Layer: kernel

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.


Module:Description:
corecommands

Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin.

corenetwork

Policy controlling access to network objects

devices

Device nodes and interfaces for many basic system devices.

domain

Core policy for domains.

files

Basic filesystem types and interfaces.

filesystem

Policy for filesystems.

kernel

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.

mcs

Multicategory security policy

mls

Multilevel security policy

selinux

Policy for kernel security interface, in particular, selinuxfs.

storage

Policy controlling access to storage devices

terminal

Policy for terminals.

ubac

User-based access control policy



Layer: roles

Policy modules for user roles.


Module:Description:
auditadm

Audit administrator role

logadm

Log administrator role

secadm

Security administrator role

staff

Administrator's unprivileged user role

sysadm

General system administration role

unprivuser

Generic unprivileged user role



Layer: admin

Policy modules for administrative functions, such as package management.


Module:Description:
bootloader

Policy for the kernel modules, kernel image, and bootloader.

consoletype

Determine of the console connected to the controlling terminal.

dmesg

Policy for dmesg.

netutils

Network analysis utilities

su

Run shells with substitute user and group

sudo

Execute a command with a substitute user

usermanage

Policy for managing user accounts.



Layer: apps

Policy modules for applications


Module:Description:
seunshare

Filesystem namespacing/polyinstantiation application.



Layer: system

Policy modules for system functions from init to multi-user login.


Module:Description:
application

Policy for user executable applications.

authlogin

Common policy for authentication and user login.

clock

Policy for reading and setting the hardware clock.

fstools

Tools for filesystem management, such as mkfs and fsck.

getty

Policy for getty.

hostname

Policy for changing the system host name.

hotplug

Policy for hotplug system, for supporting the connection and disconnection of devices at runtime.

init

System initialization programs (init and init scripts).

ipsec

TCP/IP encryption

iptables

Policy for iptables.

libraries

Policy for system libraries.

locallogin

Policy for local logins.

logging

Policy for the kernel message logger and system logging daemon.

lvm

Policy for logical volume management programs.

miscfiles

Miscelaneous files.

modutils

Policy for kernel module utilities

mount

Policy for mount.

netlabel

NetLabel/CIPSO labeled networking management

selinuxutil

Policy for SELinux policy and userland applications.

setrans

SELinux MLS/MCS label translation service.

sysnetwork

Policy for network configuration: ifconfig and dhcp client.

udev

Policy for udev.

unconfined

The unconfined domain.

userdomain

Policy for user domains



Layer: services

Policy modules for system services, like cron, and network services, like sshd.


Module:Description:
postgresql

PostgreSQL relational database

ssh

Secure shell client and server policy.

xserver

X Windows Server



Layer: contrib

Contributed Reference Policy modules.


Module:Description:
abrt

Automated bug-reporting tool.

accountsd

AccountsService and daemon for manipulating user account information via D-Bus.

acct

Berkeley process accounting.

ada

GNAT Ada95 compiler.

afs

Andrew Filesystem server.

aiccu

Automatic IPv6 Connectivity Client Utility.

aide

Aide filesystem integrity checker.

aisexec

Aisexec Cluster Engine.

alsa

Advanced Linux Sound Architecture utilities.

amanda

Advanced Maryland Automatic Network Disk Archiver.

amavis

High-performance interface between an email server and content checkers.

amtu

Abstract Machine Test Utility.

anaconda

Anaconda installer.

apache

Various web servers.

apcupsd

APC UPS monitoring daemon.

apm

Advanced power management.

apt

Advanced package tool.

arpwatch

Ethernet activity monitor.

asterisk

Asterisk IP telephony server.

authbind

Tool for non-root processes to bind to reserved ports.

automount

Filesystem automounter service.

avahi

mDNS/DNS-SD daemon implementing Apple ZeroConf architecture.

awstats

Log file analyzer for advanced statistics.

backup

System backup scripts.

bacula

Cross platform network backup.

bcfg2

configuration management suite.

