Merge pull request #563 from pi-hole/development

Push to release 2.8 - Gold

adlists.default

@@ -43,11 +43,15 @@ https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
 # Block the BBC News website Breaking News banner
 #https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts
 
+# List of known C&C malware servers (see https://github.com/pi-hole/pi-hole/issues/528)
+https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
 
 # Untested Lists:
 #https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt
-#http://spam404bl.com/spam404scamlist.txt
+#https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
 #http://malwaredomains.lehigh.edu/files/domains.txt
 # Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/)
 #https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
 #https://raw.github.com/notracking/hosts-blocklists/master/domains.txt
+# Combination of serveral host files on the internet (warning some facebook domains are also blocked but you can go to facebook.com). See https://github.com/mat1th/Dns-add-block for more information.
+#https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts

advanced/Scripts/blacklist.sh

@@ -17,7 +17,7 @@ else
 	echo "::: sudo will be used."
 	# Check if it is actually installed
 	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
+	if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
 	else
 		echo "::: Please install sudo or run this script as root."

advanced/Scripts/piholeDebug.sh

@@ -36,7 +36,7 @@ if [[ $EUID -eq 0 ]]; then
 else
 	echo "::: Sudo will be used for debugging."
 	# Check if sudo is actually installed
-	if [[ $(dpkg-query -s sudo) ]]; then
+	if [ -x "$(command -v sudo)" ]; then
 		export SUDO="sudo"
 	else
 		echo "::: Please install sudo or run this as root."
@@ -67,6 +67,14 @@ function versionCheck {
 	echo >> $DEBUG_LOG
 }
 
+function distroCheck {
+	echo "#######################################" >> $DEBUG_LOG
+	echo "######## Distribution Section #########" >> $DEBUG_LOG
+	echo "#######################################" >> $DEBUG_LOG
+	
+	TMP=$(cat /etc/*release/ || echo "Failed to find release")
+	echo "Distribution Version: $TMP" >> $DEBUG_LOG
+	
 function compareWhitelist {
 	if [ ! -f "$WHITELISTMATCHES" ]; then
 		$SUDO touch $WHITELISTMATCHES
@@ -195,6 +203,7 @@ echo "$GATEWAY_CHECK" >> $DEBUG_LOG
 echo >> $DEBUG_LOG
 
 versionCheck
+distroCheck
 compareWhitelist
 compareBlacklist
 testNslookup
@@ -330,8 +339,16 @@ function dumpPiHoleLog {
 
 # Anything to be done after capturing of pihole.log terminates
 function finalWork {
-	echo "::: Finshed debugging!" 
-	echo "::: Debug log can be found at : /var/log/pihole_debug.log"
+	echo "::: Finshed debugging!"
+	TERMBIN=$(cat /var/log/pihole_debug.log | nc termbin.com 9999)
+
+	# Check if termbin.com is reachable. When it's not, point to local log instead
+	if [ -n "$TERMBIN" ]
+	then
+		echo "::: Debug log can be found at : $TERMBIN"
+	else
+		echo "::: Debug log can be found at : /var/log/pihole_debug.log"
+	fi
 }
 trap finalWork EXIT
 

advanced/Scripts/setupLCD.sh

@@ -19,7 +19,7 @@ else
 	echo "::: sudo will be used."
   # Check if it is actually installed
   # If it isn't, exit because the install cannot complete
-  if [[ $(dpkg-query -s sudo) ]];then
+  if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
   else
 		echo "::: Please install sudo or run this script as root."

advanced/Scripts/whitelist.sh

@@ -17,7 +17,7 @@ else
 	echo "::: sudo will be used."
 	# Check if it is actually installed
 	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
+	if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
 	else
 		echo "::: Please install sudo or run this script as root."

advanced/lighttpd.conf.debian

@@ -14,7 +14,7 @@ server.modules = (
 	"mod_accesslog",
 	"mod_expire",
 	"mod_compress",
- 	"mod_redirect",
+	"mod_redirect",
 	"mod_setenv",
 	"mod_rewrite"
 )

