| 1 |
# FLASK |
|---|
| 2 |
|
|---|
| 3 |
# |
|---|
| 4 |
# Security contexts for network entities |
|---|
| 5 |
# If no context is specified, then a default initial SID is used. |
|---|
| 6 |
# |
|---|
| 7 |
|
|---|
| 8 |
# Modified by Reino Wallin <reino@oribium.com> |
|---|
| 9 |
# Multi NIC, and IPSEC features |
|---|
| 10 |
|
|---|
| 11 |
# Modified by Russell Coker |
|---|
| 12 |
# ifdefs to encapsulate domains, and many additional port contexts |
|---|
| 13 |
|
|---|
| 14 |
# |
|---|
| 15 |
# Port numbers (default = initial SID "port") |
|---|
| 16 |
# |
|---|
| 17 |
# protocol number context |
|---|
| 18 |
# protocol low-high context |
|---|
| 19 |
# |
|---|
| 20 |
portcon tcp 7 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 21 |
portcon udp 7 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 22 |
portcon tcp 9 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 23 |
portcon udp 9 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 24 |
portcon tcp 13 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 25 |
portcon udp 13 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 26 |
portcon tcp 19 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 27 |
portcon udp 19 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 28 |
portcon tcp 37 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 29 |
portcon udp 37 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 30 |
portcon tcp 113 system_u:object_r:auth_port_t:s0 |
|---|
| 31 |
portcon tcp 512 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 32 |
portcon tcp 543 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 33 |
portcon tcp 544 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 34 |
portcon tcp 891 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 35 |
portcon udp 891 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 36 |
portcon tcp 892 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 37 |
portcon udp 892 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 38 |
portcon tcp 2105 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 39 |
portcon tcp 20 system_u:object_r:ftp_data_port_t:s0 |
|---|
| 40 |
portcon tcp 21 system_u:object_r:ftp_port_t:s0 |
|---|
| 41 |
portcon tcp 22 system_u:object_r:ssh_port_t:s0 |
|---|
| 42 |
portcon tcp 23 system_u:object_r:telnetd_port_t:s0 |
|---|
| 43 |
|
|---|
| 44 |
portcon tcp 25 system_u:object_r:smtp_port_t:s0 |
|---|
| 45 |
portcon tcp 465 system_u:object_r:smtp_port_t:s0 |
|---|
| 46 |
portcon tcp 587 system_u:object_r:smtp_port_t:s0 |
|---|
| 47 |
|
|---|
| 48 |
portcon udp 500 system_u:object_r:isakmp_port_t:s0 |
|---|
| 49 |
portcon udp 53 system_u:object_r:dns_port_t:s0 |
|---|
| 50 |
portcon tcp 53 system_u:object_r:dns_port_t:s0 |
|---|
| 51 |
|
|---|
| 52 |
portcon udp 67 system_u:object_r:dhcpd_port_t:s0 |
|---|
| 53 |
portcon udp 647 system_u:object_r:dhcpd_port_t:s0 |
|---|
| 54 |
portcon tcp 647 system_u:object_r:dhcpd_port_t:s0 |
|---|
| 55 |
portcon udp 847 system_u:object_r:dhcpd_port_t:s0 |
|---|
| 56 |
portcon tcp 847 system_u:object_r:dhcpd_port_t:s0 |
|---|
