sechecker [OPTIONS] -p profile Run profile
sechecker [OPTIONS] -m module -p profile Run module with profile
sechecker allows the user to perform predefined modular checks on a SELinux policy. Profiles exist to group modules together and allow modification of module settings (see below).
Tag | Description |
---|---|
-l, --list | print a list of profiles and modules |
-q, --quiet | suppress output |
-s, --short | print short output |
-v, --verbose | print verbose output |
--version | print version and exit |
--fcfile=<file> | file_contexts file |
--policy=<file> | policy file |
-h[mod], --help[=module] | print general help or help for a module |
-m <mod>, --module=<mod> | module name |
-p <prof>, --profile=<prof> | profile name or path |
--min-sev=<low|med|high> | the minimum severity to report |
<sechecker version="1.1">
<profile>
<module name="find_domains">
<output value="quiet"/>
<option name="domain_attribute">
<item value="domain"/>
<item value="user_domain"/>
...
</option>
</module>
...
</profile>
</sechecker>
The example profile specifies the output property for the find_domains module. The valid output values for each module are specified below:
Tag | Description |
---|---|
verbose: |
prints each result in the report with an accompanying proof
|
short: |
prints a list of results without an accompanying proof
|
none: |
does not print output in the report, however module errors will be printed
|
quiet: |
does not print output in the report and does not print errors, (this is usefull for utility modules for which the calling module handles the errors)
|
Advertisements |