advanced/lighttpd.conf.fedora

@@ -0,0 +1,77 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# lighttpd config for Pi-hole
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
+server.modules = (
+	"mod_access",
+	"mod_fastcgi",
+	"mod_accesslog",
+	"mod_expire",
+	"mod_compress",
+	"mod_redirect",
+	"mod_setenv",
+	"mod_rewrite"
+)
+
+server.document-root        = "/var/www/html"
+server.error-handler-404	= "pihole/index.html"
+server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/var/run/lighttpd.pid"
+server.username             = "lighttpd"
+server.groupname            = "lighttpd"
+server.port                 = 80
+accesslog.filename			= "/var/log/lighttpd/access.log"
+accesslog.format			= "%{%s}t|%V|%r|%s|%b"
+
+
+index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
+url.access-deny             = ( "~", ".inc" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+compress.cache-dir          = "/var/cache/lighttpd/compress/"
+compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
+
+mimetype.assign   = ( ".png"  => "image/png",
+                      ".jpg"  => "image/jpeg",
+                      ".jpeg" => "image/jpeg",
+                      ".html" => "text/html",
+                      ".css" => "text/css; charset=utf-8",
+                      ".js" => "application/javascript",
+                      ".json" => "application/json",
+                      ".txt"  => "text/plain" )
+
+# default listening port for IPv6 falls back to the IPv4 port
+#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
+#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
+#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
+
+fastcgi.server = ( ".php" =>
+                   ( "localhost" =>
+                     (
+                       "socket" => "/tmp/php-fastcgi.socket",
+                       "bin-path" => "/usr/bin/php-cgi"
+                     )
+                   )
+                 )
+
+# If the URL starts with /admin, it is the Web interface
+$HTTP["url"] =~ "^/admin/" {
+	# Create a response header for debugging using curl -I
+	setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" )
+}
+
+# If the URL does not start with /admin, then it is a query for an ad domain
+$HTTP["url"] =~ "^(?!/admin)/.*" {
+	# Create a response header for debugging using curl -I
+	setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." )
+        # rewrite only js requests
+        url.rewrite = ("(.*).js" => "pihole/index.js")
+}

advanced/selinux/pihole.te

@@ -0,0 +1,87 @@
+module pihole 1.0;
+
+require {
+        type var_log_t;
+        type unconfined_t;
+        type init_t;
+        type auditd_t;
+        type syslogd_t;
+        type NetworkManager_t;
+        type mdadm_t;
+        type tuned_t;
+        type avahi_t;
+        type irqbalance_t;
+        type system_dbusd_t;
+        type kernel_t;
+        type httpd_sys_script_t;
+        type systemd_logind_t;
+        type httpd_t;
+        type policykit_t;
+        type dnsmasq_t;
+        type udev_t;
+        type postfix_pickup_t;
+        type sshd_t;
+        type crond_t;
+        type getty_t;
+        type lvm_t;
+        type postfix_qmgr_t;
+        type postfix_master_t;
+        class dir { getattr search };
+        class file { read open setattr };
+}
+
+#============= dnsmasq_t ==============
+allow dnsmasq_t var_log_t:file { open setattr };
+
+#============= httpd_t ==============
+allow httpd_t var_log_t:file { read open };
+
+#============= httpd_sys_script_t (class: dir) ==============
+allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
+allow httpd_sys_script_t auditd_t:dir { getattr search };
+allow httpd_sys_script_t avahi_t:dir { getattr search };
+allow httpd_sys_script_t crond_t:dir { getattr search };
+allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
+allow httpd_sys_script_t getty_t:dir { getattr search };
+allow httpd_sys_script_t httpd_t:dir { getattr search };
+allow httpd_sys_script_t init_t:dir { getattr search };
+allow httpd_sys_script_t irqbalance_t:dir { getattr search };
+allow httpd_sys_script_t kernel_t:dir { getattr search };
+allow httpd_sys_script_t lvm_t:dir { getattr search };
+allow httpd_sys_script_t mdadm_t:dir { getattr search };
+allow httpd_sys_script_t policykit_t:dir { getattr search };
+allow httpd_sys_script_t postfix_master_t:dir { getattr search };
+allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
+allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
+allow httpd_sys_script_t sshd_t:dir { getattr search };
+allow httpd_sys_script_t syslogd_t:dir { getattr search };
+allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
+allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
+allow httpd_sys_script_t tuned_t:dir { getattr search };
+allow httpd_sys_script_t udev_t:dir { getattr search };
+allow httpd_sys_script_t unconfined_t:dir { getattr search };
+
+#============= httpd_sys_script_t (class: file) ==============
+allow httpd_sys_script_t NetworkManager_t:file { read open };
+allow httpd_sys_script_t auditd_t:file { read open };
+allow httpd_sys_script_t avahi_t:file { read open };
+allow httpd_sys_script_t crond_t:file { read open };
+allow httpd_sys_script_t dnsmasq_t:file { read open };
+allow httpd_sys_script_t getty_t:file { read open };
+allow httpd_sys_script_t httpd_t:file { read open };
+allow httpd_sys_script_t init_t:file { read open };
+allow httpd_sys_script_t irqbalance_t:file { read open };
+allow httpd_sys_script_t kernel_t:file { read open };
+allow httpd_sys_script_t lvm_t:file { read open };
+allow httpd_sys_script_t mdadm_t:file { read open };
+allow httpd_sys_script_t policykit_t:file { read open };
+allow httpd_sys_script_t postfix_master_t:file { read open };
+allow httpd_sys_script_t postfix_pickup_t:file { read open };
+allow httpd_sys_script_t postfix_qmgr_t:file { read open };
+allow httpd_sys_script_t sshd_t:file { read open };
+allow httpd_sys_script_t syslogd_t:file { read open };
+allow httpd_sys_script_t system_dbusd_t:file { read open };
+allow httpd_sys_script_t systemd_logind_t:file { read open };
+allow httpd_sys_script_t tuned_t:file { read open };
+allow httpd_sys_script_t udev_t:file { read open };
+allow httpd_sys_script_t unconfined_t:file { read open };