| 57 |
portcon udp 68 system_u:object_r:dhcpc_port_t:s0 |
|---|
| 58 |
portcon udp 70 system_u:object_r:gopher_port_t:s0 |
|---|
| 59 |
portcon tcp 70 system_u:object_r:gopher_port_t:s0 |
|---|
| 60 |
|
|---|
| 61 |
portcon udp 69 system_u:object_r:tftp_port_t:s0 |
|---|
| 62 |
portcon tcp 79 system_u:object_r:fingerd_port_t:s0 |
|---|
| 63 |
|
|---|
| 64 |
portcon tcp 80 system_u:object_r:http_port_t:s0 |
|---|
| 65 |
portcon tcp 443 system_u:object_r:http_port_t:s0 |
|---|
| 66 |
portcon tcp 488 system_u:object_r:http_port_t:s0 |
|---|
| 67 |
portcon tcp 8008 system_u:object_r:http_port_t:s0 |
|---|
| 68 |
portcon tcp 8090 system_u:object_r:http_port_t:s0 |
|---|
| 69 |
|
|---|
| 70 |
portcon tcp 106 system_u:object_r:pop_port_t:s0 |
|---|
| 71 |
portcon tcp 109 system_u:object_r:pop_port_t:s0 |
|---|
| 72 |
portcon tcp 110 system_u:object_r:pop_port_t:s0 |
|---|
| 73 |
portcon tcp 143 system_u:object_r:pop_port_t:s0 |
|---|
| 74 |
portcon tcp 220 system_u:object_r:pop_port_t:s0 |
|---|
| 75 |
portcon tcp 993 system_u:object_r:pop_port_t:s0 |
|---|
| 76 |
portcon tcp 995 system_u:object_r:pop_port_t:s0 |
|---|
| 77 |
portcon tcp 1109 system_u:object_r:pop_port_t:s0 |
|---|
| 78 |
|
|---|
| 79 |
portcon udp 111 system_u:object_r:portmap_port_t:s0 |
|---|
| 80 |
portcon tcp 111 system_u:object_r:portmap_port_t:s0 |
|---|
| 81 |
|
|---|
| 82 |
portcon tcp 119 system_u:object_r:innd_port_t:s0 |
|---|
| 83 |
portcon udp 123 system_u:object_r:ntp_port_t:s0 |
|---|
| 84 |
|
|---|
| 85 |
portcon tcp 137 system_u:object_r:smbd_port_t:s0 |
|---|
| 86 |
portcon udp 137 system_u:object_r:nmbd_port_t:s0 |
|---|
| 87 |
portcon tcp 138 system_u:object_r:smbd_port_t:s0 |
|---|
| 88 |
portcon udp 138 system_u:object_r:nmbd_port_t:s0 |
|---|
| 89 |
portcon tcp 139 system_u:object_r:smbd_port_t:s0 |
|---|
| 90 |
portcon udp 139 system_u:object_r:nmbd_port_t:s0 |
|---|
| 91 |
portcon tcp 445 system_u:object_r:smbd_port_t:s0 |
|---|
| 92 |
|
|---|
| 93 |
portcon udp 161 system_u:object_r:snmp_port_t:s0 |
|---|
| 94 |
portcon udp 162 system_u:object_r:snmp_port_t:s0 |
|---|
| 95 |
portcon tcp 199 system_u:object_r:snmp_port_t:s0 |
|---|
| 96 |
portcon udp 512 system_u:object_r:comsat_port_t:s0 |
|---|
| 97 |
|
|---|
| 98 |
portcon tcp 389 system_u:object_r:ldap_port_t:s0 |
|---|
| 99 |
portcon udp 389 system_u:object_r:ldap_port_t:s0 |
|---|
| 100 |
portcon tcp 636 system_u:object_r:ldap_port_t:s0 |
|---|
| 101 |
portcon udp 636 system_u:object_r:ldap_port_t:s0 |
|---|
| 102 |
|
|---|
| 103 |
portcon tcp 513 system_u:object_r:rlogind_port_t:s0 |
|---|
| 104 |
portcon tcp 514 system_u:object_r:rsh_port_t:s0 |
|---|
| 105 |
|
|---|
| 106 |
portcon tcp 515 system_u:object_r:printer_port_t:s0 |
|---|
| 107 |
portcon udp 514 system_u:object_r:syslogd_port_t:s0 |
|---|
| 108 |
portcon udp 517 system_u:object_r:ktalkd_port_t:s0 |
|---|
| 109 |
portcon udp 518 system_u:object_r:ktalkd_port_t:s0 |
|---|
| 110 |
portcon tcp 631 system_u:object_r:ipp_port_t:s0 |
|---|
| 111 |
portcon udp 631 system_u:object_r:ipp_port_t:s0 |
|---|
| 112 |
