To check if selinux is enabled, run "sestatus" command
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
to check if selinux is enforcing, you can run "getenforce" command
$ getenforce
Enforcing
There may be times when you may want to temporarily disable selinux for testing purposes. To do so, you will have to modify /etc/selinux/config file such as
************
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
************
Once you make the above change, you will have to reboot the system for the changes to take effect. Once rebooted, you can run "getenforce" to check if selinux has been disabled. If you want to turn it back on set SELINUX=enforcing in /etc/selinux/config and reboot the machine.
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
to check if selinux is enforcing, you can run "getenforce" command
$ getenforce
Enforcing
There may be times when you may want to temporarily disable selinux for testing purposes. To do so, you will have to modify /etc/selinux/config file such as
************
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
************
Once you make the above change, you will have to reboot the system for the changes to take effect. Once rebooted, you can run "getenforce" to check if selinux has been disabled. If you want to turn it back on set SELINUX=enforcing in /etc/selinux/config and reboot the machine.
No comments:
Post a Comment