How to Check whether SELinux is Enabled Disabled?

SELinux (Security-Enhanced Linux) is a security feature built into the Linux kernel. It enables the accessibility for controlling the security policies. It has significant importance to prevent malicious or accidental access to sensitive information.

This guide will illustrate two methods to check whether SELinux is Enabled or Disabled in Linux.

How to Check Whether SELinux is Enabled or Disabled?

SELinux enhances the security of the Linux operating system by providing a means to enforce access controls on files and processes. Let’s check whether SELinux is enabled or disabled:

Prerequisite: Install policycoreutils Package

Before checking the state of the SELinux, install the “policycoreutils” package in the current operating system that provides additional access controls to the system. For this, execute the below script to install the “policycoreutils” package:

$ sudo apt install policycoreutils            # Ubuntu, Debian, LinuxMint
$ dnf install policycoreutils-python-utils    # Fedora
$ sudo yum -y install policycoreutils-python  # CentOS

After the successful execution, let’s check the current state of SELinux.

Method 1: Using the “sestatus” Command

To check the state of SELinux on a Linux system, the “sestatus” script is utilized. It visualizes the current status of SELinux on the system, including whether it is enabled or disabled:

$ sestatus

The output shows that the current state of “SELinux” is disabled in the operating system.

Method 2: Using the getenforce Command

The “getenforce” is utilized to analyze the current status of SELinux on a Linux system. This command will return one of the following strings: “Enforcing” if SELinux is currently enforcing policies. “Permissive” if SELinux is currently in permissive mode and “Disabled” if SELinux is currently disabled:

$ getenforce

The output is “Disabled“, which means that SELinux is currently disabled policies.

Method 3: Using the “etc/selinux/config” File

Users can check the existing state of SELinux by looking at the contents of the “config” file. This file contains the configuration settings for SELinux, including the system’s current status. For this, nano editor is utilized to access the specified file:

$ sudo nano /etc/selinux/config

You will see a line that says SELINUX=enforcing or SELINUX=permissive or SELINUX=disabled.

  • SELINUX=disabled means SELinux is disabled.
  • SELINUX=enforcing or SELINUX=permissive means SELinux is enabled.

Additionally, users can change the values from “SELINUX=disabled” to “SELINUX=enforcing” or “SELINUX=permissive” according to choice. After that, restart the system to configure all changes in the dependencies files:

$ reboot

Conclusion

Linux offers the “sestatus”, “getenforce” commands, and “etc/selinux/config” files to check the status of SELinux. In this configuration file, “SELINUX=disabled” specify that SELinux is disabled, while “enforcing” and “permissive” values represent that SELinux is enabled. This article has briefly explained two methods to check the current state of SELinux in the operating system.