portcon tcp 88 system_u:object_r:kerberos_port_t:s0 |
|---|
| 113 |
portcon udp 88 system_u:object_r:kerberos_port_t:s0 |
|---|
| 114 |
portcon tcp 464 system_u:object_r:kerberos_admin_port_t:s0 |
|---|
| 115 |
portcon udp 464 system_u:object_r:kerberos_admin_port_t:s0 |
|---|
| 116 |
portcon tcp 749 system_u:object_r:kerberos_admin_port_t:s0 |
|---|
| 117 |
portcon tcp 750 system_u:object_r:kerberos_port_t:s0 |
|---|
| 118 |
portcon udp 750 system_u:object_r:kerberos_port_t:s0 |
|---|
| 119 |
portcon tcp 783 system_u:object_r:spamd_port_t:s0 |
|---|
| 120 |
portcon tcp 540 system_u:object_r:uucpd_port_t:s0 |
|---|
| 121 |
portcon tcp 2401 system_u:object_r:cvs_port_t:s0 |
|---|
| 122 |
portcon udp 2401 system_u:object_r:cvs_port_t:s0 |
|---|
| 123 |
portcon tcp 873 system_u:object_r:rsync_port_t:s0 |
|---|
| 124 |
portcon udp 873 system_u:object_r:rsync_port_t:s0 |
|---|
| 125 |
portcon tcp 901 system_u:object_r:swat_port_t:s0 |
|---|
| 126 |
portcon tcp 953 system_u:object_r:rndc_port_t:s0 |
|---|
| 127 |
portcon tcp 1213 system_u:object_r:giftd_port_t:s0 |
|---|
| 128 |
portcon tcp 1241 system_u:object_r:nessus_port_t:s0 |
|---|
| 129 |
portcon tcp 1234 system_u:object_r:monopd_port_t:s0 |
|---|
| 130 |
portcon udp 1645 system_u:object_r:radius_port_t:s0 |
|---|
| 131 |
portcon udp 1646 system_u:object_r:radacct_port_t:s0 |
|---|
| 132 |
portcon udp 1812 system_u:object_r:radius_port_t:s0 |
|---|
| 133 |
portcon udp 1813 system_u:object_r:radacct_port_t:s0 |
|---|
| 134 |
portcon udp 1718 system_u:object_r:gatekeeper_port_t:s0 |
|---|
| 135 |
portcon udp 1719 system_u:object_r:gatekeeper_port_t:s0 |
|---|
| 136 |
portcon tcp 1721 system_u:object_r:gatekeeper_port_t:s0 |
|---|
| 137 |
portcon tcp 7000 system_u:object_r:gatekeeper_port_t:s0 |
|---|
| 138 |
portcon tcp 2040 system_u:object_r:afs_fs_port_t:s0 |
|---|
| 139 |
portcon udp 7000 system_u:object_r:afs_fs_port_t:s0 |
|---|
| 140 |
portcon udp 7002 system_u:object_r:afs_pt_port_t:s0 |
|---|
| 141 |
portcon udp 7003 system_u:object_r:afs_vl_port_t:s0 |
|---|
| 142 |
portcon udp 7004 system_u:object_r:afs_ka_port_t:s0 |
|---|
| 143 |
portcon udp 7005 system_u:object_r:afs_fs_port_t:s0 |
|---|
| 144 |
portcon udp 7007 system_u:object_r:afs_bos_port_t:s0 |
|---|
| 145 |
portcon tcp 1720 system_u:object_r:asterisk_port_t:s0 |
|---|
| 146 |
portcon udp 2427 system_u:object_r:asterisk_port_t:s0 |
|---|
| 147 |
portcon udp 2727 system_u:object_r:asterisk_port_t:s0 |
|---|
| 148 |
portcon udp 4569 system_u:object_r:asterisk_port_t:s0 |
|---|
| 149 |
portcon udp 5060 system_u:object_r:asterisk_port_t:s0 |
|---|
| 150 |
portcon tcp 2000 system_u:object_r:mail_port_t:s0 |
|---|
| 151 |
portcon tcp 2601 system_u:object_r:zebra_port_t:s0 |
|---|
| 152 |
portcon tcp 2605 system_u:object_r:zebra_port_t:s0 |
|---|
| 153 |
portcon tcp 2628 system_u:object_r:dict_port_t:s0 |
|---|
| 154 |
portcon tcp 3306 system_u:object_r:mysqld_port_t:s0 |
|---|
| 155 |
portcon tcp 3632 system_u:object_r:distccd_port_t:s0 |
|---|
| 156 |
portcon udp 4011 system_u:object_r:pxe_port_t:s0 |
|---|
| 157 |
portcon udp 5000 system_u:object_r:openvpn_port_t:s0 |
