使用 NetworkManager 随机化你的 MAC 地址

今时今日，无论在家里的沙发上，还是在外面的咖啡厅，只要打开笔记本电脑，连上 Wi-Fi，就能通过网络与外界保持联系。但现在的 Wi-Fi 热点们大都能够通过每张网卡对应的唯一 MAC 地址来追踪你的设备。下面就来看一下如何避免被追踪。

现在很多人已经开始注重个人隐私这个问题。个人隐私问题并不仅仅指防止他人能够访问到你电脑上的私有内容（这又是另一个问题了），而更多的是指可追踪性legibility，也就是是否能够被轻易地统计和追踪到。大家都应该对此更加重视。同时，这方面的底线是，服务提供者在得到了用户的授权后才能对用户进行追踪，例如机场的计时 Wi-Fi 只有在用户授权后才能够使用。

因为固定的 MAC 地址能被轻易地追踪到，所以应该定时进行更换，随机的 MAC 地址是一个好的选择。由于 MAC 地址一般只在局域网内使用，因此随机的 MAC 地址也不大会产生冲突。

配置 NetworkManager

要将随机的 MAC 地址默认地用于所有的 Wi-Fi 连接，需要创建 /etc/NetworkManager/conf.d/00-macrandomize.conf 这个文件：

1. <span class="pun">[</span><span class="pln">device</span><span class="pun">]</span>
2. <span class="pln">wifi</span><span class="pun">.</span><span class="pln">scan</span><span class="pun">-</span><span class="pln">rand</span><span class="pun">-</span><span class="pln">mac</span><span class="pun">-</span><span class="pln">address</span><span class="pun">=</span><span class="kwd">yes</span>
3. <span class="pun">[</span><span class="pln">connection</span><span class="pun">]</span>
4. <span class="pln">wifi</span><span class="pun">.</span><span class="pln">cloned</span><span class="pun">-</span><span class="pln">mac</span><span class="pun">-</span><span class="pln">address</span><span class="pun">=</span><span class="pln">stable</span>
5. <span class="pln">ethernet</span><span class="pun">.</span><span class="pln">cloned</span><span class="pun">-</span><span class="pln">mac</span><span class="pun">-</span><span class="pln">address</span><span class="pun">=</span><span class="pln">stable</span>
6. <span class="pln">connection</span><span class="pun">.</span><span class="pln">stable</span><span class="pun">-</span><span class="kwd">id</span><span class="pun">=</span><span class="pln">$</span><span class="pun">{</span><span class="pln">CONNECTION</span><span class="pun">}/</span><span class="pln">$</span><span class="pun">{</span><span class="pln">BOOT</span><span class="pun">}</span>

然后重启 NetworkManager ：

1. <span class="kwd">systemctl</span><span class="pln"> restart </span><span class="typ">NetworkManager</span>

以上配置文件中，将 cloned-mac-address 的值设置为 stable 就可以在每次 NetworkManager 激活连接的时候都生成相同的 MAC 地址，但连接时使用不同的 MAC 地址。如果要在每次激活连接时也获得随机的 MAC 地址，需要将 cloned-mac-address 的值设置为 random。

设置为 stable 可以从 DHCP 获取相同的 IP 地址，也可以让 Wi-Fi 的强制主页captive portal根据 MAC 地址记住你的登录状态。如果设置为 random ，在每次连接的时候都需要重新认证（或者点击“我同意”），在使用机场 Wi-Fi 的时候会需要到这种 random 模式。可以在这篇 NetworkManager 的博客文章中参阅到有关使用 nmcli 从终端配置特定连接的详细说明。

