Check To See If SELinux Is Working

In today’s article, you’ll learn how to see if SELinux Is Working on your system. Your system may not have SELinux, but many do. This article is for those people. You’re welcome!

SELinux stands for Security-Enhanced Linux and its function is to provide greater controls over who can access the system. It was actually developed by the US spy-agency – the NSA. You’ll often find SELinux in distros that fall within the RHEL family tree. The link at the start of this paragraph will give you even more details.

This article is just about checking to see if SELinux is working. It should be noted that SELinux has three operational states. I’ll cover them lightly here.

The first operational status is usually the default, which is ‘enforcing’. This means that it’s working and blocking as designed.

The second possible result is ‘permissive’. When SELinux is in this state, it is not blocking anything – but it is logging everything. So, you’ll see things after the fact, when you check the logs.

The third is simply ‘disabled’. That’s self-explanatory. If it’s disabled, it means it isn’t working. If it’s disabled, it’s easy enough to start it. If you choose not to, you’re not taking advantage of a security tool.

It’s not a very difficult article to follow, I don’t imagine. Pretty much anyone can figure this out. We won’t be going into details other than what the headline, and explaining everything about SELinux would take a lot of time and is beyond my level of expertise. 

See If SELinux Is Working:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

With your terminal open,  the very first command you can use is simply:

getenforce

That’ll spit out exactly the answer you’re looking for. However, the command that’s more interesting is the one that follows, an arguably better command to learn more about the status of SELinux:

sestatus

That command outputs a ton of information. The output of that command has more information. Included in that information is the SELinux status. It’s a quick way to see if SELinux is working. 

The output of that command would look something like this:

See the line – which is “Current mode:”? Well, that’s how you see if SELinux is working. It also feeds you other information, for a more deep view of your SELinux status.

I suppose if you use that command and want to narrow it down, you could do something like:

sestatus | grep "Current mode:"

Which is really just a bit silly when you already have the getenforce command available. There’s no reason to occupy one of your memory banks with that command, as it’s really just some fun with grep.

Closure:

Yup… There you have it. You have another article! ‘Snot really all that handy for those of us who don’t use SELinux. But, if you are using SELinux, this is a perfectly handy way  to see if See If SELinux Is Working.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.