Jamf Nation Community

So I was trying to do what @allanp81 suggested...

And using my own criteria, I want to block the Amazon Kindle Reader website (and have it not resolve). This is what I'm using but I'm getting a permission denied. Anyone have any thoughts?

sudo echo 0.0.0.0 read.amazon.com >> /private/etc/hosts

I've also tried

sudo echo 0.0.0.0 read.amazon.com >> /etc/hosts

Thanks so much in advance!

Doesn't 0.0.0.0 mean all the IP Addresses on the local machine?

We usually point undesirable DNS addresses to our internal site.

Sorry, perhaps I wasn't clear. The permission denied was in Terminal... so even now when I type:

sudo echo 54.165.176.148 read.amazon.com >> /etc/hosts

I am still getting a permission denied.

My command 0.0.0.0 does however work (and simply gives an error page which I don't mind) when using the Nano text editor, however I won't be able to use that with Jamf. Obviously I need to deploy this via a script and deploy (right?).

Would this work?

#!/bin/sh
# Check if there is a line in /etc/hosts containing "read.amazon.com".
# If it doesn't then add it, else it if exists replace it with new line.

if grep -q "read.amazon.com" /etc/hosts; then
    echo "Redirect exists for read.amazon.com, replacing with new..."
    # Remove line
    /usr/bin/sed -i_bak -e '/read.amazon.com/d' /etc/hosts
    # Add redirect
    echo "54.165.176.148 read.amazon.com" >> /etc/hosts
    # Reset DNS
    /usr/bin/killall -HUP mDNSResponder
else
    echo "Redirect does not exist for read.amazon.com, adding it now..."
    # Add redirect
    echo "54.165.176.148 read.amazon.com" >> /etc/hosts
    # Reset DNS
    /usr/bin/killall -HUP mDNSResponder
fi

exit 0

Yes!!! Now I have just one more question. If I want this (for one of my students) to only be effective while he's in school, I know how to make the policy work during those hours. However what script would I write to make this reverse during the hours he's not in school? Basically it's ok for him to read Kindle via the browser at home, just not at school.

Thank you so much for that script. Was awesome.

Hey, Adding lines via script works great but what about removing an exact entry?
Thanks

To remove a line containing a pattern you can use 'sed -i~ /pattern/d /etc/hosts'. Try to make the pattern as unique as possible, but also make sure you get all potential variants.

anyone ever figure this out?

Why wouldn't you do this on the network end? Sounds insane trying to set this for each individual device.

I use (didn't create) script

#!/bin/bash

# insert/update hosts entry
ip_address="$4"
host_name="$5"

# find existing instances in the host file and save the line numbers
matches_in_hosts="$(grep -n $host_name /etc/hosts | cut -f1 -d:)"
host_entry="${ip_address} ${host_name}"

echo "Please enter your password if requested."

if [ ! -z "$matches_in_hosts" ]
then
    echo "Updating existing hosts entry."
    # iterate over the line numbers on which matches were found
    while read -r line_number; do
        # replace the text of each line with the desired host entry
        sed -i '' "${line_number}s/.*/${host_entry} /" /etc/hosts
    done <<< "$matches_in_hosts"
else
    echo "Adding new hosts entry."
    echo "$host_entry" | tee -a /etc/hosts > /dev/null
fi

# Flushing the DNS Cache
dscacheutil -flushcache

Per the State of Texas mandate to block tiktok from all government and institutional computers, this script was a lifesaver. Thanks!

Thanks for sharing