CentOS

How to Check SELinux Status?

4 months ago
by Aqsa Yasin
SELinux is a Mandatory Access Control (MAC) system that is developed by the NSA. As a substitute for Discretionary Access Control (DAC) that ships with most Linux distributions, SELinux was formed. SELinux 8 is a built-in security mechanism on which the security of all the Linux based systems depends. This security mechanism has three different modes of operation, i.e., “Enforcing”, “Permissive”, and “Disabled”, and you can toggle between these three modes according to your specific work requirements. Each of these modes serves a different purpose and you should understand it fully before changing the default mode of SELinux.

In our previous article on SELinux, we shared with you the method of disabling it. SELinux allows you the power to restrict the rights related to the process execution and mitigate the damage that might emerge from the exploitation of vulnerabilities in applications and systems. For this reason, unless you have a valid purpose to disable it, it is suggested to keep SELinux in enforcing mode. However, today we would like to share with you the method of checking the status of SELinux on CentOS 8.

Use Case of Checking the Status of SELinux on CentOS 8

After reading the introduction of this article, you might be wondering why do we need to check the status of SELinux in the first place. We have already stated that the security of the Linux based systems relies entirely on SELinux. It means that you should ensure all the time that SELinux is enabled and running on your system, unless you encounter a situation in which you have to disable it explicitly.

Since it is a mechanism that runs in the background, therefore, the users are not aware of its status. They need to specifically query for its status to know if SELinux is enabled or disabled. If it is enabled, then in which mode is it operating? Is it “Enforcing” or “Permissive”? In this situation, we must have proper ways where we can inquire for the status of SELinux.

For knowing the different methods of checking SELinux status on CentOS 8, you need to go through the following section of this article.

Methods of Checking SELinux Status on CentOS 8

For checking the status of SELinux on CentOS 8, you can use any of the three methods described below.

Method 1: Using the “sestatus” Command

This is the simplest and easiest method of finding out the status of SELinux as it only includes a one-liner command. For using the “sestatus” command for checking the status of SELinux on CentOS 8, you need to run this command in the following manner in your terminal:

$ sestatus

Running this command will display a lot of information other than the status of SELinux on CentOS 8. In our case, SELinux was enabled; therefore, its status is set to “enabled” as highlighted in the image shown below:

You have to modify the configuration file to disable SELinux on CentOS 8. To do that, you must first access the configuration file using any text editor of your preference. You can navigate the SELinux configuration file on CentOS 8 by running the affixed command on the terminal:

$ sudo nano /etc/selinux/config

After the successful execution of the above-mentioned command, the SELinux configuration file will be open in nano editor, i.e., default editor. You have to navigate the variable named as ‘SELinux’ and change its text from ‘enabled’ to ‘disabled’. After that, you have to save and close this configuration file. However, it is suggested to keep the SELinux status as enabled.

Method 2: Using the “getenforce” Command

This is another simple method of finding out the status of SELinux since this also involves a one-liner command. If you just want to know the mode of SELinux on which it is operating while being enabled on CentOS 8, you can make use of the “getenforce” command in the following manner:

$ getenforce

Running this command will not display any other information, rather it will simply reveal that your SELinux is currently operating in the “enforcing” mode as highlighted in the image shown below:

Method 3: Using the “/etc/selinux/config” File

If you are not satisfied by seeing only the status of SELinux on the terminal by running a simple command, then you can also choose to take a look at the /etc/selinux/config file in CentOS 8. All the information regarding the settings and status of SELinux is stored in the /etc/selinux/config file. Therefore, if you wish to see the status of SELinux on CentOS 8, you can also choose to display the contents of this file by running the “cat” command below:

$ cat /etc/selinux/config

As soon as you run this command, the configuration file of SELinux,  /etc/selinux/config, will be displayed on your terminal, from which you can easily figure out the status of SELinux on CentOS 8 as highlighted in the image shown below:

Conclusion

SELinux is a Linux utility that offers a workaround in the Linux kernel to help access control security policies. By using any of the three methods discussed in this article, you can easily find out the status of SELinux on CentOS 8. All three methods shared here are equally effective, and the user can choose to follow whichever method they like the most. By knowing the status of SELinux, you can also enable it if it has been accidentally or deliberately disabled in the past. By following this tutorial, you are now able to check the status of SELinux on your CentOS 8.

I hope this article will help you while checking SELinux status on your Linux operating system. In case you come up with any difficulty, you can ask in the comment section.

About the author

Aqsa Yasin

Aqsa Yasin

I am a self-motivated information technology professional with a passion for writing. I am a technical writer and love to write for all Linux flavors and Windows.

View all posts