mirror of
https://github.com/pi-hole/pi-hole
synced 2025-01-20 13:01:08 +00:00
commit
024b741552
@ -17,7 +17,7 @@ else
|
|||||||
echo "::: sudo will be used."
|
echo "::: sudo will be used."
|
||||||
# Check if it is actually installed
|
# Check if it is actually installed
|
||||||
# If it isn't, exit because the install cannot complete
|
# If it isn't, exit because the install cannot complete
|
||||||
if [[ $(dpkg-query -s sudo) ]];then
|
if [ -x "$(command -v sudo)" ];then
|
||||||
export SUDO="sudo"
|
export SUDO="sudo"
|
||||||
else
|
else
|
||||||
echo "::: Please install sudo or run this script as root."
|
echo "::: Please install sudo or run this script as root."
|
||||||
|
@ -36,7 +36,7 @@ if [[ $EUID -eq 0 ]]; then
|
|||||||
else
|
else
|
||||||
echo "::: Sudo will be used for debugging."
|
echo "::: Sudo will be used for debugging."
|
||||||
# Check if sudo is actually installed
|
# Check if sudo is actually installed
|
||||||
if [[ $(dpkg-query -s sudo) ]]; then
|
if [ -x "$(command -v sudo)" ]; then
|
||||||
export SUDO="sudo"
|
export SUDO="sudo"
|
||||||
else
|
else
|
||||||
echo "::: Please install sudo or run this as root."
|
echo "::: Please install sudo or run this as root."
|
||||||
|
@ -19,7 +19,7 @@ else
|
|||||||
echo "::: sudo will be used."
|
echo "::: sudo will be used."
|
||||||
# Check if it is actually installed
|
# Check if it is actually installed
|
||||||
# If it isn't, exit because the install cannot complete
|
# If it isn't, exit because the install cannot complete
|
||||||
if [[ $(dpkg-query -s sudo) ]];then
|
if [ -x "$(command -v sudo)" ];then
|
||||||
export SUDO="sudo"
|
export SUDO="sudo"
|
||||||
else
|
else
|
||||||
echo "::: Please install sudo or run this script as root."
|
echo "::: Please install sudo or run this script as root."
|
||||||
|
@ -17,7 +17,7 @@ else
|
|||||||
echo "::: sudo will be used."
|
echo "::: sudo will be used."
|
||||||
# Check if it is actually installed
|
# Check if it is actually installed
|
||||||
# If it isn't, exit because the install cannot complete
|
# If it isn't, exit because the install cannot complete
|
||||||
if [[ $(dpkg-query -s sudo) ]];then
|
if [ -x "$(command -v sudo)" ];then
|
||||||
export SUDO="sudo"
|
export SUDO="sudo"
|
||||||
else
|
else
|
||||||
echo "::: Please install sudo or run this script as root."
|
echo "::: Please install sudo or run this script as root."
|
||||||
|
77
advanced/lighttpd.conf.fedora
Normal file
77
advanced/lighttpd.conf.fedora
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
# Pi-hole: A black hole for Internet advertisements
|
||||||
|
# (c) 2015, 2016 by Jacob Salmela
|
||||||
|
# Network-wide ad blocking via your Raspberry Pi
|
||||||
|
# http://pi-hole.net
|
||||||
|
# lighttpd config for Pi-hole
|
||||||
|
#
|
||||||
|
# Pi-hole is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
|
||||||
|
server.modules = (
|
||||||
|
"mod_access",
|
||||||
|
"mod_fastcgi",
|
||||||
|
"mod_accesslog",
|
||||||
|
"mod_expire",
|
||||||
|
"mod_compress",
|
||||||
|
"mod_redirect",
|
||||||
|
"mod_setenv",
|
||||||
|
"mod_rewrite"
|
||||||
|
)
|
||||||
|
|
||||||
|
server.document-root = "/var/www/html"
|
||||||
|
server.error-handler-404 = "pihole/index.html"
|
||||||
|
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
|
||||||
|
server.errorlog = "/var/log/lighttpd/error.log"
|
||||||
|
server.pid-file = "/var/run/lighttpd.pid"
|
||||||
|
server.username = "lighttpd"
|
||||||
|
server.groupname = "lighttpd"
|
||||||
|
server.port = 80
|
||||||
|
accesslog.filename = "/var/log/lighttpd/access.log"
|
||||||
|
accesslog.format = "%{%s}t|%V|%r|%s|%b"
|
||||||
|
|
||||||
|
|
||||||
|
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
|
||||||
|
url.access-deny = ( "~", ".inc" )
|
||||||
|
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
|
||||||
|
|
||||||
|
compress.cache-dir = "/var/cache/lighttpd/compress/"
|
||||||
|
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
|
||||||
|
|
||||||
|
mimetype.assign = ( ".png" => "image/png",
|
||||||
|
".jpg" => "image/jpeg",
|
||||||
|
".jpeg" => "image/jpeg",
|
||||||
|
".html" => "text/html",
|
||||||
|
".css" => "text/css; charset=utf-8",
|
||||||
|
".js" => "application/javascript",
|
||||||
|
".json" => "application/json",
|
||||||
|
".txt" => "text/plain" )
