SELinux Tools (setools), version 1.5.1
by Tresys Technology, LLC
(selinux@tresys.com, www.tresys.com/selinux)

November 04, 2004

OVERVIEW

This file describes the SELinux tools (setools) developed by Tresys. 
See the change log for details on the changes in this version. 

The tools and libraries in this release include:

1. apol: The GUI-based policy analysis tool.

2. seuser: A GUI (seuserx) and command line (seuser) user manager tool 
   for SELinux.  This is a tool that actually manages a portion of a 
   running policy (i.e., user accounts).  

3. seuser scripts: A set of shell scripts: seuseradd, seusermod, and 
   seuserdel.  These scripts combine the functions of the associated 
   user management commands (useradd etc.) with the seuser tool, to 
   provide a single interface to effectively manage all users in an 
   SELinux system.

4. seaudit: A GUI-based audit log analysis tool for Security 
   Enhanced Linux.  This tool allows you to sort and filter the audit 
   log, query the policy based on audit messages, as well as export
   audit log messages to a file.
  
5. seaudit-report: A new tool for generating reports on SE Linux audit
   messages in plain text or HTML format. Reports generated by this tool
   can be configured to include standard report sections such as policy
   load messages, enforcement toggles messages, policy boolean messages,
   etc. A key feature of the tool is that reports can be further customized 
   through the use of saved seaudit view files. This tool can effectively 
   be used as a plugin to other audit log analysis tools,  such as the 
   LogWatch application, which comes standard with Red Hat Linux. 

6. secmds: Command line tools for policy manipulation and SE Linux system
   administration. Includes:

   Two command line tools that provide a few of the features of apol 
   without the need for a GUI.  Seinfo is a command line tool for 
   looking at a SE Linux policy, and viewing various component elements 
   and statistics.  Sesearch is a command line tool to search the TE 
   rules.
   
   Two command line tools for manipulating contexts on filesystem objects. 
   Findcon allows searches for files with contexts that match a search 
   string. The search string can specify complete contexts, partial 
   contexts, and shell globbing style wildcards. Replcon provides the same 
   functionality but will then replace the context or part of the context 
   on the matched filesystem objects.
   
   Two new command line tools for creating/analyzing a snapshot of security
   contexts for SE Linux filesystem entities. Indexcon is used for indexing
   the security contexts of filesystem entities and searchcon is used for 
   searching the SE Linux filesystem database, which was created using 
   indexcon. Searchcon allows you to search for specific pathnames and/or 
   for pathnames whose label contains a particular type name and/or user 
   name. 
    

7. sepcut: A basic GUI-based policy configuration, browsing, editing, 
   and testing tool. This tool is intended to provide a complete, 
   single user interface for viewing the source files of a policy, 
   configuring policy program modules, editing policy files, and 
   making and testing the policy.

8. awish: A version of the Tcl/Tk wish interpreter that includes the 
   setools libraries.  We use this to test our GUIs (apol and seuser 
   have the interpreter compiled within them).  One could conceivably 
   write one's own GUI tools using Tcl/Tk as extended via awish.

9. libapol: The main policy analysis library, which is the core 
   library for all of our tools.

10. libseuser: The primary logic used for seuser.

11. libseaudit: The library for parsing and storing SE Linux 
    audit messages.

Apol, sepcut, seuser, seaudit, secmds, and the seuser* shell scripts 
are the primary tools in this package.  The other tool (awish) and the 
three libraries can serve as building blocks for the development of 
additional tools.  All of these tools and libraries are early 
generation, with little maturity, and should be used with care.

See the help files for apol, sepcut, seaudit, and seuser for specific 
help on using these tools.

These tools will likely have bugs (see KNOWN-BUGS for those of which 
we are aware).  Please report any new bugs or comments to 
selinux@tresys.com. Thank you.


THIS RELEASE

See the change log for a summary and history of all changes to 
setools.


COPYING

The intent is to allow free use of this source code under the GNU 
General Public License (see COPYING).  All source code is copyright 
protected and freely distributed under the GNU GPL (see COPYING). 
Absolutely no warranty is provided or implied (see COPYING).
