Layer: admin

Policy modules for administrative functions, such as package management.


Module:Description:
acct

Berkeley process accounting.

aide

Aide filesystem integrity checker.

alsa

Advanced Linux Sound Architecture utilities.

amanda

Advanced Maryland Automatic Network Disk Archiver.

amtu

Abstract Machine Test Utility.

anaconda

Anaconda installer.

apt

Advanced package tool.

backup

System backup scripts.

bacula

Cross platform network backup.

blueman

Tool to manage Bluetooth devices.

bootloader

Policy for the kernel modules, kernel image, and bootloader.

brctl

Utilities for configuring the Linux ethernet bridge.

certwatch

Digital Certificate Tracking.

cfengine

System administration tool for networks.

chkrootkit

chkrootkit - rootkit checker.

cloudinit

Init scripts for cloud VMs

consoletype

Determine of the console connected to the controlling terminal.

dmesg

Policy for dmesg.

dmidecode

Decode DMI data for x86/ia64 bioses.

dphysswapfile

Set up, mount/unmount, and delete an swap file.

dpkg

Debian package manager.

fakehwclock

fake-hwclock - Control fake hardware clock.

fapolicyd

The fapolicyd software framework controls the execution of applications based on a user-defined policy. This is one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.

firstboot

Initial system configuration utility.

hwloc

Dump topology and locality information from hardware tables.

kdump

Kernel crash dumping mechanism.

kismet

IEEE 802.11 wireless LAN sniffer.

logrotate

Rotates, compresses, removes and mails system log files.

logwatch

System log analyzer and reporter.

mcelog

Linux hardware error daemon.

mrtg

Network traffic graphing.

ncftool

Cross-platform network configuration library.

netutils

Network analysis utilities

passenger

Ruby on rails deployment for Apache and Nginx servers.

portage

Package Management System.

prelink

Prelink ELF shared library mappings.

puppet

Configuration management system.

quota

File system quota management.

rkhunter

rkhunter - rootkit checker.

rpm

Redhat package manager.

samhain

Check file integrity.

sblim

Standards Based Linux Instrumentation for Manageability.

shorewall

Shoreline Firewall high-level tool for configuring netfilter.

shutdown

System shutdown command.

sosreport

Generate debugging information for system.

su

Run shells with substitute user and group.

sudo

Execute a command with a substitute user

sxid

SUID/SGID program monitoring.

tboot

Utilities for the tboot TXT module.

tmpreaper

Manage temporary directory sizes and file ages.

tripwire

File integrity checker.

tzdata

Time zone updater.

updfstab

Red Hat utility to change fstab.

usbguard

Usbguard enforces the USB device authorization policy for all USB devices.

usbmodules

List kernel modules of USB devices.

usermanage

Policy for managing user accounts.

vbetool

run real-mode video BIOS code to alter hardware state.

vpn

Virtual Private Networking client.



Layer: apps

Policy modules for applications


Module:Description:
awstats

Log file analyzer for advanced statistics.

calamaris

Squid log analysis.

cdrecord

Record audio or data Compact Discs from a master.

chromium

Chromium browser

cpufreqselector

Command-line CPU frequency settings.

cryfs

CryFS and similar other tools which mount encrypted directories using FUSE.

evolution

Evolution email client.

games

Various games.

gitosis

Tools for managing and hosting git repositories.

gnome

GNU network object model environment.

gpg

Policy for GNU Privacy Guard and related programs.

irc

IRC client policy.

java

Java virtual machine

libmtp

libmtp: An Initiatior implementation of the Media Transfer Protocol (MTP).

lightsquid

Log analyzer for squid proxy.

livecd

Tool for building alternate livecd for different os and policy versions.

loadkeys

Load keyboard mappings.

man2html

A Unix manpage-to-HTML converter.

mandb

On-line manual database.

mono

Run .NET server and client applications on Linux.

mozilla

Policy for Mozilla and related web browsers.

mplayer

Mplayer media player and encoder.