|
||||||
|
|
||||||
|
# default listening port for IPv6 falls back to the IPv4 port
|
||||||
|
#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
|
||||||
|
#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
|
||||||
|
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
|
||||||
|
|
||||||
|
fastcgi.server = ( ".php" =>
|
||||||
|
( "localhost" =>
|
||||||
|
(
|
||||||
|
"socket" => "/tmp/php-fastcgi.socket",
|
||||||
|
"bin-path" => "/usr/bin/php-cgi"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
# If the URL starts with /admin, it is the Web interface
|
||||||
|
$HTTP["url"] =~ "^/admin/" {
|
||||||
|
# Create a response header for debugging using curl -I
|
||||||
|
setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" )
|
||||||
|
}
|
||||||
|
|
||||||
|
# If the URL does not start with /admin, then it is a query for an ad domain
|
||||||
|
$HTTP["url"] =~ "^(?!/admin)/.*" {
|
||||||
|
# Create a response header for debugging using curl -I
|
||||||
|
setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." )
|
||||||
|
# rewrite only js requests
|
||||||
|
url.rewrite = ("(.*).js" => "pihole/index.js")
|
||||||
|
}
|
87
advanced/selinux/pihole.te
Normal file
87
advanced/selinux/pihole.te
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
module pihole 1.0;
|
||||||
|
|
||||||
|
require {
|
||||||
|
type var_log_t;
|
||||||
|
type unconfined_t;
|
||||||
|
type init_t;
|
||||||
|
type auditd_t;
|
||||||
|
type syslogd_t;
|
||||||
|
type NetworkManager_t;
|
||||||
|
type mdadm_t;
|
||||||
|
type tuned_t;
|
||||||
|
type avahi_t;
|
||||||
|
type irqbalance_t;
|
||||||
|
type system_dbusd_t;
|
||||||
|
type kernel_t;
|
||||||
|
type httpd_sys_script_t;
|
||||||
|
type systemd_logind_t;
|
||||||
|
type httpd_t;
|
||||||
|
type policykit_t;
|
||||||
|
type dnsmasq_t;
|
||||||
|
type udev_t;
|
||||||
|
type postfix_pickup_t;
|
||||||
|
type sshd_t;
|
||||||
|
type crond_t;
|
||||||
|
type getty_t;
|
||||||
|
type lvm_t;
|
||||||
|
type postfix_qmgr_t;
|
||||||
|
type postfix_master_t;
|
||||||
|
class dir { getattr search };
|
||||||
|
class file { read open setattr };
|
||||||
|
}
|
||||||
|
|
||||||
|
#============= dnsmasq_t ==============
|
||||||
|
allow dnsmasq_t var_log_t:file { open setattr };
|
||||||
|
|
||||||
|
#============= httpd_t ==============
|
||||||
|
allow httpd_t var_log_t:file { read open };
|
||||||
|
|
||||||
|
#============= httpd_sys_script_t (class: dir) ==============
|
||||||
|
allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t auditd_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t avahi_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t crond_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t getty_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t httpd_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t init_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t irqbalance_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t kernel_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t lvm_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t mdadm_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t policykit_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t postfix_master_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t sshd_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t syslogd_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t tuned_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t udev_t:dir { getattr search };
|
||||||
|
allow httpd_sys_script_t unconfined_t:dir { getattr search };
|
||||||
|
|
||||||
|
#============= httpd_sys_script_t (class: file) ==============
|
||||||
|
allow httpd_sys_script_t NetworkManager_t:file { read open };
|
||||||
|
allow httpd_sys_script_t auditd_t:file { read open };
|
||||||
|
allow httpd_sys_script_t avahi_t:file { read open };
|
||||||
|
allow httpd_sys_script_t crond_t:file { read open };
|
||||||
|
allow httpd_sys_script_t dnsmasq_t:file { read open };
|
||||||
|
allow httpd_sys_script_t getty_t:file { read open };
|
||||||
|
allow httpd_sys_script_t httpd_t:file { read open };
|
||||||
|
allow httpd_sys_script_t init_t:file { read open };
|
||||||
|
allow httpd_sys_script_t irqbalance_t:file { read open };
|
||||||
|
allow httpd_sys_script_t kernel_t:file { read open };
