| Red Hat This forum is for the discussion of Red Hat Linux. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
02-13-2008, 11:58 AM
|
#1
|
|
Senior Member
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905
Rep: 
|
How To Check SELinux Status (NO GUI)
Is it possible to run a command on the CLI to check the status of SELinux w/o having to run "system-config-securitylevel"?
|
|
|
|
|
02-13-2008, 12:39 PM
|
#2
|
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
|
cat /etc/sysconfig/selinux
|
|
|
|
|
02-13-2008, 12:55 PM
|
#3
|
|
Senior Member
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905
Original Poster
Rep:
|
Thanks!
I also found the command
That is also very simple.
Thank you! |
|
|
1 members found this post helpful.
|
|
02-18-2008, 07:36 AM
|
#4
|
|
Member
Registered: Feb 2008
Location: Montreal, Canada
Distribution: RedHat 3/4, Ubuntu 7.10
Posts: 86
Rep:
|
Quote:
Originally Posted by Carlwill
Thanks!
I also found the command
That is also very simple.
Thank you! |
You can also change the policy live like this:
setenforce 0 'to disable
setenforce 1 'to enable
Very practical on a production server when you can't edit /etc/selinux/config and reboot the machine.
Cheers, |
|
|
|
|
02-18-2008, 01:50 PM
|
#5
|
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
|
Quote:
Originally Posted by mtimbro
You can also change the policy live like this:
setenforce 0 'to disable
setenforce 1 'to enable
Very practical on a production server when you can't edit /etc/selinux/config and reboot the machine.
Cheers,
|
But I thought it would still require a reboot to take effect, no? |
|
|
|
|
02-18-2008, 03:01 PM
|
#6
|
|
LQ Guru
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678
Rep:
|
No, setenforce is only valid up until the next boot (ie once you reboot the status will revert to system settings)
|
|
|
|
|
02-20-2008, 07:07 AM
|
#7
|
|
Member
Registered: Feb 2008
Location: Montreal, Canada
Distribution: RedHat 3/4, Ubuntu 7.10
Posts: 86
Rep:
|
Quote:
Originally Posted by Micro420
But I thought it would still require a reboot to take effect, no?
|
Here is the way to disable selinux:
1-Edit /etc/selinux/config and set the SELINUX variable to 'disabled'
2-Use the setenforce command to disable on-the-fly
With solution 1, your changes are permanent but only effective if you reboot the machine.
With solution 2, your changes are NOT permanent but effective immediately.
Hope this clears it up :-). |
|
|
|
|
01-03-2011, 09:28 AM
|
#8
|
|
Member
Registered: Feb 2008
Location: Emmer-compascuum
Distribution: redhat* debian* arch* slack*
Posts: 216
Rep:
|
opinion
Ondough my opinion is selinux in grub is disabled by setting enforcing 0
my thinking say's to me it is Verry important,
for to no sure reasons to set
Code:
SELINUXTYPE=# strict - Full SELinux protection.
afther i done this
selinux takes a "long" time to relable the whole system
whit a cup of coffee 8)
Quote:
|
Java2groovy and grape were conflicting s0?
|
using the same filetype
Last edited by R03L; 01-03-2011 at 09:34 AM.
|
|
|
|
|
01-03-2011, 12:21 PM
|
#9
|
|
Member
Registered: Apr 2007
Location: Indianapolis, Indiana
Distribution: RHEL, Fedora, AIX, HP-UX, FreeBSD, Slackware
Posts: 62
Rep:
|
To quickly check if SELinux is running use the following command.
|
|
|
|
|
01-03-2011, 01:47 PM
|
#10
|
|
Member
Registered: Feb 2008
Location: Emmer-compascuum
Distribution: redhat* debian* arch* slack*
Posts: 216
Rep:
|
well it is such a hell to get vmware working again that i considert disabeling selinux fully
getenforce
Disabled
but relabeling is not an option on the disable option???
???
???
reboot is not relabeling!?
i say to myself this is a forced way to MUST use SELinux
remove selinux
or you try yum remove akonadi or selinux?
it try's to remove half the system!??
|
|
|
|
|
01-03-2011, 01:47 PM
|
#11
|
|
Member
Registered: Feb 2008
Location: Emmer-compascuum
Distribution: redhat* debian* arch* slack*
Posts: 216
Rep:
|
and what is national rational doing internationaly?
|
|
|
|
|
01-04-2011, 09:10 AM
|
#12
|
|
Member
Registered: Apr 2007
Location: Indianapolis, Indiana
Distribution: RHEL, Fedora, AIX, HP-UX, FreeBSD, Slackware
Posts: 62
Rep:
|
Quote:
Originally Posted by R03L
well it is such a hell to get vmware working again that i considert disabeling selinux fully
getenforce
Disabled
but relabeling is not an option on the disable option???
???
???
reboot is not relabeling!?
i say to myself this is a forced way to MUST use SELinux
remove selinux
or you try yum remove akonadi or selinux?
it try's to remove half the system!??
|
*** DO NOT UNINSTALL ANY SELINUX PACKAGES ***
Why would you want to disable or remove SELinux in the first place? It's put on the systems for a reason - to protect your data. I would first recommend simply learning the basics and keep your boxes running in "enforcing mode". If you absolutely *MUST* disable SELinux you can do so like this.
The SELinux config file is here: First you must edit the SELinux config file and change the "SELINUX=enforcing" to:
Reboot
* Please note *
You don't have to relabel the OS once you disable SELinux and reboot. The system would automatically have to relabel the FS if you were to turn SELinux back on and reboot. Albeit if you *MUST* relabel the entire FS, I suggest using the trick similar to "forcefsck".
Run this command and reboot:
Last edited by misconfiguration; 01-04-2011 at 09:31 AM.
|
|
|
|
|
01-04-2011, 10:53 AM
|
#13
|
|
Member
Registered: Feb 2008
Location: Emmer-compascuum
Distribution: redhat* debian* arch* slack*
Posts: 216
Rep:
|
Ok yankyou
|
|
|
|
|
01-04-2011, 01:01 PM
|
#14
|
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by R03L
well it is such a hell to get vmware working again that i considert disabeling selinux fully
|
Remember that posting exact error messages usually gets you more precise answers. |
|
|
0 members found this post helpful.
|
|
01-10-2011, 12:41 AM
|
#15
|
|
Senior Member
Registered: Apr 2007
Location: Bangalore, India
Distribution: RHEL,SuSE,CentOS,Fedora,Ubuntu
Posts: 1,386
Rep:
|
Quote:
Originally Posted by carlosinfl
Is it possible to run a command on the CLI to check the status of SELinux w/o having to run "system-config-securitylevel"?
|
Type:
|
|
|
|
All times are GMT -5. The time now is 09:45 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