openoffice

Openoffice suite.

pulseaudio

Pulseaudio network sound server.

qemu

QEMU machine emulator and virtualizer.

rssh

Restricted (scp/sftp) only shell.

screen

GNU terminal multiplexer.

seunshare

Filesystem namespacing/polyinstantiation application.

sigrok

sigrok signal analysis software suite.

slocate

Update database for mlocate.

syncthing

Application that lets you synchronize your files across multiple devices.

telepathy

Telepathy communications framework.

thunderbird

Thunderbird email client.

tvtime

High quality television application.

uml

User mode linux tools and services.

userhelper

A wrapper that helps users run system programs.

usernetctl

User network interface configuration helper.

vlock

Lock one or more sessions on the Linux console.

vmware

VMWare Workstation virtual machines.

webalizer

Web server log analysis.

wine

Run Windows programs in Linux.

wireshark

Wireshark packet capture tool.

wm

X Window Managers.

xscreensaver

Modular screen saver and locker for X11.



Layer: kernel

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.


Module:Description:
corecommands

Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin.

corenetwork

Policy controlling access to network objects

devices

Device nodes and interfaces for many basic system devices.

domain

Core policy for domains.

files

Basic filesystem types and interfaces.

filesystem

Policy for filesystems.

kernel

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.

mcs

Multicategory security policy

mls

Multilevel security policy

selinux

Policy for kernel security interface, in particular, selinuxfs.

storage

Policy controlling access to storage devices

terminal

Policy for terminals.

ubac

User-based access control policy



Layer: roles

Policy modules for user roles.


Module:Description:
auditadm

Audit administrator role

dbadm

Database administrator role.

guest

Least privilege terminal user role.

logadm

Log administrator role

secadm

Security administrator role

staff

Administrator's unprivileged user role

sysadm

General system administration role

unprivuser

Generic unprivileged user role

webadm

Web administrator role.

xguest

Least privilege xwindows user role.



Layer: services

Policy modules for system services, like cron, and network services, like sshd.


Module:Description:
abrt

Automated bug-reporting tool.

accountsd

AccountsService and daemon for manipulating user account information via D-Bus.

acpi

Advanced power management.

afs

Andrew Filesystem server.

aisexec

Aisexec Cluster Engine.

amavis

High-performance interface between an email server and content checkers.

apache

Various web servers.

apcupsd

APC UPS monitoring daemon.

aptcacher

apt-cacher, cache for Debian APT repositories.

arpwatch

Ethernet activity monitor.

asterisk

Asterisk IP telephony server.

automount

Filesystem automounter service.

avahi

mDNS/DNS-SD daemon implementing Apple ZeroConf architecture.

bind

Berkeley Internet name domain DNS server.

bird

BIRD Internet Routing Daemon.

bitlbee

Tunnels instant messaging traffic to a virtual IRC channel.

bluetooth

Bluetooth tools and system services.

boinc

Platform for computing using volunteered resources.

bugzilla

Bugtracker.

cachefilesd

CacheFiles user-space management daemon.

canna

Kana-kanji conversion server.

certbot

SSL certificate requesting tool certbot AKA letsencrypt.

certmaster

Remote certificate distribution framework.

certmonger

Certificate status monitor and PKI enrollment client.

cgmanager

Control Group manager daemon.

cgroup

libcg is a library that abstracts the control group file system in Linux.

chronyd

Chrony NTP background daemon.

clamav

ClamAV Virus Scanner.

cobbler

Cobbler installation server.

cockpit

Cockpit web management system for Linux

collectd

Statistics collection daemon for filling RRD files.

colord

GNOME color manager.

comsat

Comsat, a biff server.

condor

High-Throughput Computing System.

consolesetup

console font and keymap setup program for debian

container

Policy for containers

corosync

Corosync Cluster Engine.

couchdb

Document database server.

courier

Courier IMAP and POP3 email servers.

cpucontrol

Services for loading CPU microcode and CPU frequency scaling.