|
||||||
|
allow httpd_sys_script_t lvm_t:file { read open };
|
||||||
|
allow httpd_sys_script_t mdadm_t:file { read open };
|
||||||
|
allow httpd_sys_script_t policykit_t:file { read open };
|
||||||
|
allow httpd_sys_script_t postfix_master_t:file { read open };
|
||||||
|
allow httpd_sys_script_t postfix_pickup_t:file { read open };
|
||||||
|
allow httpd_sys_script_t postfix_qmgr_t:file { read open };
|
||||||
|
allow httpd_sys_script_t sshd_t:file { read open };
|
||||||
|
allow httpd_sys_script_t syslogd_t:file { read open };
|
||||||
|
allow httpd_sys_script_t system_dbusd_t:file { read open };
|
||||||
|
allow httpd_sys_script_t systemd_logind_t:file { read open };
|
||||||
|
allow httpd_sys_script_t tuned_t:file { read open };
|
||||||
|
allow httpd_sys_script_t udev_t:file { read open };
|
||||||
|
allow httpd_sys_script_t unconfined_t:file { read open };
|
@ -36,16 +36,6 @@ columns=$(tput cols)
|
|||||||
r=$(( rows / 2 ))
|
r=$(( rows / 2 ))
|
||||||
c=$(( columns / 2 ))
|
c=$(( columns / 2 ))
|
||||||
|
|
||||||
|
|
||||||
# Find IP used to route to outside world
|
|
||||||
|
|
||||||
IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
|
|
||||||
IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
|
|
||||||
IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
|
|
||||||
|
|
||||||
availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
|
|
||||||
dhcpcdFile=/etc/dhcpcd.conf
|
|
||||||
|
|
||||||
######## FIRST CHECK ########
|
######## FIRST CHECK ########
|
||||||
# Must be root to install
|
# Must be root to install
|
||||||
echo ":::"
|
echo ":::"
|
||||||
@ -55,7 +45,7 @@ else
|
|||||||
echo "::: sudo will be used for the install."
|
echo "::: sudo will be used for the install."
|
||||||
# Check if it is actually installed
|
# Check if it is actually installed
|
||||||
# If it isn't, exit because the install cannot complete
|
# If it isn't, exit because the install cannot complete
|
||||||
if [[ $(dpkg-query -s sudo) ]];then
|
if [ -x "$(command -v sudo)" ];then
|
||||||
export SUDO="sudo"
|
export SUDO="sudo"
|
||||||
else
|
else
|
||||||
echo "::: sudo is needed for the Web interface to run pihole commands. Please run this script as root and it will be automatically installed."
|
echo "::: sudo is needed for the Web interface to run pihole commands. Please run this script as root and it will be automatically installed."
|
||||||
@ -63,6 +53,47 @@ else
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Compatability
|
||||||
|
if [ -x "$(command -v rpm)" ];then
|
||||||
|
# Fedora Family
|
||||||
|
if [ -x "$(command -v dnf)" ];then
|
||||||
|
PKG_MANAGER="dnf"
|
||||||
|
else
|
||||||
|
PKG_MANAGER="yum"
|
||||||
|
fi
|
||||||
|
PKG_CACHE="/var/cache/$PKG_MANAGER"
|
||||||
|
UPDATE_PKG_CACHE="$PKG_MANAGER check-update -q"
|
||||||
|
PKG_UPDATE="$PKG_MANAGER update -y"
|
||||||
|
PKG_INSTALL="$PKG_MANAGER install -y"
|
||||||
|
PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]"
|
||||||
|
INSTALLER_DEPS=( iproute net-tools procps-ng newt )
|
||||||
|
PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo )
|
||||||
|
LIGHTTPD_USER="lighttpd"
|
||||||
|
LIGHTTPD_GROUP="lighttpd"
|
||||||
|
LIGHTTPD_CFG="lighttpd.conf.fedora"
|
||||||
|
package_check() {
|
||||||
|
rpm -qa | grep ^$1- > /dev/null
|
||||||
|
}
|
||||||
|
elif [ -x "$(command -v apt-get)" ];then
|
||||||
|
# Debian Family
|
||||||
|
PKG_MANAGER="apt-get"
|
||||||
|
PKG_CACHE="/var/cache/apt"
|
||||||
|
UPDATE_PKG_CACHE="$PKG_MANAGER -qq update"
|
||||||
|
PKG_UPDATE="$PKG_MANAGER upgrade"
|
||||||
|
PKG_INSTALL="$PKG_MANAGER -y -qq install"
|
||||||
|
PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst"
|
||||||
|
INSTALLER_DEPS=( apt-utils whiptail dhcpcd5)
|
||||||
|
PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo )
|
||||||
|
LIGHTTPD_USER="www-data"
|
||||||
|
LIGHTTPD_GROUP="www-data"
|
||||||
|
LIGHTTPD_CFG="lighttpd.conf.debian"
|
||||||
|
package_check() {
|
||||||
|
dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
|
||||||
|
}
|
||||||
|
else
|
||||||
|
echo "OS distribution not supported"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
####### FUNCTIONS ##########
|
####### FUNCTIONS ##########
|
||||||
spinner()
|
spinner()
|
||||||
@ -80,6 +111,14 @@ spinner()
|
|||||||
printf " \b\b\b\b"