bind

Berkeley Internet name domain DNS server.

bird

BIRD Internet Routing Daemon.

bitlbee

Tunnels instant messaging traffic to a virtual IRC channel.

blueman

Tool to manage Bluetooth devices.

bluetooth

Bluetooth tools and system services.

boinc

Platform for computing using volunteered resources.

brctl

Utilities for configuring the Linux ethernet bridge.

bugzilla

Bugtracker.

cachefilesd

CacheFiles user-space management daemon.

calamaris

Squid log analysis.

callweaver

PBX software.

canna

Kana-kanji conversion server.

ccs

Cluster Configuration System.

cdrecord

Record audio or data Compact Discs from a master.

certmaster

Remote certificate distribution framework.

certmonger

Certificate status monitor and PKI enrollment client.

certwatch

Digital Certificate Tracking.

cfengine

System administration tool for networks.

cgroup

libcg is a library that abstracts the control group file system in Linux.

chronyd

Chrony NTP background daemon.

cipe

Encrypted tunnel daemon.

clamav

ClamAV Virus Scanner.

clockspeed

Clock speed measurement and manipulation.

clogd

Clustered Mirror Log Server.

cmirrord

Cluster mirror log daemon.

cobbler

Cobbler installation server.

collectd

Statistics collection daemon for filling RRD files.

colord

GNOME color manager.

comsat

Comsat, a biff server.

condor

High-Throughput Computing System.

consolekit

Framework for facilitating multiple user sessions on desktops.

corosync

Corosync Cluster Engine.

couchdb

Document database server.

courier

Courier IMAP and POP3 email servers.

cpucontrol

Services for loading CPU microcode and CPU frequency scaling.

cpufreqselector

Command-line CPU frequency settings.

cron

Periodic execution of scheduled commands.

ctdb

Clustered Database based on Samba Trivial Database.

cups

Common UNIX printing system.

cvs

Concurrent versions system.

cyphesis

Cyphesis WorldForge game server.

cyrus

Cyrus is an IMAP service intended to be run on sealed servers.

daemontools

Collection of tools for managing UNIX services.

dante

Dante msproxy and socks4/5 proxy server.

dbadm

Database administrator role.

dbskk

Dictionary server for the SKK Japanese input method system.

dbus

Desktop messaging bus.

dcc

Distributed checksum clearinghouse spam filtering.

ddclient

Update dynamic IP address at DynDNS.org.

ddcprobe

ddcprobe retrieves monitor and graphics card information.

denyhosts

SSH dictionary attack mitigation.

devicekit

Devicekit modular hardware abstraction layer.

dhcp

Dynamic host configuration protocol server.

dictd

Dictionary daemon.

dirmngr

Server for managing and downloading certificate revocation lists.

distcc

Distributed compiler daemon.

djbdns

Small and secure DNS daemon.

dkim

DomainKeys Identified Mail milter.

dmidecode

Decode DMI data for x86/ia64 bioses.

dnsmasq

DNS forwarder and DHCP server.

dnssectrigger

Enables DNSSEC protection for DNS traffic.

dovecot

POP and IMAP mail server.

dpkg

Debian package manager.

drbd

Mirrors a block device over the network to another machine.

dspam

Content-based spam filter designed for multi-user enterprise systems.

entropyd

Generate entropy from audio input.

evolution

Evolution email client.

exim

Mail transfer agent.

fail2ban

Update firewall filtering to ban IP addresses with too many password failures.

fcoe

Fibre Channel over Ethernet utilities.

fetchmail

Remote-mail retrieval and forwarding utility.

finger

Finger user information service.

firewalld

Service daemon with a D-BUS interface that provides a dynamic managed firewall.

firewallgui

system-config-firewall dbus system service.

firstboot

Initial system configuration utility.

fprintd

DBus fingerprint reader service.

ftp

File transfer protocol service.

games

Various games.

gatekeeper

OpenH.323 Voice-Over-IP Gatekeeper.

gdomap

GNUstep distributed object mapper.