使用 ip link 命令可以查看当前的 MAC 地址，MAC 地址将会显示在 ether 一词的后面。

1. <span class="pln">$ </span><span class="kwd">ip</span><span class="kwd">link</span>
2. <span class="lit">1</span><span class="pun">:</span><span class="pln"> lo</span><span class="pun">:</span><span class="pun"><</span><span class="pln">LOOPBACK</span><span class="pun">,</span><span class="pln">UP</span><span class="pun">,</span><span class="pln">LOWER_UP</span><span class="pun">></span><span class="pln"> mtu </span><span class="lit">65536</span><span class="pln"> qdisc noqueue state UNKNOWN mode DEFAULT group </span><span class="kwd">default</span><span class="pln"> qlen </span><span class="lit">1000</span>
3. <span class="kwd">link</span><span class="pun">/</span><span class="pln">loopback </span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pln"> brd </span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">00</span>
4. <span class="lit">2</span><span class="pun">:</span><span class="pln"> enp2s0</span><span class="pun">:</span><span class="pun"><</span><span class="pln">NO</span><span class="pun">-</span><span class="pln">CARRIER</span><span class="pun">,</span><span class="pln">BROADCAST</span><span class="pun">,</span><span class="pln">MULTICAST</span><span class="pun">,</span><span class="pln">UP</span><span class="pun">></span><span class="pln"> mtu </span><span class="lit">1500</span><span class="pln"> qdisc fq_codel state DOWN mode DEFAULT group </span><span class="kwd">default</span><span class="pln"> qlen </span><span class="lit">1000</span>
5. <span class="kwd">link</span><span class="pun">/</span><span class="pln">ether </span><span class="lit">52</span><span class="pun">:</span><span class="lit">54</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">5f</span><span class="pun">:</span><span class="pln">d5</span><span class="pun">:</span><span class="lit">4e</span><span class="pln"> brd ff</span><span class="pun">:</span><span class="pln">ff</span><span class="pun">:</span><span class="pln">ff</span><span class="pun">:</span><span class="pln">ff</span><span class="pun">:</span><span class="pln">ff</span><span class="pun">:</span><span class="pln">ff</span>
6. <span class="lit">3</span><span class="pun">:</span><span class="pln"> wlp1s0</span><span class="pun">:</span><span class="pun"><</span><span class="pln">BROADCAST</span><span class="pun">,</span><span class="pln">MULTICAST</span><span class="pun">,</span><span class="pln">UP</span><span class="pun">,</span><span class="pln">LOWER_UP</span><span class="pun">></span><span class="pln"> mtu </span><span class="lit">1500</span><span class="pln"> qdisc mq state UP mode DORMANT group </span><span class="kwd">default</span><span class="pln"> qlen </span><span class="lit">1000</span>
7. <span class="kwd">link</span><span class="pun">/</span><span class="pln">ether </span><span class="lit">52</span><span class="pun">:</span><span class="lit">54</span><span class="pun">:</span><span class="lit">00</span><span class="pun">:</span><span class="lit">03</span><span class="pun">:</span><span class="lit">23</span><span class="pun">:</span><span class="lit">59</span><span class="pln"> brd ff</span><span class="pun">:</span><span class="pln">ff</span><span class="pun">:</span><span class="pln">ff</span><span class="pun">:</span><span class="pln">ff</span><span class="pun">:</span><span class="pln">ff</span><span class="pun">:</span><span class="pln">ff</span>

什么时候不能随机化 MAC 地址

当然，在某些情况下确实需要能被追踪到。例如在家用网络中，可能需要将路由器配置为对电脑分配一致的 IP 地址以进行端口转发；再例如公司的雇主可能需要根据 MAC 地址来提供 Wi-Fi 服务，这时候就需要进行追踪。要更改特定的 Wi-Fi 连接，请使用 nmcli 查看 NetworkManager 连接并显示当前设置：

