Monday, April 17, 2017

How to check whether SELinux is enabled or not?

This is "How To" guide to show us, how one can check the status of SELinux whether it is enabled or not. If you would like to know more about SELinux like what is SELinux, why one should use SELinux and how does it work then click here.

Following are three different ways to check the status of SELinux:
  1. Use the getenforce command
    [vagrant@vagrantdev ~]$ getenforce
  2. Use the sestatus command
    [vagrant@vagrantdev ~]$ sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /selinux
    Current mode:                   permissive
    Mode from config file:          permissive
    Policy version:                 24
    Policy from config file:        targeted
  3. Use the SELinux Configuration File i.e. cat /etc/selinux/config to view the status
    [vagrant@vagrantdev ~]$ cat /etc/selinux/config
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #       enforcing - SELinux security policy is enforced.
    #       permissive - SELinux prints warnings instead of enforcing.
    #       disabled - SELinux is fully disabled.
    # SELINUXTYPE= type of policy in use. Possible values are:
    #       targeted - Only targeted network daemons are protected.
    #       strict - Full SELinux protection.
The output of above commands return the SELinux Modes. SELinux can be in any of three possible modes:
  • Enforcing - Security policy is enforced. Any unauthorized access attempts by users and applications / processes are denied and respective logs are written.
  • Permissive - Security policy is not enforced and unauthorized access attempts are not denied but respective logs are written. One can can use this mode for testing before enforcing the security policy.
  • Disabled - No security policy is enforced and no logs. Disabled state.
 Therefore if the above commands returns enforcing or permissive mode as the output then SELinux is enabled otherwise it is disabled.

Thank you for reading this article. Hope you would like it. If you have any suggestion or have any question do let me know in the comments. Happy Learning!!

No comments:

Post a Comment