|---|
| 158 |
portcon tcp 5323 system_u:object_r:imaze_port_t:s0 |
|---|
| 159 |
portcon udp 5323 system_u:object_r:imaze_port_t:s0 |
|---|
| 160 |
portcon tcp 5335 system_u:object_r:howl_port_t:s0 |
|---|
| 161 |
portcon udp 5353 system_u:object_r:howl_port_t:s0 |
|---|
| 162 |
portcon tcp 5222 system_u:object_r:jabber_client_port_t:s0 |
|---|
| 163 |
portcon tcp 5223 system_u:object_r:jabber_client_port_t:s0 |
|---|
| 164 |
portcon tcp 5269 system_u:object_r:jabber_interserver_port_t:s0 |
|---|
| 165 |
portcon tcp 5432 system_u:object_r:postgresql_port_t:s0 |
|---|
| 166 |
portcon tcp 5666 system_u:object_r:inetd_child_port_t:s0 |
|---|
| 167 |
portcon tcp 5703 system_u:object_r:ptal_port_t:s0 |
|---|
| 168 |
portcon tcp 9290 system_u:object_r:hplip_port_t:s0 |
|---|
| 169 |
portcon tcp 9291 system_u:object_r:hplip_port_t:s0 |
|---|
| 170 |
portcon tcp 9292 system_u:object_r:hplip_port_t:s0 |
|---|
| 171 |
portcon tcp 50000 system_u:object_r:hplip_port_t:s0 |
|---|
| 172 |
portcon tcp 50002 system_u:object_r:hplip_port_t:s0 |
|---|
| 173 |
portcon tcp 5900 system_u:object_r:vnc_port_t:s0 |
|---|
| 174 |
portcon tcp 5988 system_u:object_r:pegasus_http_port_t:s0 |
|---|
| 175 |
portcon tcp 5989 system_u:object_r:pegasus_https_port_t:s0 |
|---|
| 176 |
portcon tcp 6000 system_u:object_r:xserver_port_t:s0 |
|---|
| 177 |
portcon tcp 6001 system_u:object_r:xserver_port_t:s0 |
|---|
| 178 |
portcon tcp 6002 system_u:object_r:xserver_port_t:s0 |
|---|
| 179 |
portcon tcp 6003 system_u:object_r:xserver_port_t:s0 |
|---|
| 180 |
portcon tcp 6004 system_u:object_r:xserver_port_t:s0 |
|---|
| 181 |
portcon tcp 6005 system_u:object_r:xserver_port_t:s0 |
|---|
| 182 |
portcon tcp 6006 system_u:object_r:xserver_port_t:s0 |
|---|
| 183 |
portcon tcp 6007 system_u:object_r:xserver_port_t:s0 |
|---|
| 184 |
portcon tcp 6008 system_u:object_r:xserver_port_t:s0 |
|---|
| 185 |
portcon tcp 6009 system_u:object_r:xserver_port_t:s0 |
|---|
| 186 |
portcon tcp 6010 system_u:object_r:xserver_port_t:s0 |
|---|
| 187 |
portcon tcp 6011 system_u:object_r:xserver_port_t:s0 |
|---|
| 188 |
portcon tcp 6012 system_u:object_r:xserver_port_t:s0 |
|---|
| 189 |
portcon tcp 6013 system_u:object_r:xserver_port_t:s0 |
|---|
| 190 |
portcon tcp 6014 system_u:object_r:xserver_port_t:s0 |
|---|
| 191 |
portcon tcp 6015 system_u:object_r:xserver_port_t:s0 |
|---|
| 192 |
portcon tcp 6016 system_u:object_r:xserver_port_t:s0 |
|---|
| 193 |
portcon tcp 6017 system_u:object_r:xserver_port_t:s0 |
|---|
| 194 |
portcon tcp 6018 system_u:object_r:xserver_port_t:s0 |
|---|
| 195 |
portcon tcp 6019 system_u:object_r:xserver_port_t:s0 |
|---|
| 196 |
portcon tcp 6667 system_u:object_r:ircd_port_t:s0 |
|---|
| 197 |
portcon tcp 8000 system_u:object_r:soundd_port_t:s0 |
|---|
| 198 |
# 9433 is for YIFF |
|---|
| 199 |
portcon tcp 9433 system_u:object_r:soundd_port_t:s0 |
|---|
| 200 |
portcon tcp 3128 system_u:object_r:http_cache_port_t:s0 |
|---|
| 201 |
portcon tcp 8080 system_u:object_r:http_cache_port_t:s0 |
|---|
| 202 |