gift

Peer to peer file sharing tool.

git

GIT revision control system.

gitosis

Tools for managing and hosting git repositories.

glance

OpenStack image registry and delivery service.

glusterfs

Cluster File System binary, daemon and command line.

gnome

GNU network object model environment.

gnomeclock

Gnome clock handler for setting the time.

gpg

Policy for GNU Privacy Guard and related programs.

gpm

General Purpose Mouse driver.

gpsd

gpsd monitor daemon.

guest

Least privledge terminal user role.

hadoop

Software for reliable, scalable, distributed computing.

hal

Hardware abstraction layer.

hddtemp

Hard disk temperature tool running as a daemon.

howl

Port of Apple Rendezvous multicast DNS.

hypervkvp

HyperV key value pair (KVP).

i18n_input

IIIMF htt server.

icecast

ShoutCast compatible streaming media server.

ifplugd

Bring up/down ethernet interfaces based on cable detection.

imaze

iMaze game server.

inetd

Internet services daemon.

inn

Internet News NNTP server.

iodine

IP over DNS tunneling daemon.

irc

IRC client policy.

ircd

IRC servers.

irqbalance

IRQ balancing daemon.

iscsi

Establish connections to iSCSI devices.

isns

Internet Storage Name Service.

jabber

Jabber instant messaging servers.

java

Java virtual machine

jockey

Jockey driver manager.

kdump

Kernel crash dumping mechanism.

kdumpgui

System-config-kdump GUI.

kerberos

MIT Kerberos admin and KDC.

kerneloops

Service for reporting kernel oopses to kerneloops.org.

keyboardd

Xorg.conf keyboard layout callout.

keystone

Python implementation of the OpenStack identity service API.

kismet

IEEE 802.11 wireless LAN sniffer.

ksmtuned

Kernel Samepage Merging Tuning Daemon.

ktalk

KDE Talk daemon.

kudzu

Hardware detection and configuration tools.

l2tp

Layer 2 Tunneling Protocol.

ldap

OpenLDAP directory server.

lightsquid

Log analyzer for squid proxy.

likewise

Likewise Active Directory support for UNIX.

lircd

Linux infared remote control daemon.

livecd

Tool for building alternate livecd for different os and policy versions.

lldpad

Intel LLDP Agent.

loadkeys

Load keyboard mappings.

lockdev

Library for locking devices.

logrotate

Rotates, compresses, removes and mails system log files.

logwatch

System log analyzer and reporter.

lpd

Line printer daemon.

lsm

Storage array management library.

mailman

Manage electronic mail discussion and e-newsletter lists.

mailscanner

E-mail security and anti-spam package for e-mail gateway systems.

man2html

A Unix manpage-to-HTML converter.

mandb

On-line manual database.

mcelog

Linux hardware error daemon.

mediawiki

Open source wiki package written in PHP.

memcached

High-performance memory object caching system.

milter

Milter mail filters.

minidlna

MiniDLNA lightweight DLNA/UPnP media server

minissdpd

Daemon used by MiniUPnPc to speed up device discoveries.

modemmanager

Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.

mojomojo

MojoMojo Wiki.

mongodb

Scalable, high-performance, open source NoSQL database.

mono

Run .NET server and client applications on Linux.

monop

Monopoly daemon.

mozilla

Policy for Mozilla and related web browsers.

mpd

Music Player Daemon.

mplayer

Mplayer media player and encoder.

mrtg

Network traffic graphing.

mta

Common e-mail transfer agent policy.

munin

Munin network-wide load graphing.

mysql

Open source database.

nagios

Network monitoring server.

ncftool

Cross-platform network configuration library.

nessus

Network scanning daemon.

networkmanager

Manager for dynamically switching between networks.

nis

Policy for NIS (YP) servers and clients.

nscd

Name service cache daemon.

nsd

Authoritative only name server.

nslcd

Local LDAP name service daemon.

ntop

A network traffic probe similar to the UNIX top command.

