Policy for kernel threads, proc filesystem, and unlabeled processes and objects.
Module: | Description: |
corecommands | Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin. |
corenetwork | Policy controlling access to network objects |
devices | Device nodes and interfaces for many basic system devices. |
domain | Core policy for domains. |
files | Basic filesystem types and interfaces. |
filesystem | Policy for filesystems. |
kernel | Policy for kernel threads, proc filesystem, and unlabeled processes and objects. |
mcs | Multicategory security policy |
mls | Multilevel security policy |
selinux | Policy for kernel security interface, in particular, selinuxfs. |
storage | Policy controlling access to storage devices |
terminal | Policy for terminals. |
ubac | User-based access control policy |
Policy modules for user roles.
Module: | Description: |
auditadm | Audit administrator role |
logadm | Log administrator role |
secadm | Security administrator role |
staff | Administrator's unprivileged user role |
sysadm | General system administration role |
unprivuser | Generic unprivileged user role |
Policy modules for administrative functions, such as package management.
Module: | Description: |
bootloader | Policy for the kernel modules, kernel image, and bootloader. |
consoletype | Determine of the console connected to the controlling terminal. |
dmesg | Policy for dmesg. |
netutils | Network analysis utilities |
su | Run shells with substitute user and group |
sudo | Execute a command with a substitute user |
usermanage | Policy for managing user accounts. |
Policy modules for applications
Module: | Description: |
seunshare | Filesystem namespacing/polyinstantiation application. |
Policy modules for system functions from init to multi-user login.
Module: | Description: |
application | Policy for user executable applications. |
authlogin | Common policy for authentication and user login. |
clock | Policy for reading and setting the hardware clock. |
fstools | Tools for filesystem management, such as mkfs and fsck. |
getty | Policy for getty. |
hostname | Policy for changing the system host name. |
hotplug | Policy for hotplug system, for supporting the connection and disconnection of devices at runtime. |
init | System initialization programs (init and init scripts). |
ipsec | TCP/IP encryption |
iptables | Policy for iptables. |
libraries | Policy for system libraries. |
locallogin | Policy for local logins. |
logging | Policy for the kernel message logger and system logging daemon. |
lvm | Policy for logical volume management programs. |
miscfiles | Miscelaneous files. |
modutils | Policy for kernel module utilities |
mount | Policy for mount. |
netlabel | NetLabel/CIPSO labeled networking management |
selinuxutil | Policy for SELinux policy and userland applications. |
setrans | SELinux MLS/MCS label translation service. |
sysnetwork | Policy for network configuration: ifconfig and dhcp client. |
udev | Policy for udev. |
unconfined | The unconfined domain. |
userdomain | Policy for user domains |
Policy modules for system services, like cron, and network services, like sshd.
Module: | Description: |
postgresql | PostgreSQL relational database |
ssh | Secure shell client and server policy. |
xserver | X Windows Server |
Contributed Reference Policy modules.
Module: | Description: |
abrt | Automated bug-reporting tool. |
accountsd | AccountsService and daemon for manipulating user account information via D-Bus. |
acct | Berkeley process accounting. |
ada | GNAT Ada95 compiler. |
afs | Andrew Filesystem server. |
aiccu | Automatic IPv6 Connectivity Client Utility. |
aide | Aide filesystem integrity checker. |
aisexec | Aisexec Cluster Engine. |
alsa | Advanced Linux Sound Architecture utilities. |
amanda | Advanced Maryland Automatic Network Disk Archiver. |
amavis | High-performance interface between an email server and content checkers. |
amtu | Abstract Machine Test Utility. |
anaconda | Anaconda installer. |
apache | Various web servers. |
apcupsd | APC UPS monitoring daemon. |
apm | Advanced power management. |
apt | Advanced package tool. |
arpwatch | Ethernet activity monitor. |
