RHEL6 – Display and Modify SELinux Modes

There are three basic commands that you can use to display and modify SELinux modes. They are as follows

  • getenforce

  • setenforce

  • sestatus

The first two are installed as part of the package, libselinux-utils. The sestatus is installed as part of policycoreutils.

Setenforce will enable or disable SELinux temporarily. Use 0 to disable and 1 to enable as shown below.

#setenforce 0

#setenforce 1

If you need need your change to be persistent across reboots edit /etc/selinux/config.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

Getenforce is used to query your SELinux Status as seen below

[root@vpaquin01 selinux]# getenforce
Enforcing

Sestatus give you the same information as getenforce but in a bit more detail

[root@vpaquin01 selinux]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s