This weeks (now late) Shell Script Sundays (posted on Monday) article is a short one on a check to see if SELinux is enabled. While SELinux has some great security enhancements it can present a number of problems in applications and shell scripts alike. There is a simple utility that comes with many Linux distributions called “selinuxenabled”
selinuxenabled exits with a status of 1 if it is not enabled and 0 if it is. Zero normally means false but in this case since it is an exit status it is an exception. So, if you need to do a quick check, you may just run selinuxenabled. You will quickly find that it returns nothing. To figure out the exit status for your quick check, put an ampersand (&) at the end, and it will tell you the exit status. eg:
[email@example.com ~]# selinuxenabled &
+ Exit 1 selinuxenabled
As we can see from the example above SELinux is disabled.
To use selinuxenabled in your scripts you would use it like any other command. Refer to Shell Scripting 101 for some more information. selinuxenabled can also be used in your scripts to make sure that selinux is enabled, which can be useful if you are trying to do security audits across multiple machines.