cron

Periodic execution of scheduled commands.

ctdb

Clustered Database based on Samba Trivial Database.

cups

Common UNIX printing system.

cvs

Concurrent versions system.

cyphesis

Cyphesis WorldForge game server.

cyrus

Cyrus is an IMAP service intended to be run on sealed servers.

dante

Dante msproxy and socks4/5 proxy server.

dbskk

Dictionary server for the SKK Japanese input method system.

dbus

Desktop messaging bus.

ddclient

Update dynamic IP address at DynDNS.org.

devicekit

Devicekit modular hardware abstraction layer.

dhcp

Dynamic host configuration protocol server.

dictd

Dictionary daemon.

dirmngr

Server for managing and downloading certificate revocation lists.

distcc

Distributed compiler daemon.

djbdns

Small and secure DNS daemon.

dkim

DomainKeys Identified Mail milter.

dnsmasq

DNS forwarder and DHCP server.

docker

Policy for docker

dovecot

POP and IMAP mail server.

drbd

Mirrors a block device over the network to another machine.

entropyd

Generate entropy from audio input.

exim

Mail transfer agent.

fail2ban

Update firewall filtering to ban IP addresses with too many password failures.

fcoe

Fibre Channel over Ethernet utilities.

fetchmail

Remote-mail retrieval and forwarding utility.

finger

Finger user information service.

firewalld

Service daemon with a D-BUS interface that provides a dynamic managed firewall.

fprintd

DBus fingerprint reader service.

ftp

File transfer protocol service.

gatekeeper

OpenH.323 Voice-Over-IP Gatekeeper.

gdomap

GNUstep distributed object mapper.

geoclue

Geoclue is a D-Bus service that provides location information.

git

GIT revision control system.

glance

OpenStack image registry and delivery service.

glusterfs

Cluster File System binary, daemon and command line.

gnomeclock

Gnome clock handler for setting the time.

gpm

General Purpose Mouse driver.

gpsd

gpsd monitor daemon.

gssproxy

policy for gssproxy - daemon to proxy GSSAPI context establishment and channel handling

hadoop

Software for reliable, scalable, distributed computing.

hddtemp

Hard disk temperature tool running as a daemon.

hostapd

IEEE 802.11 wireless LAN Host AP daemon.

hypervkvp

HyperV key value pair (KVP).

i18n_input

IIIMF htt server.

icecast

ShoutCast compatible streaming media server.

ifplugd

Bring up/down ethernet interfaces based on cable detection.

inetd

Internet services daemon.

inn

Internet News NNTP server.

iodine

IP over DNS tunneling daemon.

ircd

IRC servers.

irqbalance

IRQ balancing daemon.

isns

Internet Storage Name Service.

jabber

Jabber instant messaging servers.

kerberos

MIT Kerberos admin and KDC.

kerneloops

Service for reporting kernel oopses to kerneloops.org.

keystone

Python implementation of the OpenStack identity service API.

knot

high-performance authoritative-only DNS server.

ksmtuned

Kernel Samepage Merging Tuning Daemon.

l2tp

Layer 2 Tunneling Protocol.

ldap

OpenLDAP directory server.

likewise

Likewise Active Directory support for UNIX.

lircd

Linux infared remote control daemon.

lldpad

Intel LLDP Agent.

lpd

Line printer daemon.

lsm

Storage array management library.

mailman

Manage electronic mail discussion and e-newsletter lists.

matrixd

matrix.org synapse reference server.

mediawiki

Open source wiki package written in PHP.

memcached

High-performance memory object caching system.

memlockd

memory lock daemon, keeps important files in RAM.

milter

Milter mail filters.

minidlna

MiniDLNA lightweight DLNA/UPnP media server

minissdpd

Daemon used by MiniUPnPc to speed up device discoveries.

modemmanager

Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.

mojomojo

MojoMojo Wiki.

mon

mon network monitoring daemon.

mongodb

Scalable, high-performance, open source NoSQL database.

