sestatus(8) SELinux command line documentation sestatus(8)NAME
sestatus - SELinux status tool
SYNOPSIS
sestatus [-v] [-b]
This tool is used to get the status of a system running SELinux.
DESCRIPTION
This manual page describes the sestatus program.
This tool is used to get the status of a system running SELinux. It displays data about whether SELinux is enabled or disabled, location of
key directories, and the loaded policy with its status as shown in the example:
> sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allow
Max kernel policy version: 26
sestatus can also be used to display:
- The security context of files and processes listed in the /etc/sestatus.conf file. The format of this file is described in ses-
tatus.conf(5).
- The status of booleans.
OPTIONS -v
Displays the contexts of files and processes listed in the /etc/sestatus.conf file. It also checks whether the file is a symbolic
link, if so then the context of the target file is also shown.
The following contexts will always be displayed:
The current process context
The init process context
The controlling terminal file context
-b
Display the current state of booleans.
FILES
/etc/sestatus.conf
AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com>.
The program was written by Chris PeBenito <pebenito@gentoo.org>
SEE ALSO selinux(8), sestatus.conf(5)Security Enhanced Linux 26 Nov 2011 sestatus(8)
Check Out this Related Man Page
sestatus.conf(5) sestatus configuration file sestatus.conf(5)NAME
sestatus.conf - The sestatus(8) configuration file.
DESCRIPTION
The sestatus.conf file is used by the sestatus(8) command with the -v option to determine what file and process security contexts should be
displayed.
The fully qualified path name of the configuration file is:
/etc/sestatus.conf
The file consists of two optional sections as described in the FILE FORMAT section. Whether these exist or not, the following will always
be displayed:
The current process context
The init process context
The controlling terminal file context
FILE FORMAT
The format consists of two optional sections as follows:
[files]
file_name
[file_name]
...
[process]
executable_file_name
[executable_file_name]
...
Where:
[files]
The start of the file list block.
file_name
One or more fully qualified file names, each on a new line will that will have its context displayed. If the file does not
exist, then it is ignored. If the file is a symbolic link, then sestatus -v will also display the target file context.
[process]
The start of the process list block.
executable_file_name
One or more fully qualified executable file names that should it be an active process, have its context displayed. Each entry
is on a new line.
EXAMPLE
# /etc/sestatus.conf
[files]
/etc/passwd
/etc/shadow
/bin/bash
/bin/login
/lib/libc.so.6
/lib/ld-linux.so.2
/lib/ld.so.1
[process]
/sbin/mingetty
/sbin/agetty
/usr/sbin/sshd
SEE ALSO selinux(8), sestatus(8)Security Enhanced Linux 26-Nov-2011 sestatus.conf(5)
I am on a fedora core 2.6.9-1.677 i686
which is selinux enabled unlike the version I was on before .. which had to be manually enabled ..and if you knew nothing of the sort you were lost.. that was the case for me anyway! like i was saying ... now I am on a system that is enabled I have just... (1 Reply)
Hi,
Has anyone enabled SELinux on Amazon EC2?
I tried to enable SELinux using a CentOS image, and the steps in the following post, but it didn't work!!
Amazon Web Services Developer Community : Has anyone successfully enabled SELinux ...
The steps i took:
1)I started with CentOS 5.3 base... (5 Replies)
Hi, If I want to write perl program that simulated Least Recently Loaded(LRL) to calculate page fault:
The user must input page access and number of page fram that need to be greater than 3
Example
Page Access: 5, 3, 4, 1, 7, 5, 3, 2, 3, 6, 7, 1, 4, 6
Frames: 3
PA: 5 3 4 1 7 5 3 2 3 6... (6 Replies)
Hi
Do you know a tool for redhat/unix, that receives process ID, and provides list of all files that were changed by this process?
Thanks
Guy (2 Replies)