ntp

Network time protocol daemon.

numad

Non-Uniform Memory Alignment Daemon.

nut

Network UPS Tools

nx

NX remote desktop.

oav

Open AntiVirus scannerdaemon and signature update.

obex

D-Bus service providing high-level OBEX client and server side functionality.

oddjob

D-BUS service which runs odd jobs on behalf of client applications.

oident

An ident daemon with IP masq/NAT support and the ability to specify responses.

openca

Open Certificate Authority.

openct

Service for handling smart card readers.

openhpi

Open source implementation of the Service Availability Forum Hardware Platform Interface.

openvpn

full-featured SSL VPN solution.

openvswitch

Multilayer virtual switch.

pacemaker

A scalable high-availability cluster resource manager.

pads

Passive Asset Detection System.

passenger

Ruby on rails deployment for Apache and Nginx servers.

pcmcia

PCMCIA card management services.

pcscd

PCSC smart card service.

pegasus

The Open Group Pegasus CIM/WBEM Server.

perdition

Perdition POP and IMAP proxy.

pingd

Pingd of the Whatsup cluster node up/down detection utility.

pkcs

Implementations of the Cryptoki specification.

plymouthd

Plymouth graphical boot.

podsleuth

Podsleuth is a tool to get information about an Apple (TM) iPod (TM).

policykit

Policy framework for controlling privileges for system-wide services.

polipo

Lightweight forwarding and caching proxy server.

portage

Package Management System.

portmap

RPC port mapping service.

portreserve

Reserve well-known ports in the RPC port range.

portslave

Portslave terminal server software.

postfix

Postfix email server.

postfixpolicyd

Postfix policy server.

postgrey

Postfix grey-listing server.

ppp

Point to Point Protocol daemon creates links in ppp networks.

prelink

Prelink ELF shared library mappings.

prelude

Prelude hybrid intrusion detection system.

privoxy

Privacy enhancing web proxy.

procmail

Procmail mail delivery agent.

psad

Intrusion Detection and Log Analysis with iptables.

ptchown

helper function for grantpt(3), changes ownship and permissions of pseudotty.

publicfile

publicfile supplies files to the public through HTTP and FTP.

pulseaudio

Pulseaudio network sound server.

puppet

Configuration management system.

pwauth

External plugin for mod_authnz_external authenticator.

pxe

Server for the PXE network boot protocol.

pyicqt

ICQ transport for XMPP server.

pyzor

Pyzor is a distributed, collaborative spam detection and filtering network.

qemu

QEMU machine emulator and virtualizer.

qmail

Qmail Mail Server.

qpid

Apache QPID AMQP messaging server.

quantum

Virtual network service for Openstack.

quota

File system quota management.

rabbitmq

AMQP server written in Erlang.

radius

RADIUS authentication and accounting server.

radvd

IPv6 router advertisement daemon.

raid

RAID array management tools.

razor

A distributed, collaborative, spam detection and filtering network.

rdisc

Network router discovery daemon.

readahead

Read files into page cache for improved performance.

realmd

Dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA.

redis

Advanced key-value store.

remotelogin

Rshd, rlogind, and telnetd.

resmgr

Resource management daemon.

rgmanager

Resource Group Manager.

rhcs

Red Hat Cluster Suite.

rhgb

Red Hat Graphical Boot.

rhsmcertd

Subscription Management Certificate Daemon.

ricci

Ricci cluster management agent.

rlogin

Remote login daemon.

rngd

Check and feed random data from hardware device to kernel random device.

roundup

Roundup Issue Tracking System.

rpc

Remote Procedure Call Daemon.

rpcbind

Universal Addresses to RPC Program Number Mapper.

rpm

Redhat package manager.

rshd

Remote shell service.

rssh

Restricted (scp/sftp) only shell.

rsync

Fast incremental file transfer for synchronization.

rtkit

Realtime scheduling for user processes.

rwho

Who is logged in on other machines?

samba

SMB and CIFS client/server programs.

