From 32b50f8188d4e88aecebb00e50a847635a60f285 Mon Sep 17 00:00:00 2001 From: Borats Nolan Date: Sat, 28 Jul 2018 02:35:39 +1000 Subject: [PATCH 01/19] Change the word "folder" to "directory" since the pi-hole is intended to run on rpi with Linux on it. Signed-off-by: Borats Nolan --- automated install/basic-install.sh | 8 ++++---- automated install/uninstall.sh | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 79e8e1ae..ad7d313c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -38,14 +38,14 @@ lighttpdConfig=/etc/lighttpd/lighttpd.conf # This is a file used for the colorized output coltable=/opt/pihole/COL_TABLE -# We store several other folders and +# We store several other directories and webInterfaceGitUrl="https://github.com/pi-hole/AdminLTE.git" webInterfaceDir="/var/www/html/admin" piholeGitUrl="https://github.com/pi-hole/pi-hole.git" PI_HOLE_LOCAL_REPO="/etc/.pihole" # These are the names of pi-holes files, stored in an array PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage) -# This folder is where the Pi-hole scripts will be installed +# This directory is where the Pi-hole scripts will be installed PI_HOLE_INSTALL_DIR="/opt/pihole" useUpdateVars=false @@ -318,7 +318,7 @@ else fi } -# A function for checking if a folder is a git repository +# A function for checking if a directory is a git repository is_repo() { # Use a named, local variable instead of the vague $1, which is the first argument passed to this function # These local variables should always be lowercase @@ -333,7 +333,7 @@ is_repo() { if [[ -d "${directory}" ]]; then # move into the directory cd "${directory}" - # Use git to check if the folder is a repo + # Use git to check if the directory is a repo # git -C is not used here to support git versions older than 1.8.4 git status --short &> /dev/null || rc=$? # If the command was not successful, diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 9322de92..52760cfb 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -106,7 +106,7 @@ removeNoPurge() { ${SUDO} rm -rf /var/www/html/pihole &> /dev/null ${SUDO} rm -f /var/www/html/index.lighttpd.orig &> /dev/null - # If the web directory is empty after removing these files, then the parent html folder can be removed. + # If the web directory is empty after removing these files, then the parent html directory can be removed. if [ -d "/var/www/html" ]; then if [[ ! "$(ls -A /var/www/html)" ]]; then ${SUDO} rm -rf /var/www/html &> /dev/null From 0081a7ca9285205369cd06ef6788bbcff443bf9c Mon Sep 17 00:00:00 2001 From: Mark McGuire Date: Sun, 5 Aug 2018 10:09:56 -0500 Subject: [PATCH 02/19] set noninteractive during unattended install Signed-off-by: Mark McGuire --- automated install/basic-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ad7d313c..3b9d7ba9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2327,6 +2327,8 @@ main() { echo -e " ${INFO} Performing unattended setup, no whiptail dialogs will be displayed" # Use the setup variables useUpdateVars=true + # also disable debconf-apt-progress dialogs + export DEBIAN_FRONTEND="noninteractive" # Otherwise, else # show the available options (repair/reconfigure) From eef948d79780be8e941c715f1dc0a9c419760ac5 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Tue, 7 Aug 2018 10:45:30 +1000 Subject: [PATCH 03/19] Fix header newlines * Added \\n to each $xxx_ver_str, resolving issue #2325 Signed-off-by: WaLLy3K --- advanced/Scripts/chronometer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 046a98c4..3f99a781 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -478,7 +478,7 @@ chronoFunc() { ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC} ${COL_DARK_GRAY}$scr_line_str${COL_NC}" else - echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str|_| |_| |_||_\\___/_\\___|$ftl_ver_str ${COL_DARK_GRAY}$scr_line_str${COL_NC}" + echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}" fi printFunc " Hostname: " "$sys_name" "$host_info" From e01eea8ba8005bb394c844efbac56db15467cdd0 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 6 Aug 2018 21:15:16 -0400 Subject: [PATCH 04/19] Remove PowerPC from FTL binaries It is no longer built, and may cause 404 errors if it attempts to download the binary. Signed-off-by: Mcat12 --- automated install/basic-install.