SELinux, which stands for Security Enhanced Linux, is an extra layer of security control built for Linux systems. SELinux has three possible modes in which it can be running. Depending on which mode it’s in will determine the behavior of SELinux. In this tutorial, we’ll show you how to check the SELinux status aka. operational mode. The most common and easiest way to check SELinux status is by executing the getenforce command.
In this tutorial you will learn:
- How to check SELinux operational mode
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Any Linux distro that uses SELinux |
| Software | SELinux |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions | # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
How to Check SELinux Operational Mode
SELinux has three possible modes that you could see when running the command. They are:
- Enforcing – SELinux is active and enforcing its policy rules.
- Permissive – SELinux permits every thing, but logs the events it would normally deny in enforcing mode.
- Disabled – SELinux is not enforcing rules or logging anything.
- The first way to check the current status of SELinux at any time is by executing the
sestatuscommand.$ sestatus
Executing the sestatus command to view the SELinux operational mode of our system. On the image above we can see that SELinux status is set to enforcing. On our test system, the screenshot above indicates that the “current mode” of SELinux is enforcing.
- An even easier way to quickly check the status is with the
getenforcecommand, which will only output the current mode of SELinux and nothing else.$ getenforce Enforcing
Executing the getenforce command to view the SELinux operational mode of our system And in the screenshot above, SELinux indicates that it has been disabled. That’s because we already changed the SELinux operational mode between screenshots.
Closing Thoughts
Knowing the commands covered in this guide is very important if you plan to run SELinux on your system. You will find yourself verifying that SELinux is in the proper mode at least every once in a while. There may come a time when you need to switch it between enforcing and permissive, especially if you find that SELinux is interfering with the operating of some applications on your system.