sambagui

system-config-samba dbus service.

samhain

Check file integrity.

sanlock

shared storage lock manager.

sasl

SASL authentication server.

sblim

Standards Based Linux Instrumentation for Manageability.

screen

GNU terminal multiplexer.

sectoolm

Sectool security audit tool.

sendmail

Internetwork email routing facility.

sensord

Sensor information logging daemon.

setroubleshoot

SELinux troubleshooting service.

shorewall

Shoreline Firewall high-level tool for configuring netfilter.

shutdown

System shutdown command.

slocate

Update database for mlocate.

slpd

OpenSLP server daemon to dynamically register services.

slrnpull

Service for downloading news feeds the slrn newsreader.

smartmon

Smart disk monitoring daemon.

smokeping

Smokeping network latency measurement.

smoltclient

The Fedora hardware profiler client.

smstools

Tools to send and receive short messages through GSM modems or mobile phones.

snmp

Simple network management protocol services.

snort

Snort network intrusion detection system.

sosreport

Generate debugging information for system.

soundserver

sound server for network audio server programs, nasd, yiff, etc

spamassassin

Filter used for removing unsolicited email.

speedtouch

Alcatel speedtouch USB ADSL modem

squid

Squid caching http proxy server.

sssd

System Security Services Daemon.

stunnel

SSL Tunneling Proxy.

svnserve

Server for the svn repository access method.

sxid

SUID/SGID program monitoring.

sysstat

Reports on various system states.

systemtap

instrumentation system for Linux.

tcpd

TCP daemon.

tcsd

TSS Core Services daemon.

telepathy

Telepathy communications framework.

telnet

Telnet daemon.

tftp

Trivial file transfer protocol daemon.

tgtd

Linux Target Framework Daemon.

thunderbird

Thunderbird email client.

timidity

MIDI to WAV converter and player configured as a service.

tmpreaper

Manage temporary directory sizes and file ages.

tor

The onion router.

transproxy

Portable Transparent Proxy Solution.

tripwire

File integrity checker.

tuned

Dynamic adaptive system tuning daemon.

tvtime

High quality television application.

tzdata

Time zone updater.

ucspitcp

UNIX Client-Server Program Interface for TCP.

ulogd

Iptables/netfilter userspace logging daemon.

uml

User mode linux tools and services.

updfstab

Red Hat utility to change fstab.

uptime

Daemon to record and keep track of system up times.

usbmodules

List kernel modules of USB devices.

usbmuxd

USB multiplexing daemon for communicating with Apple iPod Touch and iPhone.

userhelper

A wrapper that helps users run system programs.

usernetctl

User network interface configuration helper.

uucp

Unix to Unix Copy.

uuidd

UUID generation daemon.

uwimap

University of Washington IMAP toolkit POP3 and IMAP mail server.

varnishd

Varnishd http accelerator daemon.

vbetool

run real-mode video BIOS code to alter hardware state.

vdagent

Spice agent for Linux.

vhostmd

Virtual host metrics daemon.

virt

Libvirt virtualization API.

vlock

Lock one or more sessions on the Linux console.

vmware

VMWare Workstation virtual machines.

vnstatd

Console network traffic monitor.

vpn

Virtual Private Networking client.

w3c

W3C Markup Validator.

watchdog

Software watchdog.

wdmd

Watchdog multiplexing daemon.

webadm

Web administrator role.

webalizer

Web server log analysis.

wine

Run Windows programs in Linux.

wireshark

Wireshark packet capture tool.

wm

X Window Managers.

xen

Xen hypervisor.

xfs

X Windows Font Server.

xguest

Least privledge xwindows user role.

xprint

A X11-based print system and API.

xscreensaver

Modular screen saver and locker for X11.

yam

Yum/Apt Mirroring.

zabbix

Distributed infrastructure monitoring.

zarafa

Zarafa collaboration platform.

zebra

Zebra border gateway protocol network routing service.

zosremote

z/OS Remote-services Audit dispatcher plugin.