Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to use the sestus command to view the current state of SESELinux", the content is simple and easy to understand, organized clearly, I hope to help you solve doubts, let Xiaobian lead you to study and learn "how to use the sestus command to view the current state of SESELinux" this article bar.

The sestatus. conf command is used to view the state of the system running SELinux, apply patterns, boolean values, and display the security context of files and processes listed in the/etc/sestatus.conf file.

1. sestus command output description

The sestatus command displays SELinux enabled status. Additional information about SELinux is also displayed, described here. Here are the sestatus commands on CentOS 8 systems:

[root@localhost ~]# sestatusSELinux status: enabledSELinuxfs mount: /sys/fs/selinuxSELinux root directory: /etc/selinuxLoaded policy name: targetedCurrent mode: enforcingMode from config file: enforcingPolicy MLS status: enabledPolicy deny_unknown status: allowedMemory protection checking: actual (secure)Max kernel policy version: 33

SELinux status: Indicates whether SELinux modules are enabled on the system.

SELinuxfs mount: This is the mount point of the SELinux temporary file system. This is used internally by SELinux. You can view this directory using the ls command.

SELinux root directory: This is where all SELinux configuration files are located. This directory contains all the configuration files required for SELinux, which we can modify.

Loaded policy name: This indicates the currently loaded SELinux policy type. The policy type loaded by default is targeted. The following SELinux policies are available:

targeted-Indicates that SELinux protects only the target process. minimum-This is a slight modification of the targeted policy. In this case, only a few selected processes are protected. mls-This is used for multi-level security protection. MLS is very complex and almost unused in most cases.

Current mode: Indicates whether SELinux is currently executing policies. There are three modes:

enforcing-Indicates that SELinux security policy has been enforced. permissive-indicates that SELinux logs warning messages instead of performing actions. disabled-indicates that SELinux policies are not loaded.

For our practical purposes, enforcing equals enabling SELinux. Permissive and Disabled are equivalent to disabling SELinux.

Policy MLS status: Indicates the current status of the MLS policy. Enabled by default.

Policy deny_unknown status: Indicates the current status of the deny_unknown flag in our policy. By default, it will be set to Allow.

Max kernel policy version: Indicates the current version of the SELinux policy contained in us. In this example, it is version 33.

2. Displays the security context of the selected object in sestus

Use the option-v to display SELinux context for files and processes listed in the/etc/sestatus.conf file. The following is the default output for the sestatus -v option:

In the output above: Process contexts: section shows SELinux context for selected processes. You can add your own processes to the/etc/sestatus.conf file.

File contexts: section shows SELinux context for selected files. You can do this by adding your own custom files to the/etc/sestatus.conf file. Also, if the specified file is a symbolic link, the context of the target file is displayed.

The following are the default settings for the/etc/sestatus.conf file. Add custom files to the [files] section and custom processes to the [process] section.

3. Display Boolean values in sestatus

Using the-b option, you can display the current state of the Boolean values, as shown below. The current SELinux Boolean values for all parameters are displayed in the Policy booleans: section.

[root@localhost ~]# sestatus -b |less

The output above, getsebool, can also display all SELinux boolean values.

[root@localhost ~]# getsebool -a |less

That's all for "How to use sestatus command to check SESELinux current status." Thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.