|
printf " \b\b\b\b"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
findIPRoute() {
|
||||||
|
# Find IP used to route to outside world
|
||||||
|
IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
|
||||||
|
IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
|
||||||
|
IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
|
||||||
|
availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
|
||||||
|
}
|
||||||
|
|
||||||
backupLegacyPihole() {
|
backupLegacyPihole() {
|
||||||
# This function detects and backups the pi-hole v1 files. It will not do anything to the current version files.
|
# This function detects and backups the pi-hole v1 files. It will not do anything to the current version files.
|
||||||
if [[ -f /etc/dnsmasq.d/adList.conf ]];then
|
if [[ -f /etc/dnsmasq.d/adList.conf ]];then
|
||||||
@ -288,14 +327,14 @@ setDHCPCD() {
|
|||||||
echo "::: interface $piholeInterface
|
echo "::: interface $piholeInterface
|
||||||
static ip_address=$IPv4addr
|
static ip_address=$IPv4addr
|
||||||
static routers=$IPv4gw
|
static routers=$IPv4gw
|
||||||
static domain_name_servers=$IPv4gw" | $SUDO tee -a $dhcpcdFile >/dev/null
|
static domain_name_servers=$IPv4gw" | $SUDO tee -a /etc/dhcpcd.conf >/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
setStaticIPv4() {
|
setStaticIPv4() {
|
||||||
# Tries to set the IPv4 address
|
if [[ -f /etc/dhcpcd.conf ]];then
|
||||||
if grep -q "$IPv4addr" $dhcpcdFile; then
|
# Debian Family
|
||||||
# address already set, noop
|
if grep -q "$IPv4addr" /etc/dhcpcd.conf; then
|
||||||
:
|
echo "::: Static IP already configured"
|
||||||
else
|
else
|
||||||
setDHCPCD
|
setDHCPCD
|
||||||
$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
|
$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
|
||||||
@ -303,6 +342,38 @@ setStaticIPv4() {
|
|||||||
echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete."
|
echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete."
|
||||||
echo ":::"
|
echo ":::"
|
||||||
fi
|
fi
|
||||||
|
elif [[ -f /etc/sysconfig/network-scripts/ifcfg-$piholeInterface ]];then
|
||||||
|
# Fedora Family
|
||||||
|
IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$piholeInterface
|
||||||
|
if grep -q "$IPv4addr" $IFCFG_FILE; then
|
||||||
|
echo "::: Static IP already configured"
|
||||||
|
else
|
||||||
|
IPADDR=$(echo $IPv4addr | cut -f1 -d/)
|
||||||
|
CIDR=$(echo $IPv4addr | cut -f2 -d/)
|
||||||
|
# Backup existing interface configuration:
|
||||||
|
cp $IFCFG_FILE $IFCFG_FILE.backup-$(date +%Y-%m-%d-%H%M%S)
|
||||||
|
# Build Interface configuration file:
|
||||||
|
$SUDO echo "# Configured via Pi-Hole installer" > $IFCFG_FILE
|
||||||
|
$SUDO echo "DEVICE=$piholeInterface" >> $IFCFG_FILE
|
||||||
|
$SUDO echo "BOOTPROTO=none" >> $IFCFG_FILE
|
||||||
|
$SUDO echo "ONBOOT=yes" >> $IFCFG_FILE
|
||||||
|
$SUDO echo "IPADDR=$IPADDR" >> $IFCFG_FILE
|
||||||
|
$SUDO echo "PREFIX=$CIDR" >> $IFCFG_FILE
|
||||||
|
$SUDO echo "USERCTL=no" >> $IFCFG_FILE
|
||||||
|
$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
|
||||||
|
if [ -x "$(command -v nmcli)" ];then
|
||||||
|
# Tell NetworkManager to read our new sysconfig file
|
||||||
|
$SUDO nmcli con load $IFCFG_FILE > /dev/null
|
||||||
|
fi
|
||||||
|
echo ":::"
|
||||||
|
echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete."
|
||||||
|
echo ":::"
|
||||||
|
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "::: Warning: Unable to locate configuration file to set static IPv4 address!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function valid_ip()
|
function valid_ip()
|
||||||
@ -455,6 +526,7 @@ versionCheckDNSmasq(){
|
|||||||
else
|
else
|
||||||
$SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation
|
$SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation
|
||||||
fi
|
fi
|
||||||
|
$SUDO sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' $dnsFile1
|
||||||
}
|
}
|
||||||
|
|
||||||
installScripts() {
|
installScripts() {
|
||||||
@ -502,7 +574,11 @@ installConfigs() {
|
|||||||
$SUDO chown "$USER":root /etc/lighttpd
|
$SUDO chown "$USER":root /etc/lighttpd
|
||||||
$SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
|
$SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
|
||||||
fi
|
fi
|
||||||
$SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf
|
$SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf
|
||||||
|
$SUDO mkdir -p /var/run/lighttpd
|
||||||
|
$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/run/lighttpd
|
||||||
|
$SUDO mkdir -p /var/cache/lighttpd/compress
|
||||||
|
$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/cache/lighttpd/compress
|
||||||
}
|
}
|
||||||
|
|
||||||
stopServices() {
|
stopServices() {
|
||||||
@ -510,50 +586,69 @@ stopServices() {
|
|||||||
$SUDO echo ":::"
|
$SUDO echo ":::"
|
||||||
$SUDO echo -n "::: Stopping services..."
|
$SUDO echo -n "::: Stopping services..."
|
||||||
#$SUDO service dnsmasq stop & spinner $! || true
|
#$SUDO service dnsmasq stop & spinner $! || true
|
||||||
|
if [ -x "$(command -v systemctl)" ]; then
|
||||||
|
$SUDO systemctl stop lighttpd & spinner $! || true
|
||||||
|
else
|
||||||
$SUDO service lighttpd stop & spinner $! || true
|
$SUDO service lighttpd stop & spinner $! || true
|
||||||
|
fi
|
||||||
$SUDO echo " done."
|
$SUDO echo " done."
|
||||||
}
|
}
|
||||||
|
|
||||||
checkForDependencies() {
|
installerDependencies() {
|
||||||
#Running apt-get update/upgrade with minimal output can cause some issues with
|
#Running apt-get update/upgrade with minimal output can cause some issues with
|
||||||
#requiring user input (e.g password for phpmyadmin see #218)
|
#requiring user input (e.g password for phpmyadmin see #218)
|
||||||
#We'll change the logic up here, to check to see if there are any updates availible and
|
#We'll change the logic up here, to check to see if there are any updates availible and
|
||||||
# if so, advise the user to run apt-get update/upgrade at their own discretion
|
# if so, advise the user to run apt-get update/upgrade at their own discretion
|
||||||
#Check to see if apt-get update has already been run today
|
#Check to see if apt-get update has already been run today
|
||||||
# it needs to have been run at least once on new installs!
|
# it needs to have been run at least once on new installs!
|
||||||
|
timestamp=$(stat -c %Y $PKG_CACHE)
|
||||||
timestamp=$(stat -c %Y /var/cache/apt/)
|
|
||||||
timestampAsDate=$(date -d @"$timestamp" "+%b %e")
|
timestampAsDate=$(date -d @"$timestamp" "+%b %e")
|
||||||
today=$(date "+%b %e")
|
today=$(date "+%b %e")
|
||||||
|
|
||||||
if [ ! "$today" == "$timestampAsDate" ]; then
|
if [ ! "$today" == "$timestampAsDate" ]; then
|
||||||
#update package lists
|
#update package lists
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo -n "::: apt-get update has not been run today. Running now..."
|
echo -n "::: $PKG_MANAGER update has not been run today. Running now..."
|
||||||
$SUDO apt-get -qq update & spinner $!
|
$SUDO $UPDATE_PKG_CACHE > /dev/null 2>&1
|
||||||
echo " done!"
|
echo " done!"
|
||||||
fi
|
fi
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo -n "::: Checking apt-get for upgraded packages...."
|
echo -n "::: Checking $PKG_MANAGER for upgraded packages...."
|
||||||
updatesToInstall=$($SUDO apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst)
|
updatesToInstall=$(eval "$SUDO $PKG_COUNT")
|
||||||
echo " done!"
|
echo " done!"
|
||||||
echo ":::"
|
echo ":::"
|
||||||
if [[ $updatesToInstall -eq "0" ]]; then
|
if [[ $updatesToInstall -eq "0" ]]; then
|
||||||
echo "::: Your pi is up to date! Continuing with pi-hole installation..."
|
echo "::: Your pi is up to date! Continuing with pi-hole installation..."
|
||||||
else
|
else
|
||||||
echo "::: There are $updatesToInstall updates availible for your pi!"
|
echo "::: There are $updatesToInstall updates availible for your pi!"
|
||||||
echo "::: We recommend you run 'sudo apt-get upgrade' after installing Pi-Hole! "
|
echo "::: We recommend you run '$PKG_UPDATE' after installing Pi-Hole! "
|
||||||
echo ":::"
|
echo ":::"
|
||||||
fi
|
fi
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo "::: Checking dependencies:"
|
echo "::: Checking installer dependencies..."
|
||||||
|
for i in "${INSTALLER_DEPS[@]}"; do
|
||||||
dependencies=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo)
|
|
||||||
for i in "${dependencies[@]}"; do
|
|
||||||
echo -n "::: Checking for $i..."
|
echo -n "::: Checking for $i..."
|
||||||
if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then
|
package_check $i > /dev/null
|
||||||
|
if ! [ $? -eq 0 ]; then
|
||||||
echo -n " Not found! Installing...."