asterisk | Asterisk IP telephony server. |
authbind | Tool for non-root processes to bind to reserved ports. |
automount | Filesystem automounter service. |
avahi | mDNS/DNS-SD daemon implementing Apple ZeroConf architecture. |
awstats | Log file analyzer for advanced statistics. |
backup | System backup scripts. |
bacula | Cross platform network backup. |
bcfg2 | configuration management suite. |
bind | Berkeley Internet name domain DNS server. |
bird | BIRD Internet Routing Daemon. |
bitlbee | Tunnels instant messaging traffic to a virtual IRC channel. |
blueman | Tool to manage Bluetooth devices. |
bluetooth | Bluetooth tools and system services. |
boinc | Platform for computing using volunteered resources. |
brctl | Utilities for configuring the Linux ethernet bridge. |
bugzilla | Bugtracker. |
cachefilesd | CacheFiles user-space management daemon. |
calamaris | Squid log analysis. |
callweaver | PBX software. |
canna | Kana-kanji conversion server. |
ccs | Cluster Configuration System. |
cdrecord | Record audio or data Compact Discs from a master. |
certmaster | Remote certificate distribution framework. |
certmonger | Certificate status monitor and PKI enrollment client. |
certwatch | Digital Certificate Tracking. |
cfengine | System administration tool for networks. |
cgroup | libcg is a library that abstracts the control group file system in Linux. |
chronyd | Chrony NTP background daemon. |
cipe | Encrypted tunnel daemon. |
clamav | ClamAV Virus Scanner. |
clockspeed | Clock speed measurement and manipulation. |
clogd | Clustered Mirror Log Server. |
cmirrord | Cluster mirror log daemon. |
cobbler | Cobbler installation server. |
collectd | Statistics collection daemon for filling RRD files. |
colord | GNOME color manager. |
comsat | Comsat, a biff server. |
condor | High-Throughput Computing System. |
consolekit | Framework for facilitating multiple user sessions on desktops. |
corosync | Corosync Cluster Engine. |
couchdb | Document database server. |
courier | Courier IMAP and POP3 email servers. |
cpucontrol | Services for loading CPU microcode and CPU frequency scaling. |
cpufreqselector | Command-line CPU frequency settings. |
cron | Periodic execution of scheduled commands. |
ctdb | Clustered Database based on Samba Trivial Database. |
cups | Common UNIX printing system. |
cvs | Concurrent versions system. |
cyphesis | Cyphesis WorldForge game server. |
cyrus | Cyrus is an IMAP service intended to be run on sealed servers. |
daemontools | Collection of tools for managing UNIX services. |
dante | Dante msproxy and socks4/5 proxy server. |
dbadm | Database administrator role. |
dbskk | Dictionary server for the SKK Japanese input method system. |
dbus | Desktop messaging bus. |
dcc | Distributed checksum clearinghouse spam filtering. |
ddclient | Update dynamic IP address at DynDNS.org. |
ddcprobe | ddcprobe retrieves monitor and graphics card information. |
denyhosts | SSH dictionary attack mitigation. |
devicekit | Devicekit modular hardware abstraction layer. |
dhcp | Dynamic host configuration protocol server. |
dictd | Dictionary daemon. |
dirmngr | Server for managing and downloading certificate revocation lists. |
distcc | Distributed compiler daemon. |
djbdns | Small and secure DNS daemon. |
dkim | DomainKeys Identified Mail milter. |
dmidecode | Decode DMI data for x86/ia64 bioses. |
dnsmasq | DNS forwarder and DHCP server. |
dnssectrigger | Enables DNSSEC protection for DNS traffic. |
dovecot | POP and IMAP mail server. |
dpkg | Debian package manager. |
drbd | Mirrors a block device over the network to another machine. |
dspam | Content-based spam filter designed for multi-user enterprise systems. |
entropyd | Generate entropy from audio input. |
evolution | Evolution email client. |
exim | Mail transfer agent. |
fail2ban | Update firewall filtering to ban IP addresses with too many password failures. |
fcoe | Fibre Channel over Ethernet utilities. |
fetchmail | Remote-mail retrieval and forwarding utility. |
finger | Finger user information service. |
firewalld | Service daemon with a D-BUS interface that provides a dynamic managed firewall. |
firewallgui | system-config-firewall dbus system service. |