monit

Monit - utility for monitoring services on a Unix system.

monop

Monopoly daemon.

mpd

Music Player Daemon.

mta

Common e-mail transfer agent policy.

munin

Munin network-wide load graphing.

mysql

Open source database.

nagios

Network monitoring server.

nessus

Network scanning daemon.

networkmanager

Manager for dynamically switching between networks.

nis

Policy for NIS (YP) servers and clients.

node_exporter

Prometheus Node Exporter

nscd

Name service cache daemon.

nsd

Authoritative only name server.

nslcd

Local LDAP name service daemon.

ntop

A network traffic probe similar to the UNIX top command.

ntp

Network time protocol daemon.

numad

Non-Uniform Memory Alignment Daemon.

nut

Network UPS Tools

nx

NX remote desktop.

obex

D-Bus service providing high-level OBEX client and server side functionality.

obfs4proxy

obfs4proxy.

oddjob

D-BUS service which runs odd jobs on behalf of client applications.

oident

An ident daemon with IP masq/NAT support and the ability to specify responses.

openca

Open Certificate Authority.

openct

Service for handling smart card readers.

openhpi

Open source implementation of the Service Availability Forum Hardware Platform Interface.

opensm

OpenSM is a software implementation of an InfiniBand subnet manager.

openvpn

full-featured SSL VPN solution.

openvswitch

Multilayer virtual switch.

pacemaker

A scalable high-availability cluster resource manager.

pads

Passive Asset Detection System.

pcscd

PCSC smart card service.

pegasus

The Open Group Pegasus CIM/WBEM Server.

perdition

Perdition POP and IMAP proxy.

pingd

Pingd of the Whatsup cluster node up/down detection utility.

pkcs

Implementations of the Cryptoki specification.

plymouthd

Plymouth graphical boot.

podman

Policy for podman

policykit

Policy framework for controlling privileges for system-wide services.

portmap

RPC port mapping service.

portreserve

Reserve well-known ports in the RPC port range.

portslave

Portslave terminal server software.

postfix

Postfix email server.

postfixpolicyd

Postfix policy server.

postgresql

PostgreSQL relational database

postgrey

Postfix grey-listing server.

ppp

Point to Point Protocol daemon creates links in ppp networks.

prelude

Prelude hybrid intrusion detection system.

privoxy

Privacy enhancing web proxy.

procmail

Procmail mail delivery agent.

psad

Intrusion Detection and Log Analysis with iptables.

publicfile

publicfile supplies files to the public through HTTP and FTP.

pwauth

External plugin for mod_authnz_external authenticator.

pxe

Server for the PXE network boot protocol.

pyzor

Pyzor is a distributed, collaborative spam detection and filtering network.

qmail

Qmail Mail Server.

qpid

Apache QPID AMQP messaging server.

quantum

Virtual network service for Openstack.

rabbitmq

AMQP server written in Erlang.

radius

RADIUS authentication and accounting server.

radvd

IPv6 router advertisement daemon.

rasdaemon

RAS (Reliability, Availability and Serviceability) logging tool

razor

A distributed, collaborative, spam detection and filtering network.

rdisc

Network router discovery daemon.

realmd

Dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA.

redis

Advanced key-value store.

remotelogin

Rshd, rlogind, and telnetd.

resmgr

Resource management daemon.

rhsmcertd

Subscription Management Certificate Daemon.

rlogin

Remote login daemon.

rngd

Check and feed random data from hardware device to kernel random device.

rootlesskit

Policy for RootlessKit

rpc

Remote Procedure Call Daemon.

rpcbind

Universal Addresses to RPC Program Number Mapper.

rshd

Remote shell service.

rsync

Fast incremental file transfer for synchronization.

rtkit

Realtime scheduling for user processes.

rwho

Who is logged in on other machines?

samba

SMB and CIFS client/server programs.

sanlock

shared storage lock manager.

sasl

SASL authentication server.

sendmail

Internetwork email routing facility.

sensord

Sensor information logging daemon.