|
echo -n " Not found! Installing...."
|
||||||
$SUDO apt-get -y -qq install "$i" > /dev/null & spinner $!
|
$SUDO $PKG_INSTALL "$i" > /dev/null 2>&1
|
||||||
|
echo " done!"
|
||||||
|
else
|
||||||
|
echo " already installed!"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
checkForDependencies() {
|
||||||
|
# Install dependencies for Pi-Hole
|
||||||
|
echo "::: Checking Pi-Hole dependencies:"
|
||||||
|
|
||||||
|
for i in "${PIHOLE_DEPS[@]}"; do
|
||||||
|
echo -n "::: Checking for $i..."
|
||||||
|
package_check $i > /dev/null
|
||||||
|
if ! [ $? -eq 0 ]; then
|
||||||
|
echo -n " Not found! Installing...."
|
||||||
|
$SUDO $PKG_INSTALL "$i" > /dev/null & spinner $!
|
||||||
echo " done!"
|
echo " done!"
|
||||||
else
|
else
|
||||||
echo " already installed!"
|
echo " already installed!"
|
||||||
@ -677,6 +772,27 @@ setUser(){
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
configureFirewall() {
|
||||||
|
# Allow HTTP and DNS traffic
|
||||||
|
if [ -x "$(command -v firewall-cmd)" ]; then
|
||||||
|
$SUDO firewall-cmd --state > /dev/null
|
||||||
|
if [[ $? -eq 0 ]]; then
|
||||||
|
$SUDO echo "::: Configuring firewalld for httpd and dnsmasq.."
|
||||||
|
$SUDO firewall-cmd --permanent --add-port=80/tcp
|
||||||
|
$SUDO firewall-cmd --permanent --add-port=53/tcp
|
||||||
|
$SUDO firewall-cmd --permanent --add-port=53/udp
|
||||||
|
$SUDO firewall-cmd --reload
|
||||||
|
fi
|
||||||
|
elif [ -x "$(command -v iptables)" ]; then
|
||||||
|
$SUDO echo "::: Configuring iptables for httpd and dnsmasq.."
|
||||||
|
$SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
||||||
|
$SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
|
||||||
|
$SUDO iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
|
||||||
|
else
|
||||||
|
$SUDO echo "::: No firewall detected.. skipping firewall configuration."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
installPihole() {
|
installPihole() {
|
||||||
# Install base files and web interface
|
# Install base files and web interface
|
||||||
checkForDependencies # done
|
checkForDependencies # done
|
||||||
@ -686,18 +802,55 @@ installPihole() {
|
|||||||
if [ ! -d "/var/www/html" ]; then
|
if [ ! -d "/var/www/html" ]; then
|
||||||
$SUDO mkdir -p /var/www/html
|
$SUDO mkdir -p /var/www/html
|
||||||
fi
|
fi
|
||||||
$SUDO chown www-data:www-data /var/www/html
|
$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/www/html
|
||||||
$SUDO chmod 775 /var/www/html
|
$SUDO chmod 775 /var/www/html
|
||||||
$SUDO usermod -a -G www-data pihole
|
$SUDO usermod -a -G $LIGHTTPD_GROUP pihole
|
||||||
|
if [ -x "$(command -v lighty-enable-mod)" ]; then
|
||||||
$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null
|
$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null
|
||||||
|
else
|
||||||
|
printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n"
|
||||||
|
fi
|
||||||
|
|
||||||
getGitFiles
|
getGitFiles
|
||||||
installScripts
|
installScripts
|
||||||
installConfigs
|
installConfigs
|
||||||
CreateLogFile
|
CreateLogFile
|
||||||
|
configureSelinux
|
||||||
installPiholeWeb
|
installPiholeWeb
|
||||||
installCron
|
installCron
|
||||||
runGravity
|
runGravity
|
||||||
|
configureFirewall
|
||||||
|
}
|
||||||
|
|
||||||
|
configureSelinux() {
|
||||||
|
if [ -x "$(command -v getenforce)" ]; then
|
||||||
|
printf "\n::: SELinux Detected\n"
|
||||||
|
printf ":::\tChecking for SELinux policy development packages..."
|
||||||
|
package_check "selinux-policy-devel" > /dev/null
|
||||||
|
if ! [ $? -eq 0 ]; then
|
||||||
|
echo -n " Not found! Installing...."
|
||||||
|
$SUDO $PKG_INSTALL "selinux-policy-devel" > /dev/null & spinner $!
|
||||||
|
echo " done!"
|
||||||
|
else
|
||||||
|
echo " already installed!"
