Imagine you want your family not look on family unfriendly websites with help of OpenDNS.
I am already intercepting all the DNS requests (on AP) and replacing them with OpenDNS but that wont stop them if they can simply VPN away and I can't block VPN because I need it too.
Family members has root access on their machines and my thoughts are to somehow lock down the /etc/resolv.conf and other crutial configs, the problems are that they can unlock it with
chattr -i and change it with root permissions.
Is there a way to somehow deadlock few files that could not be modified on filesystem from the current booted operating system??
My thought was to implement some watchdog/module that would kill the kernel if the file was touched by any means.