Find the answer to your Linux question:
Results 1 to 3 of 3
I'm looking for a way to modify something deep in the structure of Linux (so I cannot just circumvent it by killing a process/task), that protects /etc/hosts from any changes, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2012
    Posts
    2

    kernel-level/system-critical daemon monitoring /etc/hosts


    I'm looking for a way to modify something deep in the structure of Linux (so I cannot just circumvent it by killing a process/task), that protects /etc/hosts from any changes, even by root (myself). I'd be willing to modify kernel source and recompile that.
    It would be ideal if there was a way to add but not remove hostnames for 127.0.0.1 or 0.0.0.0 by way of a command.
    In any case it should be a huge hassle involving something as bothersome as kernel recompilation or similar to remove hostnames from /etc/hosts.

    As the root of a system, there are just no ways to disallow oneself to waste time on the internet (youtube, browsergames, ...), that aren't circumvented in a matter of seconds grace to the power of sudo or su (or just plain deactivating the respective FF/Chromium extension).

    One idea would be to open and read the file during the boot process and keeping it open so that message that it's still in use and thus cannot be deleted message appears if one tries that and also watch the file and overwrite it when it is written in (though it would be kind of hard to avoid a loop there).
    It would be best to patch something that is changed less often than the kernel, so the patching wouldn't need to be as often. I "speak" a few programming languages, but sadly not C/C++, though I understand it.

    Anyway, I'd be grateful for any help, be it hints, suggestions, bits of code or even a full-fledged patch.

  2. #2
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    First you want to protect it from _any_ changes, then from only _some_ changes. Which is it?

    Protecting from _any_ changes is one of the kinds of things selinux was designed for.

  3. #3
    Just Joined!
    Join Date
    May 2012
    Posts
    2
    Thank you for your answer. I'm sorry. Let me rephrase it then: "any direct changes by a human, including root" or "any changes (other than adding 127.0.0.1 hostnames)". Either one is fine if. Just imagine the words in italics were there and you should hopefully no longer feel that you need to dismiss what I said based on it being contradictory, stupid, or whatever else you might have thought it to be.

    Anyway, isn't it possible to have the respective process "reserve" the file in a way that only it can write the file (locking it)?
    Allowed changes could then be made the same way like how one interacts with a daemon (so I guess a daemon should probably be used as host, provided there is one deep down enough in the structure).

    As far as I know selinux does nothing even close to what I'm envisioning. Not that I know a lot about selinux, to be honest, but I very much doubt it would prevent root from changing anything that isn't system-critical.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •