mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-01-28 15:27:18 -05:00
Merge branch 'patch-3' of https://github.com/3hhh/qubes-doc into 3hhh-patch-3
This commit is contained in:
commit
97fac4cdab
@ -71,3 +71,46 @@ Finally, shutdown all VMs and change the settings of sys-firewall, etc. to use t
|
||||
|
||||
You can check the MAC address currently in use by looking at the status pages of your router device(s), or inside the NetVM with the command `sudo ip link show`.
|
||||
|
||||
## Randomize your hostname
|
||||
|
||||
DHCP requests also leak your hostname to your LAN. Since your hostname is usually `sys-net`, other network users can easily spot that you're using Qubes OS.
|
||||
|
||||
Unfortunately `NetworkManager` currently doesn't provide an option to disable that leak globally ([Gnome Bug 768076](https://bugzilla.gnome.org/show_bug.cgi?id=768076)).
|
||||
|
||||
You may however use the following code to assign a random hostname to a VM during each of its startup. Please follow the instructions mentioned in the beginning to properly install it.
|
||||
|
||||
```.bash
|
||||
#!/bin/bash
|
||||
set -e -o pipefail
|
||||
#
|
||||
# Set a random hostname for a VM session.
|
||||
#
|
||||
# Instructions:
|
||||
# 1. This file must be placed and made executable as the file /etc/network/if-pre-up.d/00_hostname (owner: root) inside the template VM of your
|
||||
# network VM.
|
||||
# 2. Execute `sudo touch /etc/hosts.lock` inside the template VM of your network VM.
|
||||
# 3. Execute inside your network VM:
|
||||
# `sudo bash -c 'mkdir -p /rw/config/protected-files.d/ && echo -e "/etc/hosts\n/etc/hostname" > /rw/config/protected-files.d/protect_hostname.txt'`
|
||||
|
||||
|
||||
#NOTE: mv is atomic on most systems
|
||||
if [ -f "/rw/config/protected-files.d/protect_hostname.txt" ] && rand="$RANDOM" && mv "/etc/hosts.lock" "/etc/hosts.lock.$rand" ; then
|
||||
name="PC-$rand"
|
||||
echo "$name" > /etc/hostname
|
||||
hostname "$name"
|
||||
#NOTE: NetworkManager may set it again after us based on DHCP or /etc/hostname, cf. `man NetworkManager.conf` @hostname-mode
|
||||
|
||||
#from /usr/lib/qubes/init/qubes-early-vm-config.sh
|
||||
if [ -e /etc/debian_version ]; then
|
||||
ipv4_localhost_re="127\.0\.1\.1"
|
||||
else
|
||||
ipv4_localhost_re="127\.0\.0\.1"
|
||||
fi
|
||||
sed -i "s/^\($ipv4_localhost_re\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
|
||||
sed -i "s/^\(::1\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
|
||||
fi
|
||||
exit 0
|
||||
```
|
||||
Assuming that you're using `sys-net` as your network VM, your `sys-net` hostname should now be `PC-[number]` with a different `[number]` each time your `sys-net` is started.
|
||||
|
||||
Please note that the above script should _not_ be added to [/rw/config/rc.local](/doc/config-files/)) as that is executed only _after_ the network fully started.
|
||||
|
Loading…
x
Reference in New Issue
Block a user