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 77e02b58..61dfe831 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2151,11 +2151,6 @@ get_binary_name() { # set the binary to be used binary="pihole-FTL-arm-linux-gnueabi" fi - elif [[ "${machine}" == "ppc" ]]; then - # PowerPC - echo -e "${OVER} ${TICK} Detected PowerPC architecture" - # set the binary to be used - binary="pihole-FTL-powerpc-linux-gnu" elif [[ "${machine}" == "x86_64" ]]; then # This gives the architecture of packages dpkg installs (for example, "i386") local dpkgarch From f5c3dc5d9d4f00caed58eddfc40d712d565ab038 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Aug 2018 16:51:58 +0200 Subject: [PATCH 05/19] Improve download error message that is shown when downloading or verifying the binary failed Signed-off-by: DL6ER --- automated install/basic-install.sh | 4 ++-- test/test_automated_install.py | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 61dfe831..b12028a5 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2099,7 +2099,7 @@ FTLinstall() { # the download failed, so just go back to the original directory popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" - echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" + echo -e " ${COL_LIGHT_RED}Error: Download of ${url}/${binary} failed (checksum error)${COL_NC}" return 1 fi # Otherwise, @@ -2107,7 +2107,7 @@ FTLinstall() { popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" # The URL could not be found - echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" + echo -e " ${COL_LIGHT_RED}Error: URL ${url}/${binary} not found${COL_NC}" return 1 fi } diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 876b06eb..2cded451 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -501,8 +501,10 @@ def test_FTL_download_unknown_fails_no_errors(Pihole): ''') expected_stdout = cross_box + ' Downloading and Installing FTL' assert expected_stdout in download_binary.stdout - error = 'Error: URL not found' - assert error in download_binary.stdout + error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/' + assert error1 in download_binary.stdout + error2 = 'not found' + assert error2 in download_binary.stdout def test_FTL_binary_installed_and_responsive_no_errors(Pihole): From 5bf90cb77d3d84fc7049a15287dc4ca5df3f6cc4 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Aug 2018 18:02:01 +0200 Subject: [PATCH 06/19] Use alternative logic for counting regex file entries, skipping commented out lines Signed-off-by: DL6ER --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 50c37784..2836ec1f 100755 --- a/gravity.sh +++ b/gravity.sh @@ -464,7 +464,7 @@ gravity_ShowBlockCount() { fi if [[ -f "${regexFile}" ]]; then - num=$(grep -c "^(?!#)" "${regexFile}") + num=$(grep -c "^[^#]" "${regexFile}") echo -e " ${INFO} Number of regex filters: ${num}" fi } From 760dd01b50330cb97affeddfe5462d847bac3df0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 7 Aug 2018 18:36:06 +0200 Subject: [PATCH 07/19] Use grep invert-match Signed-off-by: DL6ER --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 2836ec1f..026cd4a4 100755 --- a/gravity.sh +++ b/gravity.sh @@ -464,7 +464,7 @@ gravity_ShowBlockCount() { fi if [[ -f "${regexFile}" ]]; then - num=$(grep -c "^[^#]" "${regexFile}") + num=$(grep -cv "^#" "${regexFile}") echo -e " ${INFO} Number of regex filters: ${num}" fi } From 94e4ed664431faae47b093de8ba5fcd06aafb14b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 10 Aug 2018 18:22:55 +0200 Subject: [PATCH 08/19] Add facility to add multiple audit list entries at once and to nuke audit list Signed-off-by: DL6ER --- advanced/Scripts/webpage.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index c3dede05..0d4cab90 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -525,9 +525,19 @@ Teleporter() { php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.zip" } -audit() +addAudit() { - echo "${args[2]}" >> /etc/pihole/auditlog.list + shift # skip "-a" + shift # skip "audit" + for var in "$@" + do + echo "${var}" >> /etc/pihole/auditlog.list + done +} + +clearAudit() +{ + echo -n "" > /etc/pihole/auditlog.list } SetPrivacyLevel() { @@ -565,7 +575,8 @@ main() { "-i" | "interface" ) SetListeningMode "$@";; "-t" | "teleporter" ) Teleporter;; "adlist" ) CustomizeAdLists;; - "audit" ) audit;; + "audit" ) addAudit "$@";; + "clearaudit" ) clearAudit;; "-l" | "privacylevel" ) SetPrivacyLevel;; * ) helpFunc;; esac From a1bf9fad98f3ac97fe4330337197b7b5a4d62512 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Sat, 11 Aug 2018 12:55:18 +1000 Subject: [PATCH 09/19] Fix colour tail for use with new blocking methods Signed-off-by: WaLLy3K --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index 8be03f79..b444efe7 100755 --- a/pihole +++ b/pihole @@ -303,7 +303,7 @@ tailFunc() { # Colour everything else as gray tail -f /var/log/pihole.log | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \ - -e "s,(.*(gravity.list|black.list| config ).* is (${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(gravity.list|black.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 From d9195970b7da98e685945abe8a7dcd7417ccf44c Mon Sep 17 00:00:00 2001 From: Realtbo Date: Sun, 12 Aug 2018 23:19:16 +0200 Subject: [PATCH 10/19] Create adlist file while running unattended setup Signed-off-by: Realtebo --- automated install/basic-install.sh | 45 +++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a7f590ab..8f54e440 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1087,19 +1087,42 @@ chooseBlocklists() { # For each choice available, for choice in ${choices} do - # Set the values to true - case ${choice} in - StevenBlack ) echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> "${adlistFile}";; - MalwareDom ) echo "https://mirror1.malwaredomains.com/files/justdomains" >> "${adlistFile}";; - Cameleon ) echo "http://sysctl.org/cameleon/hosts" >> "${adlistFile}";; - ZeusTracker ) echo "https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist" >> "${adlistFile}";; - DisconTrack ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}";; - DisconAd ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}";; - HostsFile ) echo "https://hosts-file.net/ad_servers.txt" >> "${adlistFile}";; - esac + appendToListsFile choice done } +# Accept a string parameter, it must be one of the default lists +# This function allow to not duplicate code in chooseBlocklists and +# in installDefaultBlocklists +appendToListsFile() { + case $1 in + StevenBlack ) echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> "${adlistFile}";; + MalwareDom ) echo "https://mirror1.malwaredomains.com/files/justdomains" >> "${adlistFile}";; + Cameleon ) echo "http://sysctl.org/cameleon/hosts" >> "${adlistFile}";; + ZeusTracker ) echo "https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist" >> "${adlistFile}";; + DisconTrack ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}";; + DisconAd ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}";; + HostsFile ) echo "https://hosts-file.net/ad_servers.txt" >> "${adlistFile}";; + esac +} + +# Used only in unattended setup +# If there is already the adListFile, we keep it, else we create it using all default lists +installDefaultBlocklists() { + # In unattended setup, could be usefull to use userdefined blocklist. + # If this file exists, we avoid to override it. + if [[ -f "${adlistFile}" ]]; then + return; + fi + appendToListsFile StevenBlack + appendToListsFile MalwareDom + appendToListsFile Cameleon + appendToListsFile ZeusTracker + appendToListsFile DisconTrack + appendToListsFile DisconAd + appendToListsFile HostsFile +} + # Check if /etc/dnsmasq.conf is from pi-hole. If so replace with an original and install new in .d directory version_check_dnsmasq() { # Local, named variables @@ -2391,6 +2414,8 @@ main() { # Let the user decide if they want query logging enabled... setLogging else + # Setup adlist file if not exists + installDefaultBlocklists # Source ${setupVars} to use predefined user variables in the functions source ${setupVars} fi From d163e3838070a9d427f1d1240d4059b254da2e14 Mon Sep 17 00:00:00 2001 From: WaLLy3K Date: Mon, 13 Aug 2018 14:56:38 +1000 Subject: [PATCH 11/19] Ensure regex-blocked lines are red * Add `regex.list` to seds list Signed-off-by: WaLLy3K --- pihole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pihole b/pihole index b444efe7..0f584b15 100755 --- a/pihole +++ b/pihole @@ -303,7 +303,7 @@ tailFunc() { # Colour everything else as gray tail -f /var/log/pihole.log | sed -E \ -e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \ - -e "s,(.*(gravity.list|black.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ + -e "s,(.*(gravity.list|black.list|regex.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*,${COL_GRAY}&${COL_NC}," exit 0 From ca309d3b282b4cf83051b925046db7239be6ab58 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 14 Aug 2018 13:14:39 +0200 Subject: [PATCH 12/19] Restart pihole-FTL after log flushing to force reloading history. Fixes #2339 Signed-off-by: DL6ER --- advanced/Scripts/piholeLogFlush.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 4847282f..561fbce7 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -58,6 +58,8 @@ else # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1") + # Restart pihole-FTL to force reloading history + sudo pihole restartdns fi if [[ "$@" != *"quiet"* ]]; then From 476fecbcf5b28634a7e3a963697a79f01aa7e159 Mon Sep 17 00:00:00 2001 From: Mirko Tebaldi Date: Tue, 14 Aug 2018 14:59:41 +0200 Subject: [PATCH 13/19] Fixed typos as suggestes Signed-off-by: Realtebo --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 23d8a896..f91d64a7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1109,8 +1109,8 @@ appendToListsFile() { # Used only in unattended setup # If there is already the adListFile, we keep it, else we create it using all default lists installDefaultBlocklists() { - # In unattended setup, could be usefull to use userdefined blocklist. - # If this file exists, we avoid to override it. + # In unattended setup, could be useful to use userdefined blocklist. + # If this file exists, we avoid overriding it. if [[ -f "${adlistFile}" ]]; then return; fi From 0d1b3cee4f96290db52df19e563c3ecad3991850 Mon Sep 17 00:00:00 2001 From: Realtebo Date: Thu, 16 Aug 2018 17:52:47 +0200 Subject: [PATCH 14/19] Enable FTL service before starting it Signed-off-by: Realtebo --- automated install/basic-install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f91d64a7..9f596b45 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2483,9 +2483,12 @@ main() { echo -e " ${INFO} Restarting