|
||||||
|
fi
|
||||||
|
printf "::: Enabling httpd server side includes (SSI).. "
|
||||||
|
$SUDO setsebool -P httpd_ssi_exec on
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
echo -n "Success\n"
|
||||||
|
fi
|
||||||
|
printf ":::\tCompiling Pi-Hole SELinux policy..\n"
|
||||||
|
$SUDO checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
|
||||||
|
$SUDO semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
|
||||||
|
$SUDO semodule -i /etc/pihole/pihole.pp
|
||||||
|
$SUDO rm -f /etc/pihole/pihole.mod
|
||||||
|
$SUDO semodule -l | grep pihole > /dev/null
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
printf "::: Successfully installed Pi-Hole SELinux policy\n"
|
||||||
|
else
|
||||||
|
printf "::: Warning: Pi-Hole SELinux policy did not install correctly!\n"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
displayFinalMessage() {
|
displayFinalMessage() {
|
||||||
@ -716,6 +869,10 @@ View the web interface at http://pi.hole/admin or http://${IPv4addr%/*}/admin" $
|
|||||||
######## SCRIPT ############
|
######## SCRIPT ############
|
||||||
# Start the installer
|
# Start the installer
|
||||||
$SUDO mkdir -p /etc/pihole/
|
$SUDO mkdir -p /etc/pihole/
|
||||||
|
|
||||||
|
# Install packages used by this installation script
|
||||||
|
installerDependencies
|
||||||
|
|
||||||
welcomeDialogs
|
welcomeDialogs
|
||||||
|
|
||||||
# Verify there is enough disk space for the install
|
# Verify there is enough disk space for the install
|
||||||
@ -723,6 +880,8 @@ verifyFreeDiskSpace
|
|||||||
|
|
||||||
# Just back up the original Pi-hole right away since it won't take long and it gets it out of the way
|
# Just back up the original Pi-hole right away since it won't take long and it gets it out of the way
|
||||||
backupLegacyPihole
|
backupLegacyPihole
|
||||||
|
# Find IP used to route to outside world
|
||||||
|
findIPRoute
|
||||||
# Find interfaces and let the user choose one
|
# Find interfaces and let the user choose one
|
||||||
chooseInterface
|
chooseInterface
|
||||||
# Let the user decide if they want to block ads over IPv4 and/or IPv6
|
# Let the user decide if they want to block ads over IPv4 and/or IPv6
|
||||||
@ -741,8 +900,16 @@ displayFinalMessage
|
|||||||
|
|
||||||
echo -n "::: Restarting services..."
|
echo -n "::: Restarting services..."
|
||||||
# Start services
|
# Start services
|
||||||
$SUDO service dnsmasq restart
|
if [ -x "$(command -v systemctl)" ]; then
|
||||||
$SUDO service lighttpd start
|
$SUDO systemctl enable dnsmasq
|
||||||
|
$SUDO systemctl restart dnsmasq
|
||||||
|
$SUDO systemctl enable lighttpd
|
||||||
|
$SUDO systemctl start lighttpd
|
||||||
|
else
|
||||||
|
$SUDO service dnsmasq restart
|
||||||
|
$SUDO service lighttpd start
|
||||||
|
fi
|
||||||
|
|
||||||
echo " done."
|
echo " done."
|
||||||
|
|
||||||
echo ":::"
|
echo ":::"
|
||||||
|
@ -17,7 +17,7 @@ else
|
|||||||
echo "::: Sudo will be used for the uninstall."
|
echo "::: Sudo will be used for the uninstall."
|
||||||
# Check if it is actually installed
|
# Check if it is actually installed
|
||||||
# If it isn't, exit because the unnstall cannot complete
|
# If it isn't, exit because the unnstall cannot complete
|
||||||
if [[ $(dpkg-query -s sudo) ]];then
|
if [ -x "$(command -v sudo)" ];then
|
||||||
export SUDO="sudo"
|
export SUDO="sudo"
|
||||||
else
|
else
|
||||||
echo "::: Please install sudo or run this as root."
|
echo "::: Please install sudo or run this as root."