portcon udp 3130 system_u:object_r:http_cache_port_t:s0 |
|---|
| 203 |
# 8118 is for privoxy |
|---|
| 204 |
portcon tcp 8118 system_u:object_r:http_cache_port_t:s0 |
|---|
| 205 |
|
|---|
| 206 |
portcon udp 4041 system_u:object_r:clockspeed_port_t:s0 |
|---|
| 207 |
portcon tcp 8081 system_u:object_r:transproxy_port_t:s0 |
|---|
| 208 |
portcon udp 10080 system_u:object_r:amanda_port_t:s0 |
|---|
| 209 |
portcon tcp 10080 system_u:object_r:amanda_port_t:s0 |
|---|
| 210 |
portcon udp 10081 system_u:object_r:amanda_port_t:s0 |
|---|
| 211 |
portcon tcp 10081 system_u:object_r:amanda_port_t:s0 |
|---|
| 212 |
portcon tcp 10082 system_u:object_r:amanda_port_t:s0 |
|---|
| 213 |
portcon tcp 10083 system_u:object_r:amanda_port_t:s0 |
|---|
| 214 |
portcon tcp 60000 system_u:object_r:postgrey_port_t:s0 |
|---|
| 215 |
|
|---|
| 216 |
portcon tcp 10024 system_u:object_r:amavisd_recv_port_t:s0 |
|---|
| 217 |
portcon tcp 10025 system_u:object_r:amavisd_send_port_t:s0 |
|---|
| 218 |
portcon tcp 3310 system_u:object_r:clamd_port_t:s0 |
|---|
| 219 |
portcon udp 6276 system_u:object_r:dcc_port_t:s0 |
|---|
| 220 |
portcon udp 6277 system_u:object_r:dcc_port_t:s0 |
|---|
| 221 |
portcon udp 24441 system_u:object_r:pyzor_port_t:s0 |
|---|
| 222 |
portcon tcp 2703 system_u:object_r:razor_port_t:s0 |
|---|
| 223 |
portcon tcp 8021 system_u:object_r:zope_port_t:s0 |
|---|
| 224 |
|
|---|
| 225 |
# Defaults for reserved ports. Earlier portcon entries take precedence; |
|---|
| 226 |
# these entries just cover any remaining reserved ports not otherwise |
|---|
| 227 |
# declared or omitted due to removal of a domain. |
|---|
| 228 |
portcon tcp 1-1023 system_u:object_r:reserved_port_t:s0 |
|---|
| 229 |
portcon udp 1-1023 system_u:object_r:reserved_port_t:s0 |
|---|
| 230 |
|
|---|
| 231 |
# Network interfaces (default = initial SID "netif" and "netmsg") |
|---|
| 232 |
# |
|---|
| 233 |
# interface netif_context default_msg_context |
|---|
| 234 |
# |
|---|
| 235 |
netifcon lo system_u:object_r:netif_lo_t:s0 - s15:c0.c255 system_u:object_r:unlabeled_t:s0 |
|---|
| 236 |
|
|---|
| 237 |
# Nodes (default = initial SID "node") |
|---|
| 238 |
# |
|---|
| 239 |
# address mask context |
|---|
| 240 |
# |
|---|
| 241 |
nodecon 127.0.0.1 255.255.255.255 system_u:object_r:node_lo_t:s0 - s15:c0.c255 |
|---|
| 242 |
nodecon 0.0.0.0 255.255.255.255 system_u:object_r:node_inaddr_any_t:s0 |
|---|
| 243 |
nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system_u:object_r:node_unspec_t:s0 |
|---|
| 244 |
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system_u:object_r:node_lo_t:s0 |
|---|
| 245 |
nodecon ff00:: ff00:: system_u:object_r:node_multicast_t:s0 |
|---|
| 246 |
nodecon fe80:: ffff:ffff:ffff:ffff:: system_u:object_r:node_link_local_t:s0 |
|---|
| 247 |
nodecon fec0:: ffc0:: system_u:object_r:node_site_local_t:s0 |
|---|
| 248 |
nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:node_compat_ipv4_t:s0 |
|---|
| 249 |
nodecon ::ffff:0000:0000 ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:node_mapped_ipv4_t:s0 |
|---|
| 250 |
|
|---|
| 251 |
# FLASK |
|---|
