Uname:
Linux yisu-647059427c03a 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
Software:
nginx/1.22.1
PHP version:
7.3.31 [ PHP INFO ] PHP os:
Linux
Server Ip:
103.146.158.90
Your Ip:
216.73.216.141
User:
www (1000) | Group:
www (1000)
Safe Mode:
OFF
Disable Function:
passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
#! /usr/bin/python -Es
# Copyright (C) 2012 Red Hat
# see file 'COPYING' for use and warranty information
#
# setrans is a tool for analyzing process transistions in SELinux policy
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
# 02111-1307 USA
#
#
import sepolicy
search = sepolicy.search
info = sepolicy.info
def get_types(src, tclass, perm, check_bools=False):
allows = search([sepolicy.ALLOW], {sepolicy.SOURCE: src, sepolicy.CLASS: tclass, sepolicy.PERMS: perm})
nlist = []
if allows:
for i in [y[sepolicy.TARGET] for y in
[x for x in allows
if set(perm).issubset(x[sepolicy.PERMS]) and (not check_bools or x["enabled"])]]:
if i not in nlist:
nlist.append(i)
return nlist
def get_network_connect(src, protocol, perm, check_bools=False):
portrecs, portrecsbynum = sepolicy.gen_port_dict()
d = {}
tlist = get_types(src, "%s_socket" % protocol, [perm], check_bools)
if len(tlist) > 0:
d[(src, protocol, perm)] = []
for i in tlist:
if i == "ephemeral_port_type":
if "unreserved_port_type" in tlist:
continue
i = "ephemeral_port_t"
if i == "unreserved_port_t":
if "unreserved_port_type" in tlist:
continue
if "port_t" in tlist:
continue
if i == "port_t":
d[(src, protocol, perm)].append((i, ["all ports with out defined types"]))
if i == "port_type":
d[(src, protocol, perm)].append((i, ["all ports"]))
elif i == "unreserved_port_type":
d[(src, protocol, perm)].append((i, ["all ports > 1024"]))
elif i == "reserved_port_type":
d[(src, protocol, perm)].append((i, ["all ports < 1024"]))
elif i == "rpc_port_type":
d[(src, protocol, perm)].append((i, ["all ports > 500 and < 1024"]))
else:
try:
d[(src, protocol, perm)].append((i, portrecs[(i, protocol)]))
except KeyError:
pass
return d