Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2025-01-03 03:21:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

anonymize hostname: remove the hostname randomization section

Browse Source 
It isn't necessary to randomize the hostname when one can
simply not leak it.
This commit is contained in:
3hhh 2022-08-20 12:39:08 +02:00
parent d72cbeee9f
commit 4ea74cec07
No known key found for this signature in database
GPG Key ID: EB03A691DB2F0833
1 changed files with 0 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
docs/privacy/anonymizing-your-mac-address.md
View File

@ -67,44 +67,3 @@ In any case it makes sense to double check your results on e.g. your home router
If you want to decide per connection, `NetworkManager` also provides an option to not send the hostname: If you want to decide per connection, `NetworkManager` also provides an option to not send the hostname:
Edit the saved connection files at `/rw/config/NM-system-connections/*.nmconnection` and add the `dhcp-send-hostname=false` line to both the `[ipv4]` and the `[ipv6]` section. Edit the saved connection files at `/rw/config/NM-system-connections/*.nmconnection` and add the `dhcp-send-hostname=false` line to both the `[ipv4]` and the `[ipv6]` section.
### Randomize the hostname
Alternatively you may use the following code to assign a random hostname to a VM during each of its startup. Please follow the instructions mentioned in the beginning to properly install it.
```.bash
#!/bin/bash
set -e -o pipefail
#
# Set a random hostname for a VM session.
#
# Instructions:
# 1. This file must be placed and made executable (owner: root) inside the template VM of your network VM such that it will be run before your hostname is sent over a network.
# In a Fedora template, use `/etc/NetworkManager/dispatcher.d/pre-up.d/00_hostname`.
# In a Debian template, use `/etc/network/if-pre-up.d/00_hostname`.
# 2. Execute `sudo touch /etc/hosts.lock` inside the template VM of your network VM.
# 3. Execute inside your network VM:
# `sudo bash -c 'mkdir -p /rw/config/protected-files.d/ && echo -e "/etc/hosts\n/etc/hostname" > /rw/config/protected-files.d/protect_hostname.txt'`
#NOTE: mv is atomic on most systems
if [ -f "/rw/config/protected-files.d/protect_hostname.txt" ] && rand="$RANDOM" && mv "/etc/hosts.lock" "/etc/hosts.lock.$rand" ; then
name="PC-$rand"
echo "$name" > /etc/hostname
hostname "$name"
#NOTE: NetworkManager may set it again after us based on DHCP or /etc/hostname, cf. `man NetworkManager.conf` @hostname-mode
#from /usr/lib/qubes/init/qubes-early-vm-config.sh
if [ -e /etc/debian_version ]; then
ipv4_localhost_re="127\.0\.1\.1"
else
ipv4_localhost_re="127\.0\.0\.1"
fi
sed -i "s/^\($ipv4_localhost_re\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
sed -i "s/^\(::1\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
fi
exit 0
```
Assuming that you're using `sys-net` as your network VM, your `sys-net` hostname should now be `PC-[number]` with a different `[number]` each time your `sys-net` is started.
Please note that the above script should _not_ be added to [/rw/config/rc.local](https://www.qubes-os.org/doc/config-files/)) as that is executed only _after_ the network fully started.