feat: make etc hosts more restrictive

This commit is contained in:
Krzysztof kuhy Rudnicki 2025-06-03 22:41:00 +02:00
parent aff91d0c86
commit 05bbad7e5b
2 changed files with 28 additions and 8 deletions

View File

@ -25,13 +25,13 @@
127.0.0.1 s.youtube.com
127.0.0.1 googlevideo.com
127.0.0.1 www.googlevideo.com
0.0.0.0 discord.com
0.0.0.0 www.discord.com
0.0.0.0 discordapp.com
0.0.0.0 www.discordapp.com
0.0.0.0 cdn.discordapp.com
0.0.0.0 cdn.discord.com
0.0.0.0 media.discordapp.net
# 0.0.0.0 discord.com
# 0.0.0.0 www.discord.com
# 0.0.0.0 discordapp.com
# 0.0.0.0 www.discordapp.com
# 0.0.0.0 cdn.discordapp.com
# 0.0.0.0 cdn.discord.com
# 0.0.0.0 media.discordapp.net
# Block Minecraft download sites
127.0.0.1 minecraft.net
127.0.0.1 www.minecraft.net

View File

@ -1,4 +1,24 @@
#!/bin/bash
# Enable systemd-resolved
sudo systemctl enable systemd-resolved
# Remove all attributes from /etc/hosts to allow modifications
sudo chattr -i -a /etc/hosts 2>/dev/null || true
# Copy the hosts file
sudo cp hosts /etc/hosts
sudo systemd-resolve --flush-caches
# Set restrictive permissions (read-only for owner, no access for group/others)
sudo chmod 600 /etc/hosts
# Make the file immutable (prevents deletion, renaming, and most modifications)
sudo chattr +i /etc/hosts
# Also set append-only attribute as additional protection
# Note: This requires removing immutable first, then setting both
sudo chattr -i /etc/hosts
sudo chattr +a /etc/hosts
# Flush DNS caches
sudo systemd-resolve --flush-caches