Security

Check To See If SELinux Is Working

In today’s article, you’ll learn how to see if SELinux Is Working on your system. Your system may not have SELinux, but many do. This article is for those people. You’re welcome!

SELinux stands for Security-Enhanced Linux and its function is to provide greater controls over who can access the system. It was actually developed by the US spy-agency – the NSA. You’ll often find SELinux in distros that fall within the RHEL family tree. The link at the start of this paragraph will give you even more details.

This article is just about checking to see if SELinux is working. It should be noted that SELinux has three operational states. I’ll cover them lightly here.

The first operational status is usually the default, which is ‘enforcing’. This means that it’s working and blocking as designed.

The second possible result is ‘permissive’. When SELinux is in this state, it is not blocking anything – but it is logging everything. So, you’ll see things after the fact, when you check the logs.

The third is simply ‘disabled’. That’s self-explanatory. If it’s disabled, it means it isn’t working. If it’s disabled, it’s easy enough to start it. If you choose not to, you’re not taking advantage of a security tool.

It’s not a very difficult article to follow, I don’t imagine. Pretty much anyone can figure this out. We won’t be going into details other than what the headline, and explaining everything about SELinux would take a lot of time and is beyond my level of expertise. 

See If SELinux Is Working:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

With your terminal open,  the very first command you can use is simply:

getenforce

That’ll spit out exactly the answer you’re looking for. However, the command that’s more interesting is the one that follows, an arguably better command to learn more about the status of SELinux:

sestatus

That command outputs a ton of information. The output of that command has more information. Included in that information is the SELinux status. It’s a quick way to see if SELinux is working. 

The output of that command would look something like this:

See? The output lets us see that everything is fine.

See the line – which is “Current mode:”? Well, that’s how you see if SELinux is working. It also feeds you other information, for a more deep view of your SELinux status.

I suppose if you use that command and want to narrow it down, you could do something like:

sestatus | grep "Current mode:"

Which is really just a bit silly when you already have the getenforce command available. There’s no reason to occupy one of your memory banks with that command, as it’s really just some fun with grep.

Closure:

Yup… There you have it. You have another article! ‘Snot really all that handy for those of us who don’t use SELinux. But, if you are using SELinux, this is a perfectly handy way  to see if See If SELinux Is Working.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

KGIII

Retired mathematician, residing in the mountains of Maine. I may be old and wise, but I am not infallible. Please point out any errors. And, as always, thanks again for reading.

Recent Posts

Enable/Disable Your Network Interface

Today we'll cover one way to enable or disable your network interface in the Linux…

7 months ago

Check Your NIC Speed In The Terminal

Today's exercise is a nice and simple exercise where we check your NIC speed in…

7 months ago

Easily Monitor Your Wireless Connection

Have you ever wanted to easily monitor your wireless connection? Well, now you can learn…

7 months ago

Count The Files In A Directory

I think I've covered this before with the ls command but this time we'll count…

7 months ago

Get System Information With The ‘uname’ Command In Linux

Today we'll be learning about a basic Linux command that's known as 'uname' and it…

7 months ago

hardinfo Has Been Rebooted As hardinfo2

If you've used hardinfo in the past, it may interest you to know that hardinfo…

7 months ago