sestatus

Print the current status

$ sestatus

$ sestatus -b

$ sestatus -v

sestatus [OPTION]...

-b, --boolean
    Displays the status of all SELinux booleans, indicating whether each is on or off.

-v, --verbose
    Provides more detailed information about the SELinux policy, including the policy load date and the root directory.

The sestatus command is a utility for displaying the current status of SELinux (Security-Enhanced Linux) on a system.

SELinux is a mandatory access control (MAC) security mechanism that provides a flexible and powerful way to enforce security policies beyond traditional discretionary access control (DAC).

sestatus helps administrators quickly ascertain if SELinux is enabled, its current operating mode (e.g., enforcing, permissive, or disabled), and details about the loaded security policy.

The output typically includes the SELinux status, current mode, policy file path, policy type, policy serial number, policy version, and various policy load information.

It's an essential tool for initial system security checks and troubleshooting SELinux-related access issues, providing a snapshot of the system's security posture regarding SELinux enforcement.

sestatus is a reporting tool; it does not change the SELinux status or configuration.

To alter SELinux mode, use commands like setenforce or modify the /etc/selinux/config file.

The command's output assumes SELinux is installed and supported by the kernel; otherwise, it will typically report that SELinux is disabled or not supported.

SELinux originated from the National Security Agency (NSA) as a project to add mandatory access controls to the Linux kernel.

It was integrated into the mainline Linux kernel in 2003.

sestatus is part of the libselinux development libraries and utilities, which provide the foundational tools for interacting with and managing SELinux policies and contexts.

Its development is closely tied to the evolution and widespread adoption of SELinux as a critical security feature in enterprise Linux distributions.

selinux(8), setenforce(8), getenforce(8), semanage(8), restorecon(8), getsebool(8), setsebool(8)