LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 02-13-2008, 12:58 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 73
How To Check SELinux Status (NO GUI)


Is it possible to run a command on the CLI to check the status of SELinux w/o having to run "system-config-securitylevel"?
 
Old 02-13-2008, 01:39 PM   #2
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
cat /etc/sysconfig/selinux
 
Old 02-13-2008, 01:55 PM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
Thanks!

I also found the command

Code:
sestatus
That is also very simple.

Thank you!
 
Old 02-18-2008, 08:36 AM   #4
mtimbro
Member
 
Registered: Feb 2008
Location: Montreal, Canada
Distribution: RedHat 3/4, Ubuntu 7.10
Posts: 86

Rep: Reputation: 15
Quote:
Originally Posted by Carlwill View Post
Thanks!

I also found the command

Code:
sestatus
That is also very simple.

Thank you!
You can also change the policy live like this:

setenforce 0 'to disable
setenforce 1 'to enable

Very practical on a production server when you can't edit /etc/selinux/config and reboot the machine.

Cheers,
 
Old 02-18-2008, 02:50 PM   #5
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
Quote:
Originally Posted by mtimbro View Post
You can also change the policy live like this:

setenforce 0 'to disable
setenforce 1 'to enable

Very practical on a production server when you can't edit /etc/selinux/config and reboot the machine.

Cheers,
But I thought it would still require a reboot to take effect, no?
 
Old 02-18-2008, 04:01 PM   #6
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
No, setenforce is only valid up until the next boot (ie once you reboot the status will revert to system settings)
 
Old 02-20-2008, 08:07 AM   #7
mtimbro
Member
 
Registered: Feb 2008
Location: Montreal, Canada
Distribution: RedHat 3/4, Ubuntu 7.10
Posts: 86

Rep: Reputation: 15
Quote:
Originally Posted by Micro420 View Post
But I thought it would still require a reboot to take effect, no?
Here is the way to disable selinux:

1-Edit /etc/selinux/config and set the SELINUX variable to 'disabled'
2-Use the setenforce command to disable on-the-fly

With solution 1, your changes are permanent but only effective if you reboot the machine.

With solution 2, your changes are NOT permanent but effective immediately.

Hope this clears it up :-).
 
Old 01-03-2011, 10:28 AM   #8
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Rep: Reputation: 31
Thumbs down opinion

Ondough my opinion is selinux in grub is disabled by setting enforcing 0

my thinking say's to me it is Verry important,
for to no sure reasons to set

Code:
SELINUX=permissive
Code:
SELINUXTYPE=#       strict - Full SELinux protection.
afther i done this

selinux takes a "long" time to relable the whole system

whit a cup of coffee 8)

Quote:
Java2groovy and grape were conflicting s0?
using the same filetype

Code:
| ?!><!? |
Quote:
Quote:
Slow entertaining!

Last edited by R03L; 01-03-2011 at 10:34 AM.
 
Old 01-03-2011, 01:21 PM   #9
misconfiguration
Member
 
Registered: Apr 2007
Location: Indianapolis, Indiana
Distribution: RHEL, Fedora, AIX, HP-UX, FreeBSD, Slackware
Posts: 62

Rep: Reputation: 19
To quickly check if SELinux is running use the following command.

Quote:
# getenforce
 
Old 01-03-2011, 02:47 PM   #10
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Rep: Reputation: 31
well it is such a hell to get vmware working again that i considert disabeling selinux fully


getenforce
Disabled

but relabeling is not an option on the disable option???
???
???

reboot is not relabeling!?

i say to myself this is a forced way to MUST use SELinux

remove selinux
or you try yum remove akonadi or selinux?

it try's to remove half the system!??
 
Old 01-03-2011, 02:47 PM   #11
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Rep: Reputation: 31
and what is national rational doing internationaly?
 
Old 01-04-2011, 10:10 AM   #12
misconfiguration
Member
 
Registered: Apr 2007
Location: Indianapolis, Indiana
Distribution: RHEL, Fedora, AIX, HP-UX, FreeBSD, Slackware
Posts: 62

Rep: Reputation: 19
Quote:
Originally Posted by R03L View Post
well it is such a hell to get vmware working again that i considert disabeling selinux fully


getenforce
Disabled

but relabeling is not an option on the disable option???
???
???

reboot is not relabeling!?

i say to myself this is a forced way to MUST use SELinux

remove selinux
or you try yum remove akonadi or selinux?

it try's to remove half the system!??
*** DO NOT UNINSTALL ANY SELINUX PACKAGES ***

Why would you want to disable or remove SELinux in the first place? It's put on the systems for a reason - to protect your data. I would first recommend simply learning the basics and keep your boxes running in "enforcing mode". If you absolutely *MUST* disable SELinux you can do so like this.


The SELinux config file is here:
Quote:
/etc/selinux/config
First you must edit the SELinux config file and change the "SELINUX=enforcing" to:
Quote:
SELINUX=disabled
Reboot

* Please note *

You don't have to relabel the OS once you disable SELinux and reboot. The system would automatically have to relabel the FS if you were to turn SELinux back on and reboot. Albeit if you *MUST* relabel the entire FS, I suggest using the trick similar to "forcefsck".

Run this command and reboot:
Quote:
touch /.autorelabel

Last edited by misconfiguration; 01-04-2011 at 10:31 AM.
 
Old 01-04-2011, 11:53 AM   #13
R03L
Member
 
Registered: Feb 2008
Distribution: mepis, ubuntu server ed. Debian. Redhat. Fedora, centos, LFS
Posts: 211

Rep: Reputation: 31
Lightbulb

Ok yankyou
 
Old 01-04-2011, 02:01 PM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Quote:
Originally Posted by R03L View Post
well it is such a hell to get vmware working again that i considert disabeling selinux fully
Remember that posting exact error messages usually gets you more precise answers.
 
0 members found this post helpful.
Old 01-10-2011, 01:41 AM   #15
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,356

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by carlosinfl View Post
Is it possible to run a command on the CLI to check the status of SELinux w/o having to run "system-config-securitylevel"?
Type:

Code:
getenforce
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SElinux // error in file system check // Please Help nomb Fedora 1 03-05-2007 12:51 PM
GUI for selinux/firewall disappeared igiobxn Linux - Newbie 2 05-02-2006 08:38 AM
Check disk status diezjc Linux - Hardware 2 04-06-2006 04:58 PM
check if selinux is installed linuxmandrake Debian 10 09-27-2005 06:05 PM
Check Printer Status Debby Linux - General 5 02-08-2002 09:52 PM


All times are GMT -5. The time now is 05:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration