Protect hosts file

command-line terminal security hosts

Protecting with ‘schg’, the system immutable flag, is a potential solution, depending on how much protection you need. You can set the schg flag using

sudo chflags schg /etc/hosts

Removal of the protection depends on your kernel security level. Run sysctl kern.securelevel:

  • 1 means you need to boot to single-user mode to run chflags noschg /etc/hosts,
  • 0 means you can simply sudo chflags noschg /etc/hosts.

Instead of schg, you can use System Integrity Protection's restricted flag in El Capitan and later. You can boot to the Recovery HD to set the flag using chflags restricted /etc/hosts.

This protects the file from modification whilst SIP is enabled, which is enabled by default and can only be disabled by booting to the Recovery HD and running csrutil disable.

Check the status of SIP by running csrutil status: if it is enabled, any files with the restricted flag cannot be modified without disabling SIP from Recovery first or by installers signed with Apple's Software Update certificate (even root cannot modify the file).

Related

Lost iPhone, what action to take?
Issues with installing SSD instead of DVD drive?
Can I install Win 10 (GPT formatted USB installer) on MacBook Pro without using BootCamp?
MacBook Air wifi NIC: supported channels
MacBook Pro locked with Find My Mac and won't let me boot
What's the practical difference between a 16GB and 32GB iPhone?
Import movies already on computer into iTunes
How do I make OS X auto focus on the window in the screen the mouse moves into?
"Show Desktop" sometimes sets a window to "always on top"
How to get filename only without path in windows command line?
How can I launch a browser with no window frame or tabs/address bar
Windows utility to render which key I am pressing on-screen [closed]