Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Alert on DNS resolver changes #42

Open
pirate opened this issue Dec 19, 2016 · 0 comments
Open

Alert on DNS resolver changes #42

pirate opened this issue Dec 19, 2016 · 0 comments
Labels
contribution wanted minor tweak new feature
Projects
Development

Comments

@pirate
Copy link
Owner

pirate commented Dec 19, 2016

I'm splitting this out from #24, I want to add an alert whenever DNS resolvers change on the system, as these can be used to snoop on traffic and redirect people maliciously.

We can watch for the following event in the syslog, or just manually check the dns resolution conf and alert whenever it changes.

  • DNS change line found in syslog: mDNSResponder: SIGHUP: Purge cache
  • file containing DNS resolution order: /etc/resolv.conf
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
contribution wanted minor tweak new feature
Projects
Development
Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pirate