Skip to Content

2 ways to check selinux status in Linux

By: Author David Cao

Posted on Last updated:

1 Comment

Categories Linux

Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that allows administrators to have more control over who can access the system.

It was originally developed by the United States National Security Agency (NSA) as a series of patches to the Linux kernel using Linux Security Modules (LSM). Security Enhanced Linux (SELinux) provides an additional layer of system security.

we have two ways to check if SELinux is enabled or disabled in Linux.

Different types of selinux security policy in Linux

SELINUX can take one of these three values:

  • enforcing – SELinux security policy is enforced.
  • permissive – SELinux prints warnings instead of enforcing.
  • disabled – No SELinux policy is loaded.

 

Check selinux status with getenforce command in Linux

The getenforce command is a Linux command that is used to check the current enforcement mode of SELinux (Security-Enhanced Linux) on a system.

Open a terminal window and type getenforce at the prompt. The command will return the current SELinux mode of the system Enforcing, Permissive, or Disabled.

Check selinux status with sestatus command in Linux

sestatus is a Linux command used to view the status of SELinux (Security-Enhanced Linux).

If you enter “sestatus” in the command line, it will return the following information:

$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

“SELinux status” indicates whether SELinux is enabled, “Current mode” indicates the current execution mode of SELinux, and “Loaded policy name” indicates the current SELinux policy in use.

Other information includes the root directory of SELinux, SELinuxfs mount point, memory protection checking, and more.

Temporary solution to disable selinux in Linux

we can modify the mode SELinux is running in using the setenforce command.

To put SELinux in permissive mode. We can disable selinux this way.

sudo setenforce Permissive
sestatus
getenforce

or 

sudo setenforce 0

For example, to put SELinux in enforcing mode, run:

sudo setenforce Enforcing
sestatus

or

sudo setenforce 1

Permanently Disable selinux in Linux

  • Edit the /etc/selinux/config file, run: sudo vi /etc/selinux/config
  • Set SELINUX to disabled: SELINUX=disabled
  • Save and close the file in vi/vim.
  • Reboot the Linux system: sudo reboot

 

 

By Author David Cao

Posted on Last updated:

Categories Linux

Daine

Monday 11th of December 2023

It works on RHEL8. Thanks.