firstboot | Initial system configuration utility. |
fprintd | DBus fingerprint reader service. |
ftp | File transfer protocol service. |
games | Various games. |
gatekeeper | OpenH.323 Voice-Over-IP Gatekeeper. |
gdomap | GNUstep distributed object mapper. |
gift | Peer to peer file sharing tool. |
git | GIT revision control system. |
gitosis | Tools for managing and hosting git repositories. |
glance | OpenStack image registry and delivery service. |
glusterfs | Cluster File System binary, daemon and command line. |
gnome | GNU network object model environment. |
gnomeclock | Gnome clock handler for setting the time. |
gpg | Policy for GNU Privacy Guard and related programs. |
gpm | General Purpose Mouse driver. |
gpsd | gpsd monitor daemon. |
guest | Least privledge terminal user role. |
hadoop | Software for reliable, scalable, distributed computing. |
hal | Hardware abstraction layer. |
hddtemp | Hard disk temperature tool running as a daemon. |
howl | Port of Apple Rendezvous multicast DNS. |
hypervkvp | HyperV key value pair (KVP). |
i18n_input | IIIMF htt server. |
icecast | ShoutCast compatible streaming media server. |
ifplugd | Bring up/down ethernet interfaces based on cable detection. |
imaze | iMaze game server. |
inetd | Internet services daemon. |
inn | Internet News NNTP server. |
iodine | IP over DNS tunneling daemon. |
irc | IRC client policy. |
ircd | IRC servers. |
irqbalance | IRQ balancing daemon. |
iscsi | Establish connections to iSCSI devices. |
isns | Internet Storage Name Service. |
jabber | Jabber instant messaging servers. |
java | Java virtual machine |
jockey | Jockey driver manager. |
kdump | Kernel crash dumping mechanism. |
kdumpgui | System-config-kdump GUI. |
kerberos | MIT Kerberos admin and KDC. |
kerneloops | Service for reporting kernel oopses to kerneloops.org. |
keyboardd | Xorg.conf keyboard layout callout. |
keystone | Python implementation of the OpenStack identity service API. |
kismet | IEEE 802.11 wireless LAN sniffer. |
ksmtuned | Kernel Samepage Merging Tuning Daemon. |
ktalk | KDE Talk daemon. |
kudzu | Hardware detection and configuration tools. |
l2tp | Layer 2 Tunneling Protocol. |
ldap | OpenLDAP directory server. |
lightsquid | Log analyzer for squid proxy. |
likewise | Likewise Active Directory support for UNIX. |
lircd | Linux infared remote control daemon. |
livecd | Tool for building alternate livecd for different os and policy versions. |
lldpad | Intel LLDP Agent. |
loadkeys | Load keyboard mappings. |
lockdev | Library for locking devices. |
logrotate | Rotates, compresses, removes and mails system log files. |
logwatch | System log analyzer and reporter. |
lpd | Line printer daemon. |
lsm | Storage array management library. |
mailman | Manage electronic mail discussion and e-newsletter lists. |
mailscanner | E-mail security and anti-spam package for e-mail gateway systems. |
man2html | A Unix manpage-to-HTML converter. |
mandb | On-line manual database. |
mcelog | Linux hardware error daemon. |
mediawiki | Open source wiki package written in PHP. |
memcached | High-performance memory object caching system. |
milter | Milter mail filters. |
minidlna | MiniDLNA lightweight DLNA/UPnP media server |
minissdpd | Daemon used by MiniUPnPc to speed up device discoveries. |
modemmanager | Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards. |
mojomojo | MojoMojo Wiki. |
mongodb | Scalable, high-performance, open source NoSQL database. |
mono | Run .NET server and client applications on Linux. |
monop | Monopoly daemon. |
mozilla | Policy for Mozilla and related web browsers. |
mpd | Music Player Daemon. |
mplayer | Mplayer media player and encoder. |
mrtg | Network traffic graphing. |
mta | Common e-mail transfer agent policy. |
munin | Munin network-wide load graphing. |
mysql | Open source database. |
nagios | Network monitoring server. |
ncftool | Cross-platform network configuration library. |
nessus | Network scanning daemon. |
networkmanager | Manager for dynamically switching between networks. |
nis | Policy for NIS (YP) servers and clients. |
nscd | Name service cache daemon. |
nsd | Authoritative only name server. |