automated install/basic-install.sh

@@ -36,16 +36,6 @@ columns=$(tput cols)
 r=$(( rows / 2 ))
 c=$(( columns / 2 ))
 
-
-# Find IP used to route to outside world
-
-IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
-IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
-IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
-
-availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
-dhcpcdFile=/etc/dhcpcd.conf
-
 ######## FIRST CHECK ########
 # Must be root to install
 echo ":::"
@@ -55,7 +45,7 @@ else
 	echo "::: sudo will be used for the install."
 	# Check if it is actually installed
 	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
+	if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
 	else
 		echo "::: sudo is needed for the Web interface to run pihole commands.  Please run this script as root and it will be automatically installed."
@@ -63,6 +53,47 @@ else
 	fi
 fi
 
+# Compatability
+if [ -x "$(command -v rpm)" ];then
+	# Fedora Family
+	if [ -x "$(command -v dnf)" ];then
+		PKG_MANAGER="dnf"
+	else
+		PKG_MANAGER="yum"
+	fi
+	PKG_CACHE="/var/cache/$PKG_MANAGER"
+	UPDATE_PKG_CACHE="$PKG_MANAGER check-update -q"
+	PKG_UPDATE="$PKG_MANAGER update -y"
+	PKG_INSTALL="$PKG_MANAGER install -y"
+	PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]"
+	INSTALLER_DEPS=( iproute net-tools procps-ng newt )
+	PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo netcat )
+	LIGHTTPD_USER="lighttpd"
+	LIGHTTPD_GROUP="lighttpd"
+	LIGHTTPD_CFG="lighttpd.conf.fedora"
+	package_check() {
+		rpm -qa | grep ^$1- > /dev/null
+	}
+elif [ -x "$(command -v apt-get)" ];then
+	# Debian Family
+	PKG_MANAGER="apt-get"
+	PKG_CACHE="/var/cache/apt"
+	UPDATE_PKG_CACHE="$PKG_MANAGER -qq update"
+	PKG_UPDATE="$PKG_MANAGER upgrade"
+	PKG_INSTALL="$PKG_MANAGER --yes --quiet install"
+	PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst"
+	INSTALLER_DEPS=( apt-utils whiptail dhcpcd5)
+	PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo netcat )
+	LIGHTTPD_USER="www-data"
+	LIGHTTPD_GROUP="www-data"
+	LIGHTTPD_CFG="lighttpd.conf.debian"
+	package_check() {
+		dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
+	}
+else
+	echo "OS distribution not supported"
+	exit
+fi
 
 ####### FUNCTIONS ##########
 spinner()
@@ -80,6 +111,14 @@ spinner()
     printf "    \b\b\b\b"
 }
 
+findIPRoute() {
+	# Find IP used to route to outside world
+	IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
+	IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
+	IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
+	availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
+}
+
 backupLegacyPihole() {
 	# This function detects and backups the pi-hole v1 files.  It will not do anything to the current version files.
 	if [[ -f /etc/dnsmasq.d/adList.conf ]];then
@@ -236,7 +275,7 @@ getStaticIPv4Settings() {
 If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want.
 It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." $r $c
 		#piholeIP is saved to a permanent file so gravity.sh can use it when updating
-		echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
+		$SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
 		# Nothing else to do since the variables are already set above
 	else
 		# Otherwise, we need to ask the user to input their desired settings.
@@ -258,8 +297,8 @@ It is also possible to use a DHCP reservation, but if you are going to do that,
 					Gateway:       $IPv4gw" $r $c)then
 					# If the settings are correct, then we need to set the piholeIP
 					# Saving it to a temporary file us to retrieve it later when we run the gravity.sh script. piholeIP is saved to a permanent file so gravity.sh can use it when updating
-					echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
-					echo "$piholeInterface" > /tmp/piholeINT
+					$SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
+					$SUDO echo "$piholeInterface" > /tmp/piholeINT
 					# After that's done, the loop ends and we move on
 					ipSettingsCorrect=True
 				else
@@ -288,20 +327,52 @@ setDHCPCD() {
 	echo "::: interface $piholeInterface
 	static ip_address=$IPv4addr
 	static routers=$IPv4gw
-	static domain_name_servers=$IPv4gw" | $SUDO tee -a $dhcpcdFile >/dev/null
+	static domain_name_servers=$IPv4gw" | $SUDO tee -a /etc/dhcpcd.conf >/dev/null
 }
 
