+4 votes
837 views
How to know if SELinux is enabled or disabled in Ubuntu

in Guides by (369k points)
reopened | 837 views

1 Answer

+5 votes
Best answer

What is SELinux?
How to know if SELinux is enabled or disabled in Linux Ubuntu.
Check if SELinux is enabled with sestatus.
Check if SELinux is enabled from the configuration file.

Sometimes when I went to see the installation requirements of a program, one of them was that SELinux was disabled. The motivation to write today's tutorial is born from this need, which allows us to find out if SELinux is enabled or disabled in Linux Ubuntu .

image

In my case I used Ubuntu 16.04 64bit to perform all the tests, but it can surely be applied in other distributions.

What is SELinux?

First of all, we must inform ourselves well of what SELinux is . As a summary we could say that it is a security module that allows establishing security policies for access control.

In a more practical way and to understand it better, we could say that with SELinux we ask the Linux kernel if a process is authorized to perform an operation .

How to know if SELinux is enabled or disabled in Linux Ubuntu.

To know if SELinux is enabled in Ubuntu you can do it in several ways. I usually use the selinux-utils application that is designed to be used in shell scripts, but that can serve us perfectly.

If you do not have this tool installed, you will have to install it with the command:
sudo apt install selinux-utils

Now you execute the command:
selinuxenabled; echo $?

This command can return two values:

  • If it returns 1 , SELinux is disabled .
  • If you return the value 0 , SELinux is enabled .

For me this is the cleanest, simplest and fastest option, that's why I recommend it.

Check if SELinux is enabled with sestatus.

A second option is to use the sestatus command. In order to use it, the policycoreutils policycoreutils must be installed in our system. If not, we can install them with the command:
sudo apt install policycoreutils

Now when executing the sestatus command, something like:

[email protected]:/etc/selinux$ sestatus
SELinux status:                 disabled

The command itself tells us the status of SELinux, disabled (disabled) or enabled (enabled) .

Check if SELinux is enabled from the configuration file.

In our case, as we are using Linux Ubuntu, the SELinux configuration file is located in the path /etc/selinux/config . If this file does not exist, it is almost certain that SELinux is disabled, unless someone has made some kind of change in the default Ubuntu configuration.

The contents of the /etc/selinux/config file will be something like:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# default - equivalent to the old strict and targeted policies
# mls     - Multi-Level Security (for military and educational use)
# src     - Custom policy built from source
SELINUXTYPE=default
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

In the configuration file itself we can read the effects that the value of the SELINUX variable has:

  • Enforcing: SELinux policy is forced, that is, SELinux is enabled .
  • Permisive: Displays SELinux warnings instead of forcing.
  • Disable: SELinux disabled (SELinux policy is not loaded) .

by (2.3m points)

Related questions

+4 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (369k points) | 135 views
+3 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (369k points) | 113 views
+4 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (369k points) | 118 views
+5 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (369k points) | 1.9k views
Please leave a comment about whether the solution works or not (with device model)   [X]Close
7,086 questions
7,183 answers
317 comments
2 users