logic855
/
claude-mods
réplica de https://github.com/0xDarkMatter/claude-mods.git


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
							#!/usr/bin/env bash
# net-ops :: linux/dns-audit.sh
# Deep DNS forensics for Linux. Use when probe.sh shows rung 4 (dig) PASS
# but rung 5 (getent / resolvectl) FAIL.

set -u

# shellcheck source=../_lib/redact.sh
source "$(dirname "$0")/../_lib/redact.sh"
parse_redact_flag "$@"
maybe_redact_self "$@"

echo "=== /etc/nsswitch.conf (hosts line) ==="
grep "^hosts:" /etc/nsswitch.conf 2>/dev/null || echo "  (no hosts entry)"

echo
echo "=== /etc/resolv.conf ==="
if [[ -L /etc/resolv.conf ]]; then
    echo "  Type: symlink -> $(readlink /etc/resolv.conf)"
else
    echo "  Type: regular file"
fi
echo "  Modified: $(stat -c '%y' /etc/resolv.conf 2>/dev/null || stat -f '%Sm' /etc/resolv.conf 2>/dev/null)"
echo "  --- contents ---"
cat /etc/resolv.conf 2>/dev/null | sed 's/^/  /'

echo
echo "=== systemd-resolved ==="
if systemctl is-active systemd-resolved >/dev/null 2>&1; then
    echo "  Service: active"
    echo "  --- resolvectl status ---"
    resolvectl status 2>/dev/null | sed 's/^/  /'
else
    echo "  Service: inactive or not installed"
fi

echo
echo "=== NetworkManager DNS config ==="
if command -v nmcli >/dev/null 2>&1; then
    echo "  --- nmcli dev show (DNS lines) ---"
    nmcli dev show 2>/dev/null | grep -E 'DEVICE|IP4.DNS|IP6.DNS|DOMAIN' | sed 's/^/  /'
    echo
    echo "  --- NetworkManager dns mode ---"
    awk '/\[main\]/,/\[/{if(/^dns/) print}' /etc/NetworkManager/NetworkManager.conf 2>/dev/null | sed 's/^/  /' || true
    ls -la /etc/NetworkManager/conf.d/ 2>/dev/null | sed 's/^/  /' || true
else
    echo "  nmcli not installed"
fi

echo
echo "=== dnsmasq ==="
if pgrep -x dnsmasq >/dev/null; then
    pid=$(pgrep -x dnsmasq | head -1)
    echo "  Running, PID $pid"
    ps -o command -p "$pid" 2>/dev/null | sed 's/^/  /'
else
    echo "  not running"
fi
for d in /etc/dnsmasq.d /etc/NetworkManager/dnsmasq.d; do
    [[ -d "$d" ]] && { echo "  $d contents:"; ls "$d" 2>/dev/null | sed 's/^/    /'; }
done

echo
echo "=== Local DNS listeners ==="
ss -tulnp 2>/dev/null | awk 'NR==1 || $5 ~ /:53$/' | sed 's/^/  /'

echo
echo "=== /etc/hosts (non-comment) ==="
grep -vE '^\s*(#|$)' /etc/hosts 2>/dev/null | sed 's/^/  /' || echo "  (no custom entries)"

echo
echo "=== VPN / WireGuard interfaces ==="
ip -br link 2>/dev/null | awk '/^(wg|tun|tap|nordlynx|proton|mullvad|nextdns)/' | sed 's/^/  /' || true
if command -v wg >/dev/null 2>&1; then
    echo "  --- wg show ---"
    wg show 2>/dev/null | sed 's/^/  /' | head -30 || true
fi

echo
echo "=== ATTRIBUTION HINTS ==="
# Inspect nameservers visible across the stack for known patterns
ns_list=$( {
    awk '/^nameserver/{print $2}' /etc/resolv.conf 2>/dev/null
    resolvectl status 2>/dev/null | awk '/Current DNS Server:|DNS Servers:/{for(i=4;i<=NF;i++)print $i}'
    nmcli -t -f IP4.DNS,IP6.DNS dev show 2>/dev/null | awk -F: '{print $2}'
} | sort -u | grep -v '^$' )

while read -r n; do
    [[ -z "$n" ]] && continue
    case "$n" in
        10.2.0.*)              echo "  $n :: likely Proton VPN gateway" ;;
        10.64.0.*)             echo "  $n :: likely Mullvad gateway" ;;
        10.211.*|10.212.*)     echo "  $n :: likely Cisco AnyConnect" ;;
        100.100.100.100)       echo "  $n :: Tailscale MagicDNS (expected)" ;;
        127.0.0.53)            echo "  $n :: systemd-resolved stub (expected on most systems)" ;;
        127.0.0.1|127.0.0.2)   echo "  $n :: local DNS proxy (dnsmasq, NextDNS, AdGuard, etc.)" ;;
    esac
done <<< "$ns_list"