1. <span class="pln">$ nmcli c </span><span class="pun">|</span><span class="kwd">grep</span><span class="pln"> wifi</span>
2. <span class="typ">Amtrak_WiFi</span><span class="lit">5f4b9f75</span><span class="pun">-</span><span class="lit">9e41</span><span class="pun">-</span><span class="lit">47f8</span><span class="pun">-</span><span class="lit">8bac</span><span class="pun">-</span><span class="lit">25dae779cd87</span><span class="pln"> wifi </span><span class="pun">--</span>
3. <span class="typ">StaplesHotspot</span><span class="pln"> de57940c</span><span class="pun">-</span><span class="lit">32c2</span><span class="pun">-</span><span class="lit">468b</span><span class="pun">-</span><span class="lit">8f96</span><span class="pun">-</span><span class="lit">0a3b9a9b0a5e</span><span class="pln"> wifi </span><span class="pun">--</span>
4. <span class="typ">MyHome</span><span class="pln"> e8c79829</span><span class="pun">-</span><span class="lit">1848</span><span class="pun">-</span><span class="lit">4563</span><span class="pun">-</span><span class="lit">8e44</span><span class="pun">-</span><span class="lit">466e14a3223d</span><span class="pln"> wifi wlp1s0 </span>
5. <span class="pun">...</span>
6. <span class="pln">$ nmcli c show </span><span class="lit">5f4b9f75</span><span class="pun">-</span><span class="lit">9e41</span><span class="pun">-</span><span class="lit">47f8</span><span class="pun">-</span><span class="lit">8bac</span><span class="pun">-</span><span class="lit">25dae779cd87</span><span class="pun">|</span><span class="kwd">grep</span><span class="pln"> cloned</span>
7. <span class="lit">802</span><span class="pun">-</span><span class="lit">11</span><span class="pun">-</span><span class="pln">wireless</span><span class="pun">.</span><span class="pln">cloned</span><span class="pun">-</span><span class="pln">mac</span><span class="pun">-</span><span class="pln">address</span><span class="pun">:</span><span class="pun">--</span>
8. <span class="pln">$ nmcli c show e8c79829</span><span class="pun">-</span><span class="lit">1848</span><span class="pun">-</span><span class="lit">4563</span><span class="pun">-</span><span class="lit">8e44</span><span class="pun">-</span><span class="lit">466e14a3223d</span><span class="pun">|</span><span class="kwd">grep</span><span class="pln"> cloned</span>
9. <span class="lit">802</span><span class="pun">-</span><span class="lit">11</span><span class="pun">-</span><span class="pln">wireless</span><span class="pun">.</span><span class="pln">cloned</span><span class="pun">-</span><span class="pln">mac</span><span class="pun">-</span><span class="pln">address</span><span class="pun">:</span><span class="pln"> stable</span>

这个例子在 Amtrak 使用完全随机 MAC 地址（使用默认配置）和 MyHome 的永久 MAC 地址（使用 stable 配置）。永久 MAC 地址是在硬件生产的时候分配到网络接口上的，网络管理员能够根据永久 MAC 地址来查看设备的制造商 ID。

更改配置并重新连接活动的接口：

1. <span class="pln">$ nmcli c modify </span><span class="lit">5f4b9f75</span><span class="pun">-</span><span class="lit">9e41</span><span class="pun">-</span><span class="lit">47f8</span><span class="pun">-</span><span class="lit">8bac</span><span class="pun">-</span><span class="lit">25dae779cd87</span><span class="lit">802</span><span class="pun">-</span><span class="lit">11</span><span class="pun">-</span><span class="pln">wireless</span><span class="pun">.</span><span class="pln">cloned</span><span class="pun">-</span><span class="pln">mac</span><span class="pun">-</span><span class="pln">address random</span>
2. <span class="pln">$ nmcli c modify e8c79829</span><span class="pun">-</span><span class="lit">1848</span><span class="pun">-</span><span class="lit">4563</span><span class="pun">-</span><span class="lit">8e44</span><span class="pun">-</span><span class="lit">466e14a3223d</span><span class="lit">802</span><span class="pun">-</span><span class="lit">11</span><span class="pun">-</span><span class="pln">wireless</span><span class="pun">.</span><span class="pln">cloned</span><span class="pun">-</span><span class="pln">mac</span><span class="pun">-</span><span class="pln">address permanent</span>
3. <span class="pln">$ nmcli c down e8c79829</span><span class="pun">-</span><span class="lit">1848</span><span class="pun">-</span><span class="lit">4563</span><span class="pun">-</span><span class="lit">8e44</span><span class="pun">-</span><span class="lit">466e14a3223d</span>
4. <span class="pln">$ nmcli c up e8c79829</span><span class="pun">-</span><span class="lit">1848</span><span class="pun">-</span><span class="lit">4563</span><span class="pun">-</span><span class="lit">8e44</span><span class="pun">-</span><span class="lit">466e14a3223d</span>
5. <span class="pln">$ </span><span class="kwd">ip</span><span class="kwd">link</span>
6. <span class="pun">...</span>

你还可以安装 NetworkManager-tui ，就可以通过可视化界面菜单来编辑连接。

总结

当你走在路上时，你要留意周围的环境，并警惕可能的危险。同样，在使用公共互联网资源时也要注意你自己的可追踪性。

via: https://fedoramagazine.org/randomize-mac-address-nm/

作者：sheogorath,Stuart D Gathman 选题：lujun9972 译者：HankChow 校对：wxy

本文由 LCTT 原创编译，Linux中国 荣誉推出