The easiest way on how to check SELinux ( Security Enhanced Linux ) operation mode is to use getenforce command. This command without any options or arguments will simply print a current status SELinux operational mode.

# getenforce 

Furthermore, the current status of SELinux operational mode can be set permanently or temporarily. The above getenforce command only show current status however to see whether the status was set temporarily by setenforce or by SELinux configuration file cat /etc/selinux/config the sestatus command should be used.

# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      29

In the above sestatus command output we can see that current SELinux operational more is permissive whereas, enforcing mode is set by configuration file which will take effect after reboot.

Free Linux eBooks

Do you have the right skills?

Our IT Skills Watch page reflects an up to date IT skills demand leaning towards the Linux and Unix environment. We have considered a number of skills and operating systems.

See the result...

Linux Online Training

Learn to run Linux servers and prepare for LPI certification with Linux Academy. 104 available video lessons with PDF course notes with your own server!

Go to top