summaryrefslogtreecommitdiffstats
path: root/sechecker/profiles
diff options
context:
space:
mode:
Diffstat (limited to 'sechecker/profiles')
-rw-r--r--sechecker/profiles/all-checks-no-mls.sechecker98
-rw-r--r--sechecker/profiles/all-checks.sechecker102
-rw-r--r--sechecker/profiles/analysis-checks.sechecker78
-rw-r--r--sechecker/profiles/devel-checks.sechecker74
-rw-r--r--sechecker/profiles/sechecker.dtd19
5 files changed, 371 insertions, 0 deletions
diff --git a/sechecker/profiles/all-checks-no-mls.sechecker b/sechecker/profiles/all-checks-no-mls.sechecker
new file mode 100644
index 0000000..657b5ba
--- /dev/null
+++ b/sechecker/profiles/all-checks-no-mls.sechecker
@@ -0,0 +1,98 @@
+<sechecker version="1.1">
+<profile>
+ <module name="find_domains">
+ <output value="quiet"/>
+ <option name="domain_attribute">
+ <item value="domain"/>
+ </option>
+ </module>
+
+ <module name="find_file_types">
+ <output value="quiet"/>
+ <option name="file_type_attribute">
+ <item value="file_type"/>
+ </option>
+ </module>
+
+ <module name="domain_and_file">
+ <output value="short"/>
+ </module>
+
+ <module name="attribs_wo_types">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_types">
+ <output value="short"/>
+ </module>
+
+ <module name="users_wo_roles">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_allow">
+ <output value="short"/>
+ </module>
+
+ <module name="types_wo_allow">
+ <output value="short"/>
+ </module>
+
+ <module name="attribs_wo_rules">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_users">
+ <output value="short"/>
+ </module>
+
+ <module name="spurious_audit">
+ <output value="short"/>
+ </module>
+
+ <module name="inc_mount">
+ <output value="short"/>
+ </module>
+
+ <module name="domains_wo_roles">
+ <output value="short"/>
+ </module>
+
+ <module name="inc_dom_trans">
+ <output value="short"/>
+ </module>
+
+ <module name="find_net_domains">
+ <output value="quiet"/>
+ <option name="net_obj">
+ <item value="netif"/>
+ <item value="tcp_socket"/>
+ <item value="udp_socket"/>
+ <item value="node"/>
+ <item value="association"/>
+ </option>
+ </module>
+
+ <module name="find_port_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="find_node_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="find_netif_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="inc_net_access">
+ <output value="short"/>
+ </module>
+
+ <module name="unreachable_doms">
+ <output value="short"/>
+ </module>
+
+</profile>
+</sechecker>
+
diff --git a/sechecker/profiles/all-checks.sechecker b/sechecker/profiles/all-checks.sechecker
new file mode 100644
index 0000000..498da0b
--- /dev/null
+++ b/sechecker/profiles/all-checks.sechecker
@@ -0,0 +1,102 @@
+<sechecker version="1.1">
+<profile>
+ <module name="find_domains">
+ <output value="quiet"/>
+ <option name="domain_attribute">
+ <item value="domain"/>
+ </option>
+ </module>
+
+ <module name="find_file_types">
+ <output value="quiet"/>
+ <option name="file_type_attribute">
+ <item value="file_type"/>
+ </option>
+ </module>
+
+ <module name="domain_and_file">
+ <output value="short"/>
+ </module>
+
+ <module name="attribs_wo_types">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_types">
+ <output value="short"/>
+ </module>
+
+ <module name="users_wo_roles">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_allow">
+ <output value="short"/>
+ </module>
+
+ <module name="types_wo_allow">
+ <output value="short"/>
+ </module>
+
+ <module name="attribs_wo_rules">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_users">
+ <output value="short"/>
+ </module>
+
+ <module name="spurious_audit">
+ <output value="short"/>
+ </module>
+
+ <module name="inc_mount">
+ <output value="short"/>
+ </module>
+
+ <module name="domains_wo_roles">
+ <output value="short"/>
+ </module>
+
+ <module name="inc_dom_trans">
+ <output value="short"/>
+ </module>
+
+ <module name="find_net_domains">
+ <output value="quiet"/>
+ <option name="net_obj">
+ <item value="netif"/>
+ <item value="tcp_socket"/>
+ <item value="udp_socket"/>
+ <item value="node"/>
+ <item value="association"/>
+ </option>
+ </module>
+
+ <module name="find_port_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="find_node_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="find_netif_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="inc_net_access">
