Rocky Linux

How to Check the SELinux Status on Rocky Linux 9

The Security Enhanced Linux or SELinux is the security framework in Linux. This framework enforces the access control policies which allow the admins to control the access rules for different resources like devices, processes, files, network ports, etc. SELinux has the Mandatory Access Control (MAC) to protect the system from privilege escalation, unauthorized access, and other security breaches. SELinux works by defining the specific permissions and rules that operate between files, processes, and other resources.

Therefore, SELinux improves the system security by minimizing the security vulnerabilities. SELinux is available in almost every Linux distro including RHEL, Fedora, CentOS, and many more. If you are a Linux beginner and you want to check the SELinux status, this guide is for you. In this guide, we will explain the simple method to check the SELinux status on Rocky Linux 9 (RHEL-based OS).

How to Check the SELinux Status on Rocky Linux 9

In this section, we will include all the commands that you can use to display the SELinux on your Rocky Linux 9 machine:

The Sestatus Command

The “sestatus” command shows the SELinux subsystem status. All you need to do is run the following command in the terminal:

sestatus

In the previous image, the parameters represent the following:

SELinux Status It shows the current status of the SELinux.
SELinux policy It indicates the current SELinux policy like enforcing and targeting.
Policy Version It displays the version of the SELinux policy in use.
Policy MLS status It displays the status of the Multi-Level Security (MLS) policy.

The Getenforce Command

If you want to avoid getting the brief about the SELinux, you can use the “getenforce” command. This command displays the single-line information related to the SELinux enforcement mode. Let’s run the following command to get the details:

getenforce

After running the “getenforce” command, you will get one of the following results:

Enforcing SELinux is enabled with the enforcing security policy.
Permissive SELinux is enabled with a permissive security policy.
Disabled SELinux is disabled.

The SELinux Config File

You can directly use the SELinux config file to display its current status. For example, open the config file through the “cat” command:

cat /etc/selinux/config

As you can see in the previous image, SELinux is running in the enforcing mode. However, if you see the “permissive” mode rather than the “enforcing” mode, open the config file in the vi editor:

vi /etc/selinux/config

Now, change the permissive mode to enforcing mode and save the file. Lastly, reboot the system to make the changes successful.

Conclusion

This is how you can easily check and display the SELinux status on a Rocky Linux 9 machine. We included all the possible commands to display the SELinux status including the currently available policy mode. SELinux is a fantastic security framework that adds an extra privacy layer.

About the author

Prateek Jangid

A passionate Linux user for personal and professional reasons, always exploring what is new in the world of Linux and sharing with my readers.