#!/bin/bash
#
# Check SELinux status
# SELinux has three modes:
# - permissive
# - enforcing
# - disabled

# we are not looking at SELINUXPOLICY - although it may be of interest
# in the future

if command sestatus > /dev/null ; then
    # Selinux status
    status=`sestatus | grep "SELinux status:" | awk '{print $3}'`
    # the current mode
    curmode=`sestatus | grep "Current mode:" | awk '{print $3}'`
    # the mode from file
    filemode=`sestatus | grep "Mode from config file:" | awk '{print $5}'`
    echo '<<<selinux>>>'
    echo $status $curmode $filemode
fi

