# Security-Enhanced Linux > Linux kernel security module **Wikidata**: [Q116038](https://www.wikidata.org/wiki/Q116038) **Wikipedia**: [English](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) **Source**: https://4ort.xyz/entity/security-enhanced-linux ## Summary Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides mandatory access control (MAC) to enhance system security by enforcing strict policies on processes, files, and system resources. Developed by the National Security Agency (NSA) and first released in 2000, SELinux is widely used in enterprise environments to mitigate security risks by restricting unauthorized access and preventing privilege escalation. ## Key Facts - **Type**: Linux kernel security module - **Developer**: Red Hat (originally developed by the NSA) - **First Release**: December 22, 2000 - **Latest Stable Version**: 3.6 (released December 13, 2023) - **License**: GNU General Public License (GPL) - **Operating System**: Linux - **Primary Function**: Mandatory Access Control (MAC) for enhanced system security - **Website**: [selinuxproject.org](https://selinuxproject.org/) - **Source Code Repository**: [GitHub](https://github.com/SELinuxProject/selinux) - **Aliases**: SELinux, Security-Enhanced Linux, Security Enhanced Linux, SE Linux ## FAQs ### Q: What is SELinux used for? A: SELinux is used to enforce mandatory access control (MAC) policies in Linux systems, restricting unauthorized access and preventing privilege escalation by defining strict security rules for processes, files, and system resources. ### Q: Who developed SELinux? A: SELinux was originally developed by the National Security Agency (NSA) and later maintained by Red Hat. ### Q: How does SELinux differ from traditional Linux permissions? A: Unlike traditional Linux permissions (discretionary access control, DAC), SELinux enforces mandatory access control (MAC), meaning security policies are enforced system-wide and cannot be overridden by users. ### Q: Is SELinux compatible with all Linux distributions? A: SELinux is primarily supported on Red Hat-based distributions (e.g., RHEL, CentOS, Fedora) and is available as an optional security module for other Linux distributions. ### Q: How do I check if SELinux is enabled on my system? A: You can check SELinux status by running the command `sestatus` in the terminal, which will display the current mode (enforcing, permissive, or disabled) and policy version. ## Why It Matters SELinux plays a critical role in modern cybersecurity by providing an additional layer of defense against exploits and unauthorized access. By enforcing strict security policies, SELinux helps mitigate risks such as privilege escalation, malware infection, and data breaches. It is widely adopted in enterprise environments, government systems, and critical infrastructure to ensure compliance with security standards. SELinux's mandatory access control model complements traditional Linux permissions, making it a valuable tool for hardening systems against evolving threats. ## Notable For - **First Major Linux Security Module**: SELinux was one of the first widely adopted security modules for the Linux kernel, pioneering mandatory access control (MAC) in mainstream operating systems. - **Enterprise Adoption**: SELinux is a standard security feature in Red Hat Enterprise Linux (RHEL) and is used by organizations requiring high-security environments. - **Policy-Based Security**: SELinux's policy-driven approach allows administrators to define granular security rules, making it highly configurable for different security requirements. - **Open Source Development**: The project is maintained as an open-source initiative, with contributions from the community and Red Hat. - **Compliance Support**: SELinux helps organizations meet regulatory and compliance requirements by enforcing strict access controls and audit logging. ## Body ### Overview Security-Enhanced Linux (SELinux) is a security module integrated into the Linux kernel that implements mandatory access control (MAC). It was developed by the NSA and first released in December 2000. SELinux enforces security policies that cannot be overridden by users, providing a robust defense against unauthorized access and privilege escalation. ### Development and History - **Origins**: SELinux was created by the NSA to enhance the security of Linux systems, particularly for government and military applications. - **Maintenance**: Red Hat has been the primary maintainer of SELinux since its early development. - **Open Source**: The project is hosted on GitHub, with contributions from the community and Red Hat. ### Technical Features - **Mandatory Access Control (MAC)**: SELinux enforces strict policies that define what processes can access, limiting the impact of security breaches. - **Policy Configuration**: Administrators can define custom policies using tools like `semanage` and `seinfo`. - **Audit Logging**: SELinux logs security events, helping administrators monitor and investigate potential security incidents. ### Versions and Releases - **Stable Releases**: SELinux has seen multiple stable releases, with the latest version being 3.6 (released December 13, 2023). - **Release Candidates**: Earlier versions include 2.9-rc2 (February 28, 2019) and 3.5 (February 23, 2023). ### Compatibility and Usage - **Primary Platform**: SELinux is most commonly used on Red Hat-based distributions, including RHEL, CentOS, and Fedora. - **Optional on Other Distros**: While not natively supported, SELinux can be installed on other Linux distributions as an optional security module. ### Tools and Management - **Command-Line Tools**: Users can manage SELinux policies using tools like `sestatus`, `setenforce`, and `getenforce`. - **Graphical Interfaces**: Some distributions offer graphical tools for policy management, such as SELinux Policy Management in RHEL. ### Security Benefits - **Reduced Attack Surface**: SELinux restricts unauthorized access, making it harder for attackers to exploit vulnerabilities. - **Compliance**: SELinux helps organizations meet security standards and compliance requirements by enforcing strict access controls. ### Future Development - **Ongoing Maintenance**: Red Hat continues to develop and maintain SELinux, ensuring compatibility with newer Linux kernel versions. - **Community Contributions**: The open-source nature of SELinux encourages contributions from developers worldwide. ## References 1. [SELinux userspace release 20180524 / 2.8. 2018](https://github.com/SELinuxProject/selinux/releases/tag/20180524) 2. [Source](https://github.com/SELinuxProject/selinux/commit/ee1809f453038f7f34719f3fbd448893853d473f) 3. [Release 2.9. 2019](https://github.com/SELinuxProject/selinux/releases/tag/20190315) 4. [Release 3.0. 2019](https://github.com/SELinuxProject/selinux/releases/tag/20191204) 5. [Release 3.1. 2020](https://github.com/SELinuxProject/selinux/releases/tag/20200710) 6. [Release 3.2. 2021](https://github.com/SELinuxProject/selinux/releases/tag/3.2) 7. [Release 3.3. 2021](https://github.com/SELinuxProject/selinux/releases/tag/3.3) 8. [Release 3.4. 2022](https://github.com/SELinuxProject/selinux/releases/tag/3.4) 9. [SELinux userspace release 3.5 Latest. 2023](https://github.com/SELinuxProject/selinux/releases/tag/3.5) 10. [Release 3.6. 2023](https://github.com/SELinuxProject/selinux/releases/tag/3.6) 11. [Release 3.7. 2024](https://github.com/SELinuxProject/selinux/releases/tag/3.7) 12. [Release 3.8. 2025](https://github.com/SELinuxProject/selinux/releases/tag/3.8) 13. [Release 3.8.1. 2025](https://github.com/SELinuxProject/selinux/releases/tag/3.8.1) 14. [Release SELinux userspace release 3.9 ยท SELinuxProject/selinux](https://github.com/SELinuxProject/selinux/releases/tag/3.9) 15. [Release 3.10. 2026](https://github.com/SELinuxProject/selinux/releases/tag/3.10) 16. [Security-enhanced Linux available at NSA site - MARC](https://marc.info/?l=linux-kernel&m=97749381725894) 17. Freebase Data Dumps. 2013