How to Check whether SELinux is Enabled or Disabled [ID 432988.1]

Applies to:

Linux OS - Version: 4.0 to 5.3 - Release: RHEL4 to OEL5U3
Linux x86
Linux x86-64
Linux Itanium
***Checked for relevance on 19-Jan-2011***
Linux Kernel - Version: 4.0 to 5.3

Goal

From (FAQ):

Security-enhanced Linux (SELinux) is a reference implementation of the Flask security architecture for flexible mandatory access control. It was created to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The Flask architecture has been subsequently mainstreamed into Linux® and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work. The Flask architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security.

RedHat and Oracle Enterprise Linux provides the SELinux functionality. How one can check whether SELinux is enabled on a system or not?

Solution

SELinux may be in three different modes: Enforcing (or known as enabled), Disabled or Permissive.

Permissive mode loads the SELinux software, but doesn't enforce the rules, only logging is performed.

use this command to check current status:


The output will be either of the 3 options described above. For more verbose (in the case of permissive), use:



To programmatically check the status as a true/false, one way could be:

# /usr/sbin/selinuxenabled; if [ $? -ne 0 ]; then echo "DISABLED"; else echo "ENABLED"; fi

This will return ENABLED or DISABLED.[@more@]