nslcd | Local LDAP name service daemon. |
ntop | A network traffic probe similar to the UNIX top command. |
ntp | Network time protocol daemon. |
numad | Non-Uniform Memory Alignment Daemon. |
nut | Network UPS Tools |
nx | NX remote desktop. |
oav | Open AntiVirus scannerdaemon and signature update. |
obex | D-Bus service providing high-level OBEX client and server side functionality. |
oddjob | D-BUS service which runs odd jobs on behalf of client applications. |
oident | An ident daemon with IP masq/NAT support and the ability to specify responses. |
openca | Open Certificate Authority. |
openct | Service for handling smart card readers. |
openhpi | Open source implementation of the Service Availability Forum Hardware Platform Interface. |
openvpn | full-featured SSL VPN solution. |
openvswitch | Multilayer virtual switch. |
pacemaker | A scalable high-availability cluster resource manager. |
pads | Passive Asset Detection System. |
passenger | Ruby on rails deployment for Apache and Nginx servers. |
pcmcia | PCMCIA card management services. |
pcscd | PCSC smart card service. |
pegasus | The Open Group Pegasus CIM/WBEM Server. |
perdition | Perdition POP and IMAP proxy. |
pingd | Pingd of the Whatsup cluster node up/down detection utility. |
pkcs | Implementations of the Cryptoki specification. |
plymouthd | Plymouth graphical boot. |
podsleuth | Podsleuth is a tool to get information about an Apple (TM) iPod (TM). |
policykit | Policy framework for controlling privileges for system-wide services. |
polipo | Lightweight forwarding and caching proxy server. |
portage | Package Management System. |
portmap | RPC port mapping service. |
portreserve | Reserve well-known ports in the RPC port range. |
portslave | Portslave terminal server software. |
postfix | Postfix email server. |
postfixpolicyd | Postfix policy server. |
postgrey | Postfix grey-listing server. |
ppp | Point to Point Protocol daemon creates links in ppp networks. |
prelink | Prelink ELF shared library mappings. |
prelude | Prelude hybrid intrusion detection system. |
privoxy | Privacy enhancing web proxy. |
procmail | Procmail mail delivery agent. |
psad | Intrusion Detection and Log Analysis with iptables. |
ptchown | helper function for grantpt(3), changes ownship and permissions of pseudotty. |
publicfile | publicfile supplies files to the public through HTTP and FTP. |
pulseaudio | Pulseaudio network sound server. |
puppet | Configuration management system. |
pwauth | External plugin for mod_authnz_external authenticator. |
pxe | Server for the PXE network boot protocol. |
pyicqt | ICQ transport for XMPP server. |
pyzor | Pyzor is a distributed, collaborative spam detection and filtering network. |
qemu | QEMU machine emulator and virtualizer. |
qmail | Qmail Mail Server. |
qpid | Apache QPID AMQP messaging server. |
quantum | Virtual network service for Openstack. |
quota | File system quota management. |
rabbitmq | AMQP server written in Erlang. |
radius | RADIUS authentication and accounting server. |
radvd | IPv6 router advertisement daemon. |
raid | RAID array management tools. |
razor | A distributed, collaborative, spam detection and filtering network. |
rdisc | Network router discovery daemon. |
readahead | Read files into page cache for improved performance. |
realmd | Dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA. |
redis | Advanced key-value store. |
remotelogin | Rshd, rlogind, and telnetd. |
resmgr | Resource management daemon. |
rgmanager | Resource Group Manager. |
rhcs | Red Hat Cluster Suite. |
rhgb | Red Hat Graphical Boot. |
rhsmcertd | Subscription Management Certificate Daemon. |
ricci | Ricci cluster management agent. |
rlogin | Remote login daemon. |
rngd | Check and feed random data from hardware device to kernel random device. |
roundup | Roundup Issue Tracking System. |
rpc | Remote Procedure Call Daemon. |
rpcbind | Universal Addresses to RPC Program Number Mapper. |
rpm | Redhat package manager. |
rshd | Remote shell service. |
rssh | Restricted (scp/sftp) only shell. |
rsync | Fast incremental file transfer for synchronization. |
rtkit | Realtime scheduling for user processes. |
