Which SELinux mode allows monitoring of rules without enforcing them?

The mode that allows for monitoring of SELinux rules without enforcing them is permissive mode. In this mode, SELinux does not block access based on its policies. Instead, it logs the actions that would have been denied if the enforcement were active. This is particularly useful for debugging and monitoring, as it helps system administrators understand which actions would have been restricted under enforcing mode without actually preventing those actions from occurring. It allows for a safe way to test and audit SELinux policies before fully applying them in enforcing mode.

The other modes serve different purposes. Enforcing mode actively enforces the security policies and denies access based on those rules, while disabled mode completely turns off SELinux. Enabled is a term that is generally used to denote whether SELinux is operating in either enforcing, permissive, or disabled mode but does not specify the monitoring capability provided by permissive mode.