Important Security-enhanced Linux (SELinux) commands


To see the current status of SELinux, run the “getenforce” command.

[root@RHEL04 ~]# getenforce


For more detailed SELinux related information use “sestatus” and “sestatus -v” command.

[root@RHEL04 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted


The current SELinux status can also be changed with the “setenforce” command as shown below.

[root@RHEL03 ~] setenforce enforcing
[root@RHEL03 ~] setenforce permissive


Applies SELinux label to files and directories. If you want to change the settings of a file or directory, you can use the "chcon" command. For example, if you wanted to configure a non-standard directory for an FTP server, you'll want to make sure the context matches the default FTP directory.

The permissions of a standard FTP directory can be viewed by using “ls –Z” command.

[root@RHEL03 ~] ls -Z /var/ftp/
drwxr-xr-x root root system_u:object_r:public_content_t pub

To change the context, use the chcon command. To make the changes recursively use with the -R switch. Change the user and type contexts to match /var/ftp folder using the chcon command.

[root@RHEL03 ~] chcon -R -u user_u -t public_content_rw_t /ftp


Sets the security context of one or more files by marking the extended attributes with the appropriate file or security context.

[root@RHEL03 ~]# restorecon -F -R /ftp


Checks or corrects the security context database on the file system.

[root@RHEL04 /]# fixfiles -l /root/fixchek.txt relabel


get SELinux boolean value(s)

[root@RHEL01 ~]# getsebool –a


setsebool is used to toggle policy booleans on or off.

[root@RHEL01 ~]# setsebool httpd_can_network_connect=on

Note: If you want the Boolean values to be persistant, use the -P option along with setsebool command. The –P option will make pending values be written to the policy file on disk.

Related Tutorials
• Basic Linux Commands
• Linux file permissions
• What is Security-enhanced Linux (SELinux), Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-based Access Control (RBAC)?
• Security-enhanced Linux (SELinux) Security Contexts
• How Security-enhanced Linux (SELinux) works
• Security-enhanced Linux (SELinux) configuration-file (/etc/selinux/conf)
• Security-enhanced Linux (SELinux) - Filesystem Relabeling