{
domain global;

allowcom -sem self r,w;	

allowcom -msg self r,w;

allowcom -msgq self r,w;

allowcom -shm self r,w;

allowcom -pipe self r,w;

allowcom -sig self c,k,s,o;

allowcom -unix self;

allowcom -udp self;

allowcom -tcp self;

allowcom -sig init_t c;

allowtty general w;

allowtty general r;

allowpts general r;

allowproc -self r;

allowproc -proc r;

allowproc -system r;

allowonly / s;

allowonly /home s;

deny /etc/passwd.OLD;

deny /etc/passwd-;

allow /usr/etc r,s;

deny /etc/httpd;

allow /usr/dict r,s;

deny /etc/xinetd.conf;

allow /usr/share r,s;

deny /var/log;

allow /tmp s;

deny /usr/local/tmp/webmin;

allow /usr/local r,s;

deny /dev/mem;

deny /var/lib/slocate;

allow /var/ftp/lib r,x,s;

deny /etc/security/selinux;

allow /dev r,s;

allow /dev/nul r,w;

allow /usr/backup r,s;

deny /var/ftp/etc;

deny /etc/modules.conf;

deny /usr/libexec/webmin-1.140;

deny /usr/sbin;

deny /var/log/wtmp;

deny /usr/X11R6/bin;

deny /etc/shadow-;

deny /dev/kmem;

deny /lib/modules;

deny /etc/webmin;

allow /lib r,x,s;

deny /root;

deny /usr/local/var/1;

allow /etc r,s;

deny /var/mail;

allow /usr/html r,s;

allow /usr/src r,s;

allow /usr/games r,s;

deny /etc/shadow;

deny /etc/xinetd.d;

allow /dev/null r,w;

deny /usr/bin;

deny /usr/local/etc/auth;

deny /var/www;

deny /var/spool;

allow /usr/tmp r,s;

deny /...security;

allow /usr/include r,s;

allow /usr/local/libexec r,x,s;

deny /var/webmin;

allow /usr/doc r,s;

deny /var/named;

deny /dev/port;

allow /usr/local/lib r,x,s;

deny /usr/local/etc;

allow /dev/zero r,w;

allow /var r,s;

allow /dev/console r,w;

allow /usr r,x,s;

}