services..." # Start services - # Enable FTL - start_service pihole-FTL + # Enable FTL + # Ensure the service is enabled before trying to start it + # Fixes a problem reported on Ubuntu 18.04 where trying to start + # the service before enabling causes installer to exit enable_service pihole-FTL + start_service pihole-FTL # Download and compile the aggregated block list runGravity From d30b565d98149dfa68b84cf8b2756cf548a296e2 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 19 Aug 2018 13:53:34 +0200 Subject: [PATCH 15/19] Touch dhcp.leases to ensure it exists. There are some systems out there where the installer didn't finish on the first run and some users don't have this file being created. Although /etc/pihole should be owned by pihole:pihole, pihole-FTL sometimes fails to open this file and - if this is the case and DHCP is enabled - refuses to start altogether. Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index ecc7a52a..04fae69a 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -26,13 +26,16 @@ start() { if is_running; then echo "pihole-FTL is already running" else - touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log + touch /var/log/pihole-FTL.log /var/log/pihole.log + touch /run/pihole-FTL.pid /run/pihole-FTL.port + touch /etc/pihole/dhcp.leases mkdir -p /var/run/pihole mkdir -p /var/log/pihole chown pihole:pihole /var/run/pihole /var/log/pihole rm /var/run/pihole/FTL.sock 2> /dev/null - chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port - chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log + chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port + chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases + chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)" echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL @@ -78,7 +81,7 @@ status() { echo "[ ] pihole-FTL is not running" exit 1 fi -} +} ### main logic ### From 5cd3b11391b719f18313f614a062d29a5e702752 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 19 Aug 2018 14:32:19 +0200 Subject: [PATCH 16/19] Start pihole-FTL as root if capabilities are not supported by the system Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index ecc7a52a..266ecd3e 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -34,9 +34,13 @@ start() { chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log - setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)" echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL - su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" + if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"; then + su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" + else + echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system" + pihole-FTL + fi echo fi } @@ -78,7 +82,7 @@ status() { echo "[ ] pihole-FTL is not running" exit 1 fi -} +} ### main logic ### From ec2426b24d9e82a3f507b624b232f867f096e3f8 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 19 Aug 2018 19:55:47 +0200 Subject: [PATCH 17/19] Add clarifying comments Signed-off-by: DL6ER --- advanced/Templates/pihole-FTL.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 04fae69a..14205fe7 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -26,6 +26,7 @@ start() { if is_running; then echo "pihole-FTL is already running" else + # Touch files to ensure they exist (create if non-existing, preserve if existing) touch /var/log/pihole-FTL.log /var/log/pihole.log touch /run/pihole-FTL.pid /run/pihole-FTL.port touch /etc/pihole/dhcp.leases @@ -33,6 +34,7 @@ start() { mkdir -p /var/log/pihole chown pihole:pihole /var/run/pihole /var/log/pihole rm /var/run/pihole/FTL.sock 2> /dev/null + # Ensure that permissions are set so that pihole-FTL can edit all necessary files chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log From 1dca1efbc6df3d31ebf4e9ba13beedade074a8b9 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 20 Aug 2018 23:11:23 +0200 Subject: [PATCH 18/19] Don't use extra query logging Signed-off-by: DL6ER --- advanced/01-pihole.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index 85d260b2..f7b78ab0 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -39,7 +39,7 @@ interface=@INT@ cache-size=10000 -log-queries=extra +log-queries log-facility=/var/log/pihole.log local-ttl=2 From f141b9f778065a60cac0e313987b19dca934c81d Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Mon, 20 Aug 2018 17:36:16 -0400 Subject: [PATCH 19/19] Add support for privacy level 4 Signed-off-by: Mcat12 --- advanced/Scripts/webpage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 0d4cab90..cba7af00 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -541,8 +541,8 @@ clearAudit() } SetPrivacyLevel() { - # Set privacy level. Minimum is 0, maximum is 3 - if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then + # Set privacy level. Minimum is 0, maximum is 4 + if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 4 ]; then changeFTLsetting "PRIVACYLEVEL" "${args[2]}" fi }