setroubleshoot

SELinux troubleshooting service.

shibboleth

Shibboleth authentication daemon

slpd

OpenSLP server daemon to dynamically register services.

slrnpull

Service for downloading news feeds the slrn newsreader.

smartmon

Smart disk monitoring daemon.

smokeping

Smokeping network latency measurement.

smstools

Tools to send and receive short messages through GSM modems or mobile phones.

snmp

Simple network management protocol services.

snort

Snort network intrusion detection system.

soundserver

sound server for network audio server programs, nasd, yiff, etc

spamassassin

Filter used for removing unsolicited email.

squid

Squid caching http proxy server.

ssh

Secure shell client and server policy.

sssd

System Security Services Daemon.

stubby

DNS Privacy stub resolver.

stunnel

SSL Tunneling Proxy.

svnserve

Server for the svn repository access method.

sympa

Sympa mailing list manager

sysstat

Reports on various system states.

systemtap

instrumentation system for Linux.

tcpd

TCP daemon.

tcsd

TSS Core Services daemon.

telnet

Telnet daemon.

tftp

Trivial file transfer protocol daemon.

tgtd

Linux Target Framework Daemon.

timidity

MIDI to WAV converter and player configured as a service.

tor

The onion router.

tpm2

Trusted Platform Module 2.0

transproxy

Portable Transparent Proxy Solution.

tuned

Dynamic adaptive system tuning daemon.

ucspitcp

UNIX Client-Server Program Interface for TCP.

ulogd

Iptables/netfilter userspace logging daemon.

uptime

Daemon to record and keep track of system up times.

usbmuxd

USB multiplexing daemon for communicating with Apple iPod Touch and iPhone.

uucp

Unix to Unix Copy.

uuidd

UUID generation daemon.

uwimap

University of Washington IMAP toolkit POP3 and IMAP mail server.

varnishd

Varnishd http accelerator daemon.

vdagent

Spice agent for Linux.

vhostmd

Virtual host metrics daemon.

virt

Libvirt virtualization API.

vnstatd

Console network traffic monitor.

watchdog

Software watchdog.

wdmd

Watchdog multiplexing daemon.

wireguard

WireGuard VPN.

xfs

X Windows Font Server.

xserver

X Windows Server

zabbix

Distributed infrastructure monitoring.

zarafa

Zarafa collaboration platform.

zebra

Zebra border gateway protocol network routing service.

zfs

Tools for the Zettabyte File System.

zosremote

z/OS Remote-services Audit dispatcher plugin.



Layer: system

Policy modules for system functions from init to multi-user login.


Module:Description:
application

Policy for user executable applications.

authlogin

Common policy for authentication and user login.

clock

Policy for reading and setting the hardware clock.

daemontools

Collection of tools for managing UNIX services.

fstools

Tools for filesystem management, such as mkfs and fsck.

fwupd

Policy for firmwate update daemon and utility.

getty

Manages physical or virtual terminals.

hostname

Policy for changing the system host name.

init

System initialization programs (init and init scripts).

ipsec

TCP/IP encryption

iptables

Administration tool for IP packet filtering and NAT.

iscsi

Establish connections to iSCSI devices.

libraries

Policy for system libraries.

locallogin

Policy for local logins.

logging

Policy for the kernel message logger and system logging daemon.

lvm

Policy for logical volume management programs.

miscfiles

Miscellaneous files.

modutils

Policy for kernel module utilities

mount

Policy for mount.

netlabel

NetLabel/CIPSO labeled networking management

raid

RAID array management tools.

selinuxutil

Policy for SELinux policy and userland applications.

setrans

SELinux MLS/MCS label translation service.

sysnetwork

Policy for network configuration: ifconfig and dhcp client.

systemd

Systemd components (not PID 1)

udev

Policy for udev.

unconfined

The unconfined domain.

userdomain

Policy for user domains

xdg

Freedesktop standard locations (formerly known as X Desktop Group)

xen

Xen hypervisor.