Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /usr/share/doc/selinux-policy-2.4.6/html/ drwxr-xr-x | |
| Viewing file: Select action/file-type: Security Enhanced Linux Reference Policy
+
admin
-
acct
+
apps
- alsa - amanda - amtu - anaconda - apt - backup - bootloader - brctl - certwatch - consoletype - ddcprobe - dmesg - dmidecode - dpkg - firstboot - kudzu - logrotate - logwatch - mrtg - netutils - portage - prelink - quota - readahead - rpm - su - sudo - sxid - tmpreaper - tripwire - updfstab - usbmodules - usermanage - vbetool - vpn
-
ada
+
kernel
- authbind - calamaris - cdrecord - ethereal - evolution - games - gift - gnome - gpg - guest - irc - java - loadkeys - lockdev - mono - mozilla - mplayer - qemu - rssh - screen - slocate - thunderbird - tvtime - uml - userhelper - usernetctl - vmware - webalizer - wine - yam
-
corecommands
+
services
- corenetwork - devices - domain - files - filesystem - kernel - mcs - mls - selinux - storage - terminal
-
afs
+
system
- aide - aisexec - amavis - apache - apm - arpwatch - asterisk - audioentropy - automount - avahi - bind - bluetooth - canna - ccs - cipe - clamav - clockspeed - clogd - comsat - courier - cpucontrol - cron - cups - cvs - cyrus - dante - dbskk - dbus - dcc - ddclient - dhcp - dictd - distcc - djbdns - dnsmasq - dovecot - exim - fail2ban - fetchmail - finger - ftp - gatekeeper - gpm - hal - howl - i18n_input - imaze - inetd - inn - ircd - irqbalance - jabber - kerberos - ktalk - ldap - lpd - mailman - milter - monop - mta - munin - mysql - nagios - nessus - networkmanager - nis - nscd - nsd - ntop - ntp - nx - oav - oddjob - openca - openct - openvpn - pcscd - pegasus - perdition - pki - portmap - portslave - postfix - postgresql - postgrey - ppp - prelude - privoxy - procmail - publicfile - pxe - pyzor - qmail - radius - radvd - razor - rdisc - remotelogin - resmgr - rgmanager - rhcs - rhgb - ricci - rlogin - roundup - rpc - rshd - rsync - samba - sasl - sendmail - setroubleshoot - slrnpull - smartmon - snmp - snort - soundserver - spamassassin - speedtouch - squid - ssh - stunnel - sysstat - tcpd - telnet - tftp - timidity - tor - transproxy - ucspitcp - uptime - uucp - uwimap - vhostmd - virt - watchdog - xfs - xprint - xserver - zebra - zosremote
-
application
- authlogin - clock - daemontools - fstools - getty - hostname - hotplug - init - ipsec - iptables - iscsi - libraries - locallogin - logging - lvm - miscfiles - modutils - mount - netlabel - pcmcia - raid - selinuxutil - setrans - sysnetwork - tzdata - udev - unconfined - userdomain - virtual - xen * Global Booleans * Global Tunables * Layer Index * Interface Index * Template Index Global tunables:allow_console_login
Default valuefalse Description
Allow users to connect to console (s390)
allow_cvs_read_shadow
Default valuefalse Description
Allow cvs daemon to read shadow
allow_execheap
Default valuefalse Description
Allow making the heap executable.
allow_execmem
Default valuefalse Description
Allow making anonymous memory executable, e.g. for runtime-code generation or executable stack.
allow_execmod
Default valuefalse Description
Allow making a modified private file mapping executable (text relocation).
allow_execstack
Default valuefalse Description
Allow making the stack executable via mprotect. Also requires allow_execmem.
allow_ftpd_anon_write
Default valuefalse Description
Allow ftp servers to modify public files used for public file transfer services.
allow_ftpd_full_access
Default valuefalse Description
Allow ftp servers to login to local users and read/write all files on the system, governed by DAC.
allow_ftpd_use_cifs
Default valuefalse Description
Allow ftp servers to use cifs used for public file transfer services.
allow_ftpd_use_nfs
Default valuefalse Description
Allow ftp servers to use nfs used for public file transfer services.
allow_gpg_execstack
Default valuefalse Description
Allow gpg executable stack
allow_gssd_read_tmp
Default valuetrue Description
Allow gssd to read temp directory.
allow_httpd_anon_write
Default valuefalse Description
Allow Apache to modify public files used for public file transfer services.
allow_httpd_mod_auth_pam
Default valuefalse Description
Allow Apache to use mod_auth_pam
allow_ipsec_label
Default valuetrue Description
Allow all domains to use ipsec labeled packets
allow_kerberos
Default valuefalse Description
Allow system to run with kerberos
allow_mount_anyfile
Default valuefalse Description
Allow mount to mount any file
allow_mounton_anydir
Default valuetrue Description
Allow mount to mount any dir
allow_mplayer_execstack
Default valuefalse Description
Allow mplayer executable stack
allow_netlabel
Default valuetrue Description
Allow all domains to use netlabel labeled packets
allow_nfsd_anon_write
Default valuefalse Description
Allow nfs servers to modify public files used for public file transfer services.
allow_polyinstantiation
Default valuefalse Description
Enable polyinstantiated directory support.
allow_ptrace
Default valuefalse Description
Allow sysadm to ptrace all processes
allow_rsync_anon_write
Default valuefalse Description
Allow rsync to modify public files used for public file transfer services.
allow_saslauthd_read_shadow
Default valuefalse Description
Allow sasl to read shadow
allow_smbd_anon_write
Default valuefalse Description
Allow samba to modify public files used for public file transfer services.
