testsAndMisc/linux_configuration/scripts
Krzysztof Rudnicki 6ec85106b7 Protect nsswitch.conf and resolved.conf from hosts bypass
- Add enforce-resolved.sh: validates ReadEtcHosts=yes, prevents
  DNSOverTLS bypass, removes drop-in overrides, locks drop-in dir
- Add resolved-guard.path/service: watches /etc/systemd/resolved.conf
  and its drop-in directory for tampering
- Update pacman hooks to unlock/relock nsswitch.conf and resolved.conf
  alongside /etc/hosts during package transactions
- Extend setup_hosts_guard.sh with --skip-resolved option, resolved
  canonical snapshot, drop-in directory locking, and enforcement
- Add resolved.conf checks to check_and_enable_services.sh: validates
  ReadEtcHosts, DNSOverTLS, drop-in overrides, immutable attribute,
  and resolved-guard.path status with auto-fix capability

Fixed on live system: ReadEtcHosts was set to 'no' and nsswitch.conf
was missing 'files' in the hosts line, completely bypassing /etc/hosts.
2026-02-20 23:21:25 +01:00
..
digital_wellbeing feat: LeechBlock default config, Chrome repo, nsswitch fixes, extended checker 2026-02-20 20:24:13 +01:00
features feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
fixes feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
lib feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
meta Add 'linux_configuration/' from commit '0762e3d07b90bac9256eb272de10bf9f42878094' 2026-02-06 21:43:26 +01:00
misc/testsAndMisc-bash feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
system-maintenance feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
utils feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
check_and_enable_services.sh Protect nsswitch.conf and resolved.conf from hosts bypass 2026-02-20 23:21:25 +01:00
install_joplin.sh pre commit fixes 2026-02-20 00:21:41 +01:00
setup_periodic_system.sh Add 'linux_configuration/' from commit '0762e3d07b90bac9256eb272de10bf9f42878094' 2026-02-06 21:43:26 +01:00
setup_thorium_startup.sh feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
test_bad.sh feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
test_removal.sh feat: great beautiful fixes 2026-02-20 01:17:53 +01:00