Monday, June 30, 2014

How to Check SELinux Operational Mode

The easiest way on how to check SELinux ( Security Enhanced Linux ) operation mode is to use getenforce command. This command without any options or arguments will simply print a current status SELinux operational mode.

# getenforce 

Furthermore, the current status of SELinux operational mode can be set permanently or temporarily. The above getenforce command only show current status however to see whether the status was set temporarily by setenforce or by SELinux configuration file cat /etc/selinux/config the sestatus command should be used.

# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      29
In the above sestatus command output we can see that current SELinux operational more is permissive whereas, enforcing mode is set by configuration file which will take effect after reboot.


No comments :

Post a Comment