allow_ssh_keysign
Default valuefalse Description
allow host key based authentication
allow_unconfined_execmem_dyntrans
Default valuefalse Description
Allow unconfined to dyntrans to unconfined_execmem
allow_unlabeled_packets
Default valuetrue Description
Allow unlabeled packets to work on system
allow_user_mysql_connect
Default valuefalse Description
Allow users to connect to mysql
allow_write_xshm
Default valuefalse Description
Allows clients to write to the X server shared memory segments.
allow_ypbind
Default valuefalse Description
Allow system to run with NIS
allow_zebra_write_config
Default valuefalse Description
Allow zebra daemon to write it configuration files
cdrecord_read_content
Default valuefalse Description
Allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files
cron_can_relabel
Default valuefalse Description
Allow system cron jobs to relabel filesystem for restoring file contexts.
disable_evolution_trans
Default valuefalse Description
Disable transitions to evolution domains.
disable_games_trans
Default valuefalse Description
force to games to run in user_t mapping executable (text relocation).
disable_mozilla_trans
Default valuefalse Description
Disable transitions to user mozilla domains
disable_thunderbird_trans
Default valuefalse Description
Disable transitions to user thunderbird domains
fcron_crond
Default valuefalse Description
Enable extra rules in the cron domain to support fcron.
ftp_home_dir
Default valuefalse Description
Allow ftp to read and write files in the user home directories
ftpd_is_daemon
Default valuefalse Description
Allow ftpd to run directly without inetd
global_ssp
Default valuefalse Description
Enable reading of urandom for all domains.
This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom.
httpd_builtin_scripting
Default valuefalse Description
Allow httpd to use built in scripting (usually php)
httpd_can_network_connect
Default valuefalse Description
Allow http daemon to tcp connect
httpd_can_network_connect_db
Default valuefalse Description
Allow httpd to connect to mysql/posgresql
httpd_can_network_relay
Default valuefalse Description
Allow httpd to act as a relay
httpd_enable_cgi
Default valuefalse Description
Allow httpd cgi support
httpd_enable_ftp_server
Default valuefalse Description
Allow httpd to act as a FTP server by listening on the ftp port.
httpd_enable_homedirs
Default valuefalse Description
Allow httpd to read home directories
httpd_ssi_exec
Default valuefalse Description
Run SSI execs in system CGI script domain.
httpd_tty_comm
Default valuefalse Description
Allow http daemon to communicate with the TTY
httpd_unified
Default valuefalse Description
Run CGI in the main httpd domain
mail_read_content
Default valuefalse Description
Allow email client to various content. nfs, samba, removable devices, user temp and untrusted content files
mozilla_read_content
Default valuefalse Description
Control mozilla content access
named_write_master_zones
Default valuefalse Description
Allow BIND to write the master zone files. Generally this is used for dynamic DNS.
nfs_export_all_ro
Default valuefalse Description
Allow nfs to be exported read only
nfs_export_all_rw
Default valuefalse Description
Allow nfs to be exported read/write.
pppd_can_insmod
Default valuefalse Description
Allow pppd to load kernel modules for certain modems
pppd_for_user
Default valuefalse Description
Allow pppd to be run for a regular user
read_default_t
Default valuefalse Description
Allow reading of default_t files.
read_untrusted_content
Default valuefalse Description
Allow applications to read untrusted content If this is disallowed, Internet content has to be manually relabeled for read access to be granted
run_ssh_inetd
Default valuefalse Description
Allow ssh to run from inetd instead of as a daemon.
samba_domain_controller
Default valuefalse Description
Allow samba to run as the domain controller; add machines to passwd file
samba_enable_home_dirs
Default valuefalse Description
Allow samba to export user home directories.
samba_export_all_ro
Default valuefalse Description
Allow samba to be exported read only
samba_export_all_rw
Default valuefalse Description
Allow samba to be exported read/write.
samba_share_nfs
Default valuefalse Description
Allow samba to export NFS volumes.
squid_connect_any
Default valuefalse Description
Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports.
ssh_sysadm_login
Default valuefalse Description
Allow ssh logins as sysadm_r:sysadm_t
staff_read_sysadm_file
Default valuefalse Description
Allow staff_r users to search the sysadm home dir and read files (such as ~/.bashrc)
stunnel_is_daemon
Default valuefalse Description
Configure stunnel to be a standalone daemon or inetd service.
use_lpd_server
Default valuefalse Description
Use lpd server instead of cups
use_nfs_home_dirs
Default valuefalse Description
Support NFS home directories
use_samba_home_dirs
Default valuefalse Description
Support SAMBA home directories
user_direct_mouse
Default valuefalse Description
Allow regular users direct mouse access
user_dmesg
Default valuefalse Description
Allow users to read system messages.
user_net_control
Default valuefalse Description
Allow users to control network interfaces (also needs USERCTL=true)
user_ping
Default valuefalse Description
Control users use of ping and traceroute
user_rw_noexattrfile
Default valuefalse Description
Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)
user_tcp_server
Default valuefalse Description
Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols.
user_ttyfile_stat
Default valuefalse Description
Allow w to display everyone
virt_use_nfs
Default valuefalse Description
Allow virt to manage nfs files
virt_use_samba
Default valuefalse Description
Allow virt to manage cifs files
write_untrusted_content
Default valuefalse Description
Allow applications to write untrusted content If this is disallowed, no Internet content will be stored.
xdm_sysadm_login
Default valuefalse Description
Allow xdm logins as sysadm
|
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.012 ]-- |