sechecker(1)sechecker(1)NAMEsechecker - SELinux policy checking tool
SYNOPSISsechecker [OPTIONS] -m module Run module
sechecker [OPTIONS] -p profile Run profile
sechecker [OPTIONS] -m module -p profile Run module with profile
Description
This manual page describes the sechecker command.
sechecker allows the user to perform predefined modular checks on a
SELinux policy. Profiles exist to group modules together and allow
modification of module settings (see below).
OPTIONS-l, --list
print a list of profiles and modules
-q, --quiet
suppress output
-s, --short
print short output
-v, --verbose
print verbose output
--version
print version and exit
--fcfile=<file>
file_contexts file
--policy=<file>
policy file
-h[mod], --help[=module]
print general help or help for a module
-m <mod>, --module=<mod>
module name
-p <prof>, --profile=<prof>
profile name or path
--min-sev=<low|med|high>
the minimum severity to report
PROFILE OPTIONS
Profiles are used to group modules together, to specify the output for‐
mat for each module in the report, and to provide the ability to over‐
ride the modules' default options. Each profile is a well-formed XML
document, as specified by the DTD installed with sechecker. An example
profile follows:
<sechecker version="1.1">
<profile>
<module name="find_domains">
<output value="quiet"/>
<option name="domain_attribute">
<item value="domain"/>
<item value="user_domain"/>
...
</option>
</module>
...
</profile>
</sechecker>
The example profile specifies the output property for the find_domains
module. The valid output values for each module are specified below:
verbose:
prints each result in the report with an accompanying proof
short: prints a list of results without an accompanying proof
none: does not print output in the report, however module errors will
be printed
quiet: does not print output in the report and does not print errors,
(this is usefull for utility modules for which the calling mod‐
ule handles the errors)
The example profile also overrides the default value for the
"domain_attribute" option in the find_domains module.
AUTHOR
This manual page was written by Kevin Carr <kcarr@tresys.com> and
Jeremy Mowery <jmowery@tresys.com>.
COPYRIGHTCopyright(C) 2006 Tresys Technology, LLC
SEE ALSOapol(1)sechecker(1)