Sometimes when I went to see the installation requirements of a program, one of them was that SELinux was disabled. The motivation to write today's tutorial is born from this need, which allows us to
find out if SELinux is enabled or disabled in Linux Ubuntu
In my case I used Ubuntu 16.04 64bit to perform all the tests, but it can surely be applied in other distributions.
What is SELinux?
First of all, we must inform ourselves well of
what SELinux is
. As a summary we could say that it is a
that allows establishing security policies for access control.
In a more practical way and to understand it better,
we could say that with SELinux we ask the Linux kernel if a process is authorized to perform an operation
How to know if SELinux is enabled or disabled in Linux Ubuntu.
To know if SELinux is enabled in Ubuntu you can do it in several ways. I usually use the
application that is designed to be used in shell scripts, but that can serve us perfectly.
If you do not have this tool installed, you will have to install it with the command:
sudo apt install selinux-utils
Now you execute the command:
selinuxenabled; echo $?
This command can return two values:
If it returns
SELinux is disabled
If you return the value
SELinux is enabled
For me this is the cleanest, simplest and fastest option, that's why I recommend it.
Check if SELinux is enabled with sestatus.
A second option is to use the
command. In order to use it, the policycoreutils
must be installed in our system. If not, we can install them with the command:
sudo apt install policycoreutils
Now when executing the
command, something like:
[email protected]:/etc/selinux$ sestatus
SELinux status: disabled
The command itself tells us the status of SELinux, disabled
Check if SELinux is enabled from the configuration file.
In our case, as we are using Linux Ubuntu, the SELinux configuration file is located in the path
. If this file does not exist, it is almost certain that SELinux is disabled, unless someone has made some kind of change in the default Ubuntu configuration.
The contents of the
file will be something like:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
# default - equivalent to the old strict and targeted policies
# mls - Multi-Level Security (for military and educational use)
# src - Custom policy built from source
# SETLOCALDEFS= Check local definition changes
In the configuration file itself we can read the effects that the value of the SELINUX variable has:
Enforcing: SELinux policy is forced, that is,
SELinux is enabled
Permisive: Displays SELinux warnings instead of forcing.
(SELinux policy is not loaded)