45.2.1. Viewing the Status of SELinux
The sestatus
command provides a
configurable view into the status of SELinux. The simplest form of this
command shows the following information:
[root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted
The -v
option includes information about the security contexts of a series of files that are specified in /etc/sestatus.conf
:
[root@localhost ~]# sestatus -v SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted Process contexts: Current context: user_u:system_r:unconfined_t Init context: system_u:system_r:init_t /sbin/mingetty system_u:system_r:getty_t /usr/sbin/sshd system_u:system_r:unconfined_t:s0-s0:c0.c1023 File contexts: Controlling term: user_u:object_r:devpts_t /etc/passwd system_u:object_r:etc_t /etc/shadow system_u:object_r:shadow_t /bin/bash system_u:object_r:shell_exec_t /bin/login system_u:object_r:login_exec_t /bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t /sbin/agetty system_u:object_r:getty_exec_t /sbin/init system_u:object_r:init_exec_t /sbin/mingetty system_u:object_r:getty_exec_t /usr/sbin/sshd system_u:object_r:sshd_exec_t /lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:lib_t /lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t
The -b
displays the current state of
booleans. You can use this in combination with grep or other tools to
determine the status of particular booleans:
[root@host2a ~]# sestatus -b | grep httpd | grep on$ httpd_builtin_scripting on httpd_disable_trans on httpd_enable_cgi on httpd_enable_homedirs on httpd_unified on
Fuente: https://www.centos.org/docs/5/html/5.1/Deployment_Guide/sec-selinux-status-viewing.html
vi /etc/selinux/config #-------------------------------------------- #5.4.2. Disabling SELinux #Para desabilitar hay que poner la variable SELINUX en disabled: SELINUX=disabled en el archivo /etc/selinux/config: # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted