Latest articles in ‘Cheatsheet’

  1. SELinux cheatsheet

    Published: Fri 08 September 2017 in Cookbook.
    A mind-refresher on SELinux main commands, files and behavior.

    This page is only designed as a memory-refresher. SElinux may be a complex thing to get right, if you are not familiar with it yet I highly encourage you to read Sven Vermeulen books.

    SELinux state

    To detect whether SELinux is enabled or not:

    • From a script, selinuxenabled doesn’t produce any output and its exit code gives SELinux status.
    • From an interactive prompt, sestatus provides more information.

    SELinux main configuration file is /etc/selinux/config, it defines:

    • SELINUX=: SELinux state:

      • enforcing: Enabled and block unauthorized actions (policy violations).

      • permissive: Enabled, but only logs unauthorized actions and does not block them (useful for development and HIDS purposes).

      • disabled: SELinux is completely disabled.


        If SELinux has been temporarily disabled (which is not recommended, there are usually cleaner ways to proceed), a global relabel will be required before re-enabling SELinux.

        More information.

    • SELINUXTYPE=: The policy currently in use, available policies depend …

Popular tags see all