fix file SELinux security contexts. - relabeling
`-- restorecon - Restore file(s) default SELinux security contexts. - relabeling
`-- setfiles - Set SELinux file security contexts. - relabeling
`-- secon - See an SELinux context, from a file, program or user input. - development
`-- genhomedircon - Generate SELinux file context configuration entries for user home directories. - runtime
`-- load_policy - Load a new SELinux policy into the kernel. - runtime
`-- setsebool - Set SELinux boolean value. - runtime
`-- semodule - Manage SELinux policy modules. - runtime
`-- policycoreutils-devel package
`-- semodule_deps - Show the dependencies between SELinux policy packages. - development
`-- semodule_expand - Expand a SELinux policy module package. - development
`-- semodule_link - Link SELinux policy module packages together. - development
`-- semodule_unpackage - Extract policy module and file context file from an SELinux policy module package. - development?
`-- sepolgen - Generate an initial SELinux policy module template. - development?
`-- sepolgen-ifgen - Generate the interface file that audit2allow uses to match interfaces to rules. - development
`-- sepolgen-ifgen-attr-helper - - development?
`-- sepolicy - SELinux Policy Inspection tool. - developemnt?
`-- policycoreutils-python package
`-- semodule_package - Create a SELinux policy module package. - build time
`-- audit2allow - Generate SELinux policy allow/dontaudit rule from logs of denied operations. - development
`-- audit2why - Translate SELinux audit message into a description of why the access was denied. - development
`-- chcat - Change file SELinux security category. - runtime
`-- sandbox - Run command under an SELinux sandbox. - runtime?
`-- semanage - SELinux Policy Management tool. - runtime
`-- policycoreutils-gui package
`-- selinux-polgengui - Red Hat GUI to create SELinux policies. - development
`-- system-config-selinux - Red Hat GUI that wraps most semanage functionality. - runtime
`-- policycoreutils-restorecond package
`-- restorecond - Daemon that watches for file creation and then sets the default SELinux file context. - relabeling
`-- policycoreutils-newrole package
`-- newrole - Run a shell with a new SELinux role. - runtime
[confusing tools: open_init_pty run_init]
* libselinux*
`-- libselinux package
`-- sefcontext_compile - Compile file context regular expression files. - build time?
`-- libselinux-utils package
`-- avcstat - Display SELinux AVC statistics. - debugging
`-- selabel_digest - Return digest of specifiles and list of files used. - debugging?
`-- selabel_lookup - Obtain SELinux security context from a string label. - debugging?
`-- selabel_lookup_best_match - Obtain a best match SELinux security context (only supported on file backend). - debugging?
`-- selabel_partial_match - Determine whether a direct or a partial match is possible on a file path (only supported on file backend). - debugging?
`-- selinuxexeccon - Report SELinux context used for this executable. - debugging?
`-- selinuxconlist - List all SELinux context reachable for user. - debugging?
`-- selinuxdefcon - Report default SELinux context for user. - debugging?
`-- matchpathcon - Get the default SELinux security context for the specified path from the file contexts configuration. - development
`-- selinux_restorecon - Restore file(s) default SELinux security contexts. - relabeling?
`-- getenforce - Get the current mode of SELinux. - runtime
`-- getsebool - Get SELinux boolean value(s). - runtime
`-- selinuxenabled - Tool to be used within shell scripts to determine if selinux is enabled. - runtime
`-- setenforce - Modify the mode SELinux is running in. - runtime
[confusing tools: compute_av compute_create compute_member compute_relabel compute_user getconlist getfilecon getpidcon getseuser policyvers selinux_check_secure_tty_context setfilecon]
* setools*
`-- setools-gui package
`-- apol - SELinux policy analysis tool. - analysis
`-- seaudit - SELinux graphical audit log analysis tool. - development
`-- setools-console package
`-- sediff - SELinux policy different tool. - analysis
`-- sesearch - SELinux policy query tool. - analysis
`-- seinfo - SELinux policy query tool. - debugging
`-- findcon - SELinux file context search tool. - development
`-- sechecker - SELinux policy checking tool. - development
[confusing tools: indexcon sediffx seaudit-report replcon]
* checkpolicy*
`-- checkpolicy package
`-- checkmodule - SELinux policy module compiler - build time
`-- checkpolicy - SELinux policy compiler - build time
`-- sedismod - Query various parts of a compiled policy module or policy package. (original `dismod` command) - development
`-- sedispol - Query various parts of a compiled kernel policy. (original `dispol` command) - development
* Red Hat
`-- mcstrans package
`-- mcstransd - MCS daemon. Translates SELinux MCS/MLS labels to human readable form. - runtime
`-- setroubleshoot-server package
`-- sealert - setroubleshoot client tool. - runtime?
`-- sedispatch - setroubleshoot audit dispatcher for SELinux Messages. - runtime?
`-- setroubleshootd - setroubleshoot daemon. - runtime
* refpolicy*
[confusing tools: fcsort sedoctool.py ]
* libsepol*
[confusing tool: chkcon]
* seedit*
[confusing tool: seedit]
* seadmin*
[confusing tool: seadmin]
* segatex*
[confusing tool: segatex]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.