rwho | Who is logged in on other machines? |
samba | SMB and CIFS client/server programs. |
sambagui | system-config-samba dbus service. |
samhain | Check file integrity. |
sanlock | shared storage lock manager. |
sasl | SASL authentication server. |
sblim | Standards Based Linux Instrumentation for Manageability. |
screen | GNU terminal multiplexer. |
sectoolm | Sectool security audit tool. |
sendmail | Internetwork email routing facility. |
sensord | Sensor information logging daemon. |
setroubleshoot | SELinux troubleshooting service. |
shorewall | Shoreline Firewall high-level tool for configuring netfilter. |
shutdown | System shutdown command. |
slocate | Update database for mlocate. |
slpd | OpenSLP server daemon to dynamically register services. |
slrnpull | Service for downloading news feeds the slrn newsreader. |
smartmon | Smart disk monitoring daemon. |
smokeping | Smokeping network latency measurement. |
smoltclient | The Fedora hardware profiler client. |
smstools | Tools to send and receive short messages through GSM modems or mobile phones. |
snmp | Simple network management protocol services. |
snort | Snort network intrusion detection system. |
sosreport | Generate debugging information for system. |
soundserver | sound server for network audio server programs, nasd, yiff, etc |
spamassassin | Filter used for removing unsolicited email. |
speedtouch | Alcatel speedtouch USB ADSL modem |
squid | Squid caching http proxy server. |
sssd | System Security Services Daemon. |
stunnel | SSL Tunneling Proxy. |
svnserve | Server for the svn repository access method. |
sxid | SUID/SGID program monitoring. |
sysstat | Reports on various system states. |
systemtap | instrumentation system for Linux. |
tcpd | TCP daemon. |
tcsd | TSS Core Services daemon. |
telepathy | Telepathy communications framework. |
telnet | Telnet daemon. |
tftp | Trivial file transfer protocol daemon. |
tgtd | Linux Target Framework Daemon. |
thunderbird | Thunderbird email client. |
timidity | MIDI to WAV converter and player configured as a service. |
tmpreaper | Manage temporary directory sizes and file ages. |
tor | The onion router. |
transproxy | Portable Transparent Proxy Solution. |
tripwire | File integrity checker. |
tuned | Dynamic adaptive system tuning daemon. |
tvtime | High quality television application. |
tzdata | Time zone updater. |
ucspitcp | UNIX Client-Server Program Interface for TCP. |
ulogd | Iptables/netfilter userspace logging daemon. |
uml | User mode linux tools and services. |
updfstab | Red Hat utility to change fstab. |
uptime | Daemon to record and keep track of system up times. |
usbmodules | List kernel modules of USB devices. |
usbmuxd | USB multiplexing daemon for communicating with Apple iPod Touch and iPhone. |
userhelper | A wrapper that helps users run system programs. |
usernetctl | User network interface configuration helper. |
uucp | Unix to Unix Copy. |
uuidd | UUID generation daemon. |
uwimap | University of Washington IMAP toolkit POP3 and IMAP mail server. |
varnishd | Varnishd http accelerator daemon. |
vbetool | run real-mode video BIOS code to alter hardware state. |
vdagent | Spice agent for Linux. |
vhostmd | Virtual host metrics daemon. |
virt | Libvirt virtualization API. |
vlock | Lock one or more sessions on the Linux console. |
vmware | VMWare Workstation virtual machines. |
vnstatd | Console network traffic monitor. |
vpn | Virtual Private Networking client. |
w3c | W3C Markup Validator. |
watchdog | Software watchdog. |
wdmd | Watchdog multiplexing daemon. |
webadm | Web administrator role. |
webalizer | Web server log analysis. |
wine | Run Windows programs in Linux. |
wireshark | Wireshark packet capture tool. |
wm | X Window Managers. |
xen | Xen hypervisor. |
xfs | X Windows Font Server. |
xguest | Least privledge xwindows user role. |
xprint | A X11-based print system and API. |
xscreensaver | Modular screen saver and locker for X11. |
yam | Yum/Apt Mirroring. |
zabbix | Distributed infrastructure monitoring. |
zarafa | Zarafa collaboration platform. |
zebra | Zebra border gateway protocol network routing service. |
zosremote | z/OS Remote-services Audit dispatcher plugin. |