Sometimes when I went to see the installation requirements of a program, one of them was that SELinux was disabled. The motivation to write today's tutorial is born from this need, which allows us to
find out if SELinux is enabled or disabled in Linux Ubuntu
.
In my case I used Ubuntu 16.04 64bit to perform all the tests, but it can surely be applied in other distributions.
What is SELinux?
First of all, we must inform ourselves well of
what SELinux is
. As a summary we could say that it is a
security module
that allows establishing security policies for access control.
In a more practical way and to understand it better,
we could say that with SELinux we ask the Linux kernel if a process is authorized to perform an operation
.
How to know if SELinux is enabled or disabled in Linux Ubuntu.
To know if SELinux is enabled in Ubuntu you can do it in several ways. I usually use the
selinux-utils
application that is designed to be used in shell scripts, but that can serve us perfectly.
If you do not have this tool installed, you will have to install it with the command:
sudo apt install selinux-utils
Now you execute the command:
selinuxenabled; echo $?
This command can return two values:
-
If it returns
1
,
SELinux is disabled
.
-
If you return the value
0
,
SELinux is enabled
.
For me this is the cleanest, simplest and fastest option, that's why I recommend it.
Check if SELinux is enabled with sestatus.
A second option is to use the
sestatus
command. In order to use it, the policycoreutils
policycoreutils
must be installed in our system. If not, we can install them with the command:
sudo apt install policycoreutils
Now when executing the
sestatus
command, something like:
zeokat@ubuntu:/etc/selinux$ sestatus
SELinux status: disabled
The command itself tells us the status of SELinux, disabled
(disabled)
or enabled
(enabled)
.
Check if SELinux is enabled from the configuration file.
In our case, as we are using Linux Ubuntu, the SELinux configuration file is located in the path
/etc/selinux/config
. If this file does not exist, it is almost certain that SELinux is disabled, unless someone has made some kind of change in the default Ubuntu configuration.
The contents of the
/etc/selinux/config
file will be something like:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# default - equivalent to the old strict and targeted policies
# mls - Multi-Level Security (for military and educational use)
# src - Custom policy built from source
SELINUXTYPE=default
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
In the configuration file itself we can read the effects that the value of the SELINUX variable has:
-
Enforcing: SELinux policy is forced, that is,
SELinux is enabled
.
-
Permisive: Displays SELinux warnings instead of forcing.
-
Disable:
SELinux disabled
(SELinux policy is not loaded)
.