+ <output value="short"/>
+ </module>
+
+ <module name="imp_range_trans">
+ <output value="short"/>
+ </module>
+
+ <module name="unreachable_doms">
+ <output value="short"/>
+ </module>
+
+</profile>
+</sechecker>
+
diff --git a/sechecker/profiles/analysis-checks.sechecker b/sechecker/profiles/analysis-checks.sechecker
new file mode 100644
index 0000000..8efaec9
--- /dev/null
+++ b/sechecker/profiles/analysis-checks.sechecker
@@ -0,0 +1,78 @@
+<sechecker version="1.1">
+<profile>
+ <module name="find_domains">
+ <output value="quiet"/>
+ <option name="domain_attribute">
+ <item value="domain"/>
+ </option>
+ </module>
+
+ <module name="find_file_types">
+ <output value="quiet"/>
+ <option name="file_type_attribute">
+ <item value="file_type"/>
+ </option>
+ </module>
+
+ <module name="domain_and_file">
+ <output value="short"/>
+ </module>
+
+ <module name="spurious_audit">
+ <output value="short"/>
+ </module>
+
+ <module name="inc_mount">
+ <output value="short"/>
+ </module>
+
+ <module name="rules_exp_nothing">
+ <output value="short"/>
+ </module>
+
+ <module name="domains_wo_roles">
+ <output value="short"/>
+ </module>
+
+ <module name="inc_dom_trans">
+ <output value="short"/>
+ </module>
+
+ <module name="find_net_domains">
+ <output value="quiet"/>
+ <option name="net_obj">
+ <item value="netif"/>
+ <item value="tcp_socket"/>
+ <item value="udp_socket"/>
+ <item value="node"/>
+ <item value="association"/>
+ </option>
+ </module>
+
+ <module name="find_port_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="find_node_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="find_netif_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="inc_net_access">
+ <output value="short"/>
+ </module>
+
+ <module name="imp_range_trans">
+ <output value="short"/>
+ </module>
+
+ <module name="unreachable_doms">
+ <output value="short"/>
+ </module>
+
+</profile>
+</sechecker>
+
diff --git a/sechecker/profiles/devel-checks.sechecker b/sechecker/profiles/devel-checks.sechecker
new file mode 100644
index 0000000..5807044
--- /dev/null
+++ b/sechecker/profiles/devel-checks.sechecker
@@ -0,0 +1,74 @@
+<sechecker version="1.1">
+<profile>
+ <module name="find_domains">
+ <output value="quiet"/>
+ <option name="domain_attribute">
+ <item value="domain"/>
+ </option>
+ </module>
+
+ <module name="find_file_types">
+ <output value="quiet"/>
+ <option name="file_type_attribute">
+ <item value="file_type"/>
+ </option>
+ </module>
+
+ <module name="attribs_wo_types">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_types">
+ <output value="short"/>
+ </module>
+
+ <module name="users_wo_roles">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_allow">
+ <output value="short"/>
+ </module>
+
+ <module name="types_wo_allow">
+ <output value="short"/>
+ </module>
+
+ <module name="attribs_wo_rules">
+ <output value="short"/>
+ </module>
+
+ <module name="roles_wo_users">
+ <output value="short"/>
+ </module>
+
+ <module name="spurious_audit">
+ <output value="short"/>
+ </module>
+
+ <module name="find_net_domains">
+ <output value="quiet"/>
+ <option name="net_obj">
+ <item value="netif"/>
+ <item value="tcp_socket"/>
+ <item value="udp_socket"/>
+ <item value="node"/>
+ <item value="association"/>
+ </option>
+ </module>
+
+ <module name="find_port_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="find_node_types">
+ <output value="quiet"/>
+ </module>
+
+ <module name="find_netif_types">
+ <output value="quiet"/>
+ </module>
+
+</profile>
+</sechecker>
+
diff --git a/sechecker/profiles/sechecker.dtd b/sechecker/profiles/sechecker.dtd
new file mode 100644
index 0000000..d0aa054
--- /dev/null
+++ b/sechecker/profiles/sechecker.dtd
@@ -0,0 +1,19 @@
+<!ELEMENT item EMPTY>
+<!ATTLIST item value NMTOKEN #REQUIRED>
+
+<!ELEMENT module (output, option?)>
+<!ATTLIST module name ID #REQUIRED>
+
+<!ELEMENT option (item+)>
+<!ATTLIST option name NMTOKEN #REQUIRED>
+
+<!ELEMENT output EMPTY>
+<!ATTLIST output value (quiet|short|verbose|none) #REQUIRED>
+
+<!ELEMENT profile (module+)>
+
+<!ELEMENT sechecker (profile)>
+<!ATTLIST sechecker version NMTOKEN #REQUIRED>
+
+
+
generated by cgit (git 2.34.1) at 2025-08-28 19:33:39 +0000