- /usr/bin/host not picking up changes to /etc/hosts even after reboot
- Solution 2
- Solution 3
- Related videos on Youtube
- 0xC0000022L
- Comments
- What is the executable /usr/bin/host on linux good for? Can I kill it?
- 1 Answer 1
- You must log in to answer this question.
- Related
- Hot Network Questions
- Subscribe to RSS
- Linux : Binary location for [/usr/bin/host] in csf.conf is either incorrect, is not installed or is not executable
- About Kaven Gagnon
/usr/bin/host not picking up changes to /etc/hosts even after reboot
The host command doesn’t check the hosts file. From the manpage:
host is a simple utility for performing DNS lookups. If you want to test lookups while respecting the hosts file, then use ping or getent.
$ tail -1 /etc/hosts 127.0.0.1 google.com $ ping -c1 google.com | head -1 PING google.com (127.0.0.1) 56(84) bytes of data. $ getent ahosts google.com 127.0.0.1 STREAM google.com 127.0.0.1 DGRAM 127.0.0.1 RAW Solution 2
The host utility is used for DNS lookups. It doesn’t care about hosts files or non-DNS methods of resolving a hostname. If you want to see how your system would resolve a hostname under normal circumstances (taking nsswitch.conf into account), you can use getent . The host utility should be reserved for DNS testing. Here is an example:
$ host foobar.com foobar.com has address 69.89.31.56 foobar.com mail is handled by 0 foobar.com. $ getent hosts foobar.com 10.188.14.16 foobar.com Solution 3
Programs like dig , host and nslookup query the DNS only. They don’t query other sources of host names such as /etc/hosts , NIS or LDAP.
In most setups, the easiest way to smoothly add host names locally is to run a DNS server. Running a DNS cache is a good idea anyway for performance. In other words, the fact that no DNS server is running locally is something to fix rather than something to work around.
Dnsmasq is a common choice: it’s widely available, small (it’s used on many Linux-based routers) and easy to configure. Dnsmasq caches DNS requests and can serve additional names from a hosts file. It also provides a basic DHCP server suitable for small networks, but you don’t have to use that part. If you have an isolated machine, run Dnsmasq on it. If you have a local network, run Dnsmasq (or some other equivalent software that’s already there) on your router. See How to make a machine accessible from the LAN using its hostname for more information including how to set up Dnsmasq.
Related videos on Youtube
0xC0000022L
human father bibliophile geek & ~nerd misanthropic philanthropist skeptic code necromancer programmer reverse engineer (RCE) / software archaeologist / grayhat hacker moderator on reverseengineering system administrator FLOSS enthusiast Debian, FreeBSD and Ubuntu aficionado
Updated on September 18, 2022
Comments
I have a Ubuntu Server 12.04 ( amd64 ) machine on which, when I change /etc/hosts , the changes aren’t picked up, even after a reboot. I am using /usr/bin/host to test, but none of the other programs seems to pick it up either. This is a server and nscd and dnsmasq aren’t installed. Also, the file /etc/nsswitch.conf contains the line:
so that I would expect it to work. I also checked that the mtime of the file changes with editing and tried running service networking restart (against all odds) and also resolvconf -u . All commands where run as root where needed. The machine has network configured manually in /etc/network/interfaces and not via Network Manager (it isn’t installed either). Basically what I want to achieve is that the IP for a few hosts can be manipulated. The reason being that inside our network I get an IP to which I have no route, but I can use the external IP for that service via HTTPS. What am I missing? Note: no DNS server is locally running and the nameserver lines in /etc/resolv.conf (and the respective lines in interfaces ) point to the DNS server that gives me the wrong IP. Also note: I’ve searched on the web and read through the «similar questions», but my case doesn’t seem to be covered. /etc/host.conf is:
# The "order" line is only used by old versions of the C library. order hosts,bind multi on @0xC0000022L That statement is incorrect. If you look at the manpage it uses gethostbyaddr(3) , which is a libc function.
@0xC0000022L libc functions are not system calls, so they won’t show up in strace . Only things in the «2» section of manpages would show up in strace .
@0xC0000022L — also, since getent is part of libc on my system, it wouldn’t make any sense for it to not use the library it is distributed with.
What is the executable /usr/bin/host on linux good for? Can I kill it?
So I had a compromised /usr/bin/host process running and trying to open HTTP requests out of my machine. I killed it. But now I am wondering. Do I need /usr/bin/host for anything? How do I re-install it? I am on Ubuntu. 1000 thanks!
1 Answer 1
/usr/bin/host is a DNS lookup utility.
I doubt anyone can definitively say you need it or don’t, it will depend on what you are running. I’m pretty sure its a core package so you should have it — that said, the system should run at least mostly fine without it.
That said, according to this thread the problem may be worse then you think, in as much as it may not be /usr/bin/host that is trojaned it may well be the underlying shared library its calling. You should also question if an attacker has been able to overwrite /usr/bin/host — in which case you can’t trust the system. The ownership files on this are that it can only be written by root — which means they probably have own your box (and you don’t). Sorry, but best practice dictates a reinstall of the box.
You must log in to answer this question.
Related
Hot Network Questions
Subscribe to RSS
To subscribe to this RSS feed, copy and paste this URL into your RSS reader.
Site design / logo © 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA . rev 2023.7.13.43531
By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.
Linux : Binary location for [/usr/bin/host] in csf.conf is either incorrect, is not installed or is not executable
The following error may occur while reloading CSF (csf -r) :
*WARNING* Binary location for [HOST] [/usr/bin/host] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
In this particular case, CSF was installed on a CentOS 7 server and there wasn’t any “host” executable under /usr/bin.
To resolve this issue, just install the missing package which is provided by Bind Utilities (bind-utils) :
About Kaven Gagnon
System & Network Architect
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. (CVSS:4.4) (Last Update:2016-12-03)
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. (CVSS:4.3) (Last Update:2016-12-03)
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. (CVSS:6.8) (Last Update:2016-12-03)