Updating hosts file is super easy! Any sed, echo, vim command will work.
You’re perfectly safe, if all changes only come from the automation. And your code is bug-free.
But in the reality, you might have surprises. Especially when people might change it manually.
My Suggestion? Before making any changes, confirm all customizations are expected. If not, abort the changes with proper alerting.
Firstly try your best to avoid hacking /etc/hosts. If you have to, make sure all changes are designed and expected.
Well, I understand, we are not living in a perfect world. We get surprises occassionally.
Here are the typical ones:
- Wrong bindings will result in unexpected behaviors.
- Duplicated bindings are useless.
- Unexpected bindings may bit you later.
Now we know all sorts of unexpected bindings. But How To Detect Them Easily?
Here comes python-hosts-tool.py in GitHub.
The tool asks a whitelist file as an input. Then it examines if any unexpected bindings are found. (Note: duplicated and conflict bindings also count.)
So do you feel this way is safer than a reckless sed or echo command?
Even better, you can create a hourly Jenkins job to run perodical checks, if necessary.
Give it a try now. And let me know what you think.
More Reading:
- Check Linux Process Deeply With Common Sense
- 9 Useful Tips For Linux Server Security
- Linux Measure Process Execution Time
Blog URL: https://www.dennyzhang.com/audit_hostsfile