|
||||||
@ -25,6 +25,39 @@ else
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Compatability
|
||||||
|
if [ -x "$(command -v rpm)" ];then
|
||||||
|
# Fedora Family
|
||||||
|
if [ -x "$(command -v dnf)" ];then
|
||||||
|
PKG_MANAGER="dnf"
|
||||||
|
else
|
||||||
|
PKG_MANAGER="yum"
|
||||||
|
fi
|
||||||
|
PKG_REMOVE="$PKG_MANAGER remove -y"
|
||||||
|
PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common git curl unzip wget findutils )
|
||||||
|
package_check() {
|
||||||
|
rpm -qa | grep ^$1- > /dev/null
|
||||||
|
}
|
||||||
|
package_cleanup() {
|
||||||
|
$SUDO $PKG_MANAGER -y autoremove
|
||||||
|
}
|
||||||
|
elif [ -x "$(command -v apt-get)" ];then
|
||||||
|
# Debian Family
|
||||||
|
PKG_MANAGER="apt-get"
|
||||||
|
PKG_REMOVE="$PKG_MANAGER -y remove --purge"
|
||||||
|
PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget )
|
||||||
|
package_check() {
|
||||||
|
dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
|
||||||
|
}
|
||||||
|
package_cleanup() {
|
||||||
|
$SUDO $PKG_MANAGER -y autoremove
|
||||||
|
$SUDO $PKG_MANAGER -y autoclean
|
||||||
|
}
|
||||||
|
else
|
||||||
|
echo "OS distribution not supported"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
spinner()
|
spinner()
|
||||||
{
|
{
|
||||||
local pid=$1
|
local pid=$1
|
||||||
@ -43,14 +76,13 @@ spinner()
|
|||||||
function removeAndPurge {
|
function removeAndPurge {
|
||||||
# Purge dependencies
|
# Purge dependencies
|
||||||
echo ":::"
|
echo ":::"
|
||||||
# Nate 3/28/2016 - Removed `php5-cgi` and `php5` as they are removed with php5-common
|
for i in "${PIHOLE_DEPS[@]}"; do
|
||||||
dependencies=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget )
|
package_check $i > /dev/null
|
||||||
for i in "${dependencies[@]}"; do
|
if [ $? -eq 0 ]; then
|
||||||
if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then
|
|
||||||
while true; do
|
while true; do
|
||||||
read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn
|
read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn
|
||||||
case $yn in
|
case $yn in
|
||||||
[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; break;;
|
[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO $PKG_REMOVE "$i" &> /dev/null & spinner $!; printf "done!\n"; break;;
|
||||||
[Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;;
|
[Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;;
|
||||||
* ) printf "::: You must answer yes or no!\n";;
|
* ) printf "::: You must answer yes or no!\n";;
|
||||||
esac
|
esac
|
||||||
@ -65,10 +97,8 @@ echo ":::"
|
|||||||
$SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null
|
$SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null
|
||||||
|
|
||||||
# Take care of any additional package cleaning
|
# Take care of any additional package cleaning
|
||||||
printf "::: Auto removing remaining dependencies..."
|
printf "::: Auto removing & cleaning remaining dependencies..."
|
||||||
$SUDO apt-get -y autoremove &> /dev/null & spinner $!; printf "done!\n";
|
package_cleanup &> /dev/null & spinner $!; printf "done!\n";
|
||||||
printf "::: Auto cleaning remaining dependencies..."
|
|
||||||
$SUDO apt-get -y autoclean &> /dev/null & spinner $!; printf "done!\n";
|
|
||||||
|
|
||||||
# Call removeNoPurge to remove PiHole specific files
|
# Call removeNoPurge to remove PiHole specific files
|
||||||
removeNoPurge
|
removeNoPurge
|
||||||
@ -107,7 +137,8 @@ function removeNoPurge {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
echo "::: Removing config files and scripts..."
|
echo "::: Removing config files and scripts..."
|
||||||
if [ ! "$(dpkg-query -W --showformat='${Status}\n' lighttpd 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then
|
package_check $i > /dev/null
|
||||||
|
if [ $? -eq 1 ]; then
|
||||||
$SUDO rm -rf /etc/lighttpd/ &> /dev/null
|
$SUDO rm -rf /etc/lighttpd/ &> /dev/null
|
||||||
else
|
else
|
||||||
if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then
|
if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then
|
||||||
@ -143,5 +174,3 @@ while true; do
|
|||||||
[Nn]* ) removeNoPurge; break;;
|
[Nn]* ) removeNoPurge; break;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@ else
|
|||||||
echo "::: sudo will be used."
|
echo "::: sudo will be used."
|
||||||
# Check if it is actually installed
|
# Check if it is actually installed
|
||||||
# If it isn't, exit because the install cannot complete
|
# If it isn't, exit because the install cannot complete
|
||||||
if [[ $(dpkg-query -s sudo) ]];then
|
if [ -x "$(command -v sudo)" ];then
|
||||||
export SUDO="sudo"
|
export SUDO="sudo"
|
||||||
else
|
else
|
||||||
echo "::: Please install sudo or run this script as root."
|
echo "::: Please install sudo or run this script as root."
|
||||||
|
2
pihole
2
pihole
@ -17,7 +17,7 @@ if [[ ! $EUID -eq 0 ]];then
|
|||||||
#echo "::: Sudo will be used for this tool."
|
#echo "::: Sudo will be used for this tool."
|
||||||
# Check if it is actually installed
|
# Check if it is actually installed
|
||||||
# If it isn't, exit because the pihole cannot be invoked without privileges.
|
# If it isn't, exit because the pihole cannot be invoked without privileges.
|
||||||
if [[ $(dpkg-query -s sudo) ]];then
|
if [ -x "$(command -v sudo)" ];then
|
||||||
export SUDO="sudo"
|
export SUDO="sudo"
|
||||||
else
|
else
|
||||||
echo "::: Please install sudo or run this as root."
|
echo "::: Please install sudo or run this as root."
|
||||||
|
Loading…
Reference in New Issue
Block a user