| Red Hat This forum is for the discussion of Red Hat Linux. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
|
02-13-2008, 11:58 AM
|
#1
|
|
Senior Member
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,862
Rep: 
|
How To Check SELinux Status (NO GUI)
Is it possible to run a command on the CLI to check the status of SELinux w/o having to run "system-config-securitylevel"?
|
|
|
|
|
02-13-2008, 12:39 PM
|
#2
|
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
|
cat /etc/sysconfig/selinux
|
|
|
|
|
02-13-2008, 12:55 PM
|
#3
|
|
Senior Member
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,862
Original Poster
Rep:
|
Thanks!
I also found the command
That is also very simple.
Thank you! |
|
|
|
|
02-18-2008, 07:36 AM
|
#4
|
|
Member
Registered: Feb 2008
Location: Montreal, Canada
Distribution: RedHat 3/4, Ubuntu 7.10
Posts: 86
Rep:
|
Quote:
Originally Posted by Carlwill
Thanks!
I also found the command
That is also very simple.
Thank you! |
You can also change the policy live like this:
setenforce 0 'to disable
setenforce 1 'to enable
Very practical on a production server when you can't edit /etc/selinux/config and reboot the machine.
Cheers, |
|
|
|
|
02-18-2008, 01:50 PM
|
#5
|
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
|
Quote:
Originally Posted by mtimbro
You can also change the policy live like this:
setenforce 0 'to disable
setenforce 1 'to enable
Very practical on a production server when you can't edit /etc/selinux/config and reboot the machine.
Cheers,
|
But I thought it would still require a reboot to take effect, no? |
|
|
|
|
02-18-2008, 03:01 PM
|
#6
|
|
Guru
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678
Rep:
|
No, setenforce is only valid up until the next boot (ie once you reboot the status will revert to system settings)
|
|
|
|
|
02-20-2008, 07:07 AM
|
#7
|
|
Member
Registered: Feb 2008
Location: Montreal, Canada
Distribution: RedHat 3/4, Ubuntu 7.10
Posts: 86
Rep:
|
Quote:
Originally Posted by Micro420
But I thought it would still require a reboot to take effect, no?
|
Here is the way to disable selinux:
1-Edit /etc/selinux/config and set the SELINUX variable to 'disabled'
2-Use the setenforce command to disable on-the-fly
With solution 1, your changes are permanent but only effective if you reboot the machine.
With solution 2, your changes are NOT permanent but effective immediately.
Hope this clears it up :-). |
|
|
|
|
01-03-2011, 09:28 AM
|
#8
|
|
Member
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: mepis, ubuntu server ed.
Posts: 207
Rep:
|
opinion
Ondough my opinion is selinux in grub is disabled by setting enforcing 0
my thinking say's to me it is Verry important,
for to no sure reasons to set
Code:
SELINUXTYPE=# strict - Full SELinux protection.
afther i done this
selinux takes a "long" time to relable the whole system
whit a cup of coffee 8)
Quote:
|
Java2groovy and grape were conflicting s0?
|
using the same filetype
Last edited by R03L; 01-03-2011 at 09:34 AM.
|
|
|
|
|
01-03-2011, 12:21 PM
|
#9
|
|
Member
Registered: Apr 2007
Location: Indianapolis, Indiana
Distribution: RHEL, Fedora, AIX, HP-UX, FreeBSD, Slackware
Posts: 62
Rep:
|
To quickly check if SELinux is running use the following command.
|
|
|
|
|
01-03-2011, 01:47 PM
|
#10
|
|
Member
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: mepis, ubuntu server ed.
Posts: 207
Rep:
|
well it is such a hell to get vmware working again that i considert disabeling selinux fully
getenforce
Disabled
but relabeling is not an option on the disable option???
???
???
reboot is not relabeling!?
i say to myself this is a forced way to MUST use SELinux
remove selinux
or you try yum remove akonadi or selinux?
it try's to remove half the system!??
|
|
|
|
|
01-03-2011, 01:47 PM
|
#11
|
|
Member
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: mepis, ubuntu server ed.
Posts: 207
Rep:
|
and what is national rational doing internationaly?
|
|
|
|
|
01-04-2011, 09:10 AM
|
#12
|
|
Member
Registered: Apr 2007
Location: Indianapolis, Indiana
Distribution: RHEL, Fedora, AIX, HP-UX, FreeBSD, Slackware
Posts: 62
Rep:
|
Quote:
Originally Posted by R03L
well it is such a hell to get vmware working again that i considert disabeling selinux fully
getenforce
Disabled
but relabeling is not an option on the disable option???
???
???
reboot is not relabeling!?
i say to myself this is a forced way to MUST use SELinux
remove selinux
or you try yum remove akonadi or selinux?
it try's to remove half the system!??
|
*** DO NOT UNINSTALL ANY SELINUX PACKAGES ***
Why would you want to disable or remove SELinux in the first place? It's put on the systems for a reason - to protect your data. I would first recommend simply learning the basics and keep your boxes running in "enforcing mode". If you absolutely *MUST* disable SELinux you can do so like this.
The SELinux config file is here: First you must edit the SELinux config file and change the "SELINUX=enforcing" to:
Reboot
* Please note *
You don't have to relabel the OS once you disable SELinux and reboot. The system would automatically have to relabel the FS if you were to turn SELinux back on and reboot. Albeit if you *MUST* relabel the entire FS, I suggest using the trick similar to "forcefsck".
Run this command and reboot:
Last edited by misconfiguration; 01-04-2011 at 09:31 AM.
|
|
|
|
|
01-04-2011, 10:53 AM
|
#13
|
|
Member
Registered: Feb 2008
Location: holland, near assen. (tt city)
Distribution: mepis, ubuntu server ed.
Posts: 207
Rep:
|
Ok yankyou
|
|
|
|
|
01-04-2011, 01:01 PM
|
#14
|
|
Moderator
Registered: May 2001
Posts: 24,970
|
Quote:
Originally Posted by R03L
well it is such a hell to get vmware working again that i considert disabeling selinux fully
|
Remember that posting exact error messages usually gets you more precise answers. |
|
|
0 members found this post helpful.
|
|
01-10-2011, 12:41 AM
|
#15
|
|
Senior Member
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,
Posts: 1,261
Rep:
|
Quote:
Originally Posted by carlosinfl
Is it possible to run a command on the CLI to check the status of SELinux w/o having to run "system-config-securitylevel"?
|
Type:
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 05:25 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
