Comrite Unix Man page/Perldoc/Info page, English-Chinese Dictionary, Chinese-English Dictionary

sechecker

Command: man perldoc info search(apropos)  

  
sechecker(1)                                                      sechecker(1)



NAME
       sechecker - SELinux policy checking tool

SYNOPSIS
       sechecker [OPTIONS] -m module                 Run module

       sechecker [OPTIONS] -p profile                Run profile

       sechecker [OPTIONS] -m module -p profile      Run module with profile

Description
       This manual page describes the sechecker command.

       sechecker  allows  the  user  to perform predefined modular checks on a
       SELinux policy.  Profiles exist to group  modules  together  and  allow
       modification of module settings (see below).

OPTIONS
       -l, --list
              print a list of profiles and modules

       -q, --quiet
              suppress output

       -s, --short
              print short output

       -v, --verbose
              print verbose output

       --version
              print version and exit

       --fcfile=<file>
              file_contexts file

       --policy=<file>
              policy file

       -h[mod], --help[=module]
              print general help or help for a module

       -m <mod>, --module=<mod>
              module name

       -p <prof>, --profile=<prof>
              profile name or path

       --min-sev=<low|med|high>
              the minimum severity to report

PROFILE OPTIONS
       Profiles are used to group modules together, to specify the output for-
       mat for each module in the report, and to provide the ability to  over-
       ride  the  modules' default options.  Each profile is a well-formed XML
       document, as specified by the DTD installed with sechecker.  An example
       profile follows:

       <sechecker version="1.1">
            <profile>
                 <module name="find_domains">
                      <output value="quiet"/>
                      <option name="domain_attribute">
                           <item value="domain"/>
                           <item value="user_domain"/>
                           ...
                      </option>
                 </module>
                 ...
            </profile>
       </sechecker>

       The  example profile specifies the output property for the find_domains
       module.  The valid output values for each module are specified below:

       verbose:
              prints each result in the report with an accompanying proof

       short: prints a list of results without an accompanying proof

       none:  does not print output in the report, however module errors  will
              be printed

       quiet: does  not  print output in the report and does not print errors,
              (this is usefull for utility modules for which the calling  mod-
              ule handles the errors)

       The   example   profile  also  overrides  the  default  value  for  the
       "domain_attribute" option in the find_domains module.

AUTHOR
       This manual page was  written  by  Kevin  Carr  <kcarr AT tresys.com>  and
       Jeremy Mowery <jmowery AT tresys.com>.

COPYRIGHT
       Copyright(C) 2006 Tresys Technology, LLC

SEE ALSO
       apol(1)



                                                                  sechecker(1)
 

©2005 Comrite