Reputation: 1707
Check SeLinux Status
Using the following code I would like to check the status of SeLinux e.g. enforcing, permissive, disabled. If the status is other then disabled, then I will advise the user to disable Selinux.
I'm running the following in a .sh file. The current status of SeLinux is Permissive. Running the following code ends up in the else clause.
#! /bin/bash
SELINUXSTATUS=getenforce;
if [ "$SELINUXSTATUS" == "Permissive" ]; then
echo "Disable SeLinux";
else
echo "All Good. Continue...";
fi;
Upvotes: 3
Views: 5070
Answers (3)
Reputation: 129
You must use SELINUXSTATUS=$(getenforce).
Now your variable SELINUXSTATUS is just string "getenforce".
Upvotes: 2
Reputation: 718678
As @Jon says:
SELINUXSTATUS=$(getenforce)
runs the getenforce commandf, captures its output and sets the variable to that value. Alternately,
SELINUXSTATUS=`getenforce`
does the same thing. (Note that those are back-ticks ... not regular single quotes.)
But be aware that there are three possible results from getenforce; i.e. Disabled, Permissive and Enforcing.
Upvotes: 2
Reputation: 3671
Try
SELINUXSTATUS=$(getenforce)
Currently, your script will just set SELINUXSTATUS to the literal string getenforce. $(command) is the magic in bash which runs a command and captures its output.
Upvotes: 5
Related Questions
- How do I detect if SELinux is enabled in an android application?
- SElinux Android message interpretation
- ansible playbook to check the condition of Selinux status
- Read SELinux in Android device
- Is SELinux still effective even when an attacker obtains the root shell?
- detecting if someone has selinux installed / httpd_can_network_connect enabled
- Trying to find out if chmod has failed
- SElinux integrety check
- PHP Shell_exec and sudo commands for SELinux administration
- MySql SeLinux policy permissions