The Security Enhanced Linux or SELinux is the security framework in Linux. This framework enforces the access control policies which allow the admins to control the access rules for different resources like devices, processes, files, network ports, etc. SELinux has the Mandatory Access Control (MAC) to protect the system from privilege escalation, unauthorized access, and other security breaches. SELinux works by defining the specific permissions and rules that operate between files, processes, and other resources.

Therefore, SELinux improves the system security by minimizing the security vulnerabilities. SELinux is available in almost every Linux distro including RHEL, Fedora, CentOS, and many more. If you are a Linux beginner and you want to check the SELinux status, this guide is for you. In this guide, we will explain the simple method to check the SELinux status on Rocky Linux 9 (RHEL-based OS).

How to Check the SELinux Status on Rocky Linux 9

In this section, we will include all the commands that you can use to display the SELinux on your Rocky Linux 9 machine:

The Sestatus Command

The “sestatus” command shows the SELinux subsystem status. All you need to do is run the following command in the terminal:

In the previous image, the parameters represent the following:

SELinux Status	It shows the current status of the SELinux.
SELinux policy	It indicates the current SELinux policy like enforcing and targeting.
Policy Version	It displays the version of the SELinux policy in use.
Policy MLS status	It displays the status of the Multi-Level Security (MLS) policy.

The Getenforce Command

If you want to avoid getting the brief about the SELinux, you can use the “getenforce” command. This command displays the single-line information related to the SELinux enforcement mode. Let’s run the following command to get the details:

After running the “getenforce” command, you will get one of the following results:

Enforcing	SELinux is enabled with the enforcing security policy.
Permissive	SELinux is enabled with a permissive security policy.
Disabled	SELinux is disabled.

The SELinux Config File

You can directly use the SELinux config file to display its current status. For example, open the config file through the “cat” command:

As you can see in the previous image, SELinux is running in the enforcing mode. However, if you see the “permissive” mode rather than the “enforcing” mode, open the config file in the vi editor:

Now, change the permissive mode to enforcing mode and save the file. Lastly, reboot the system to make the changes successful.

Conclusion

This is how you can easily check and display the SELinux status on a Rocky Linux 9 machine. We included all the possible commands to display the SELinux status including the currently available policy mode. SELinux is a fantastic security framework that adds an extra privacy layer.