Linux Blog

Check if SELinux is Enabled

Filed under: Shell Script Sundays — TheLinuxBlog.com at 10:41 am on Monday, December 8, 2008

This weeks (now late) Shell Script Sundays (posted on Monday) article is a short one on a check to see if SELinux is enabled. While SELinux has some great security enhancements it can present a number of problems in applications and shell scripts alike. There is a simple utility that comes with many Linux distributions called “selinuxenabled”

selinuxenabled exits with a status of 1 if it is not enabled and 0 if it is. Zero normally means false but in this case since it is an exit status it is an exception. So, if you need to do a quick check, you may just run selinuxenabled. You will quickly find that it returns nothing. To figure out the exit status for your quick check, put an ampersand (&) at the end, and it will tell you the exit status. eg:

[root@thelinuxblog.com ~]# selinuxenabled &
[1] 28417
[1]+  Exit 1                  selinuxenabled

As we can see from the example above SELinux is disabled.

To use selinuxenabled in your scripts you would use it like any other command. Refer to Shell Scripting 101 for some more information. selinuxenabled can also be used in your scripts to make sure that selinux is enabled, which can be useful if you are trying to do security audits across multiple machines.





Random Man Pages:
getfilename
rcsfile
perlfaq7
sis

1 Comment »

Comment by Luis

December 11, 2008 @ 4:57 pm

you can also use getenforce for english; it outputs Disabled|Enabled|Permissive

[luis.cerezo@hou58375 inputs]$ /usr/sbin/getenforce
Disabled
[luis.cerezo@hou58375 inputs]$

[lcerezo@hounx01 ~]$ /usr/sbin/getenforce
Permissive
[lcerezo@hounx01 ~]$

it will be

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>