Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
etc_hosts
etc_hosts
The hosts file comprises a local, plain-text configuration for mapping IP addresses to host names. It does not necessarily rely on an external Domain Name System (DNS) for routing. The etc_hosts osquery table expresses the data in the hosts file.
| Column | Type | Description |
|---|---|---|
| address | text | IP address mapping |
| hostnames | text | Raw hosts mapping |
| pid_with_namespace | integer | Pids that contain a namespace Only available on Linux |
Example
This query detects if the macOS /private/etc/hosts file has been modified from its default state:
SELECT * FROM etc_hosts WHERE address != '127.0.0.1' AND address != '::1' AND address != '255.255.255.255';Notes
The hosts file is customized by many organizations. As part of a defense-in-depth security posture it's important to track hosts modifications. Endpoints with a modified hosts configuration connected to enterprise networks can potentially bypass network rules, proxies and firewalls or be routed to malicious sites.
File paths to hosts:
- Linux:
/etc/hosts - macOS:
/private/etc/hosts - Windows:
C:\Windows\system32\drivers\etc
More info:
- DNS
- The
/etc/hostsGuide For Linux - How to edit the hosts file on Windows
Questions?
SOC2 Type 2
