testsAndMisc/linux_configuration
Krzysztof Rudnicki 6ec85106b7 Protect nsswitch.conf and resolved.conf from hosts bypass
- Add enforce-resolved.sh: validates ReadEtcHosts=yes, prevents
  DNSOverTLS bypass, removes drop-in overrides, locks drop-in dir
- Add resolved-guard.path/service: watches /etc/systemd/resolved.conf
  and its drop-in directory for tampering
- Update pacman hooks to unlock/relock nsswitch.conf and resolved.conf
  alongside /etc/hosts during package transactions
- Extend setup_hosts_guard.sh with --skip-resolved option, resolved
  canonical snapshot, drop-in directory locking, and enforcement
- Add resolved.conf checks to check_and_enable_services.sh: validates
  ReadEtcHosts, DNSOverTLS, drop-in overrides, immutable attribute,
  and resolved-guard.path status with auto-fix capability

Fixed on live system: ReadEtcHosts was set to 'no' and nsswitch.conf
was missing 'files' in the hosts line, completely bypassing /etc/hosts.
2026-02-20 23:21:25 +01:00
..
.githooks feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
.github feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
docs feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
fresh-install feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
hosts Protect nsswitch.conf and resolved.conf from hosts bypass 2026-02-20 23:21:25 +01:00
i3-configuration fix: install sh i3 2026-02-20 20:43:37 +01:00
report feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
scripts Protect nsswitch.conf and resolved.conf from hosts bypass 2026-02-20 23:21:25 +01:00
tests Add 'linux_configuration/' from commit '0762e3d07b90bac9256eb272de10bf9f42878094' 2026-02-06 21:43:26 +01:00
.gitignore feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
test_results.log Add 'linux_configuration/' from commit '0762e3d07b90bac9256eb272de10bf9f42878094' 2026-02-06 21:43:26 +01:00