 setStaticIPv4() {
-	# Tries to set the IPv4 address
-	if grep -q "$IPv4addr" $dhcpcdFile; then
-		# address already set, noop
-		:
+	if [[ -f /etc/dhcpcd.conf ]];then
+		# Debian Family
+		if grep -q "$IPv4addr" /etc/dhcpcd.conf; then
+			echo "::: Static IP already configured"
+		else
+			setDHCPCD
+			$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
+			echo ":::"
+			echo "::: Setting IP to $IPv4addr.  You may need to restart after the install is complete."
+			echo ":::"
+		fi
+	elif [[ -f /etc/sysconfig/network-scripts/ifcfg-$piholeInterface ]];then
+		# Fedora Family
+		IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$piholeInterface
+		if grep -q "$IPv4addr" $IFCFG_FILE; then
+			echo "::: Static IP already configured"
+		else
+			IPADDR=$(echo $IPv4addr | cut -f1 -d/)
+			CIDR=$(echo $IPv4addr | cut -f2 -d/)
+			# Backup existing interface configuration:
+			cp $IFCFG_FILE $IFCFG_FILE.backup-$(date +%Y-%m-%d-%H%M%S)
+			# Build Interface configuration file:
+			$SUDO echo "# Configured via Pi-Hole installer" > $IFCFG_FILE
+			$SUDO echo "DEVICE=$piholeInterface" >> $IFCFG_FILE
+			$SUDO echo "BOOTPROTO=none" >> $IFCFG_FILE
+			$SUDO echo "ONBOOT=yes" >> $IFCFG_FILE
+			$SUDO echo "IPADDR=$IPADDR" >> $IFCFG_FILE
+			$SUDO echo "PREFIX=$CIDR" >> $IFCFG_FILE
+			$SUDO echo "USERCTL=no" >> $IFCFG_FILE
+			$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
+			if [ -x "$(command -v nmcli)" ];then
+				# Tell NetworkManager to read our new sysconfig file
+				$SUDO nmcli con load $IFCFG_FILE > /dev/null
+			fi
+			echo ":::"
+			echo "::: Setting IP to $IPv4addr.  You may need to restart after the install is complete."
+			echo ":::"
+
+		fi
 	else
-		setDHCPCD
-		$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
-		echo ":::"
-		echo "::: Setting IP to $IPv4addr.  You may need to restart after the install is complete."
-		echo ":::"
+		echo "::: Warning: Unable to locate configuration file to set static IPv4 address!"
+		exit 1
 	fi
 }
 
@@ -455,6 +526,7 @@ versionCheckDNSmasq(){
 	else
 		$SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation
 	fi
+	$SUDO sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' $dnsFile1
 }
 
 installScripts() {
@@ -502,7 +574,11 @@ installConfigs() {
 		$SUDO chown "$USER":root /etc/lighttpd
 		$SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
 	fi
-	$SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf
+	$SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf
+	$SUDO mkdir -p /var/run/lighttpd
+	$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/run/lighttpd
+	$SUDO mkdir -p /var/cache/lighttpd/compress
+	$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/cache/lighttpd/compress
 }
 
 stopServices() {
@@ -510,50 +586,52 @@ stopServices() {
 	$SUDO echo ":::"
 	$SUDO echo -n "::: Stopping services..."
 	#$SUDO service dnsmasq stop & spinner $! || true
-	$SUDO service lighttpd stop & spinner $! || true
+	if [ -x "$(command -v systemctl)" ]; then
+		$SUDO systemctl stop lighttpd & spinner $! || true
+	else
+		$SUDO service lighttpd stop & spinner $! || true
+	fi
 	$SUDO echo " done."
 }
 
-checkForDependencies() {
+installerDependencies() {
 	#Running apt-get update/upgrade with minimal output can cause some issues with
 	#requiring user input (e.g password for phpmyadmin see #218)
 	#We'll change the logic up here, to check to see if there are any updates availible and
 	# if so, advise the user to run apt-get update/upgrade at their own discretion
 	#Check to see if apt-get update has already been run today
 	# it needs to have been run at least once on new installs!
-
-	timestamp=$(stat -c %Y /var/cache/apt/)
+	timestamp=$(stat -c %Y $PKG_CACHE)
 	timestampAsDate=$(date -d @"$timestamp" "+%b %e")
 	today=$(date "+%b %e")
 
 	if [ ! "$today" == "$timestampAsDate" ]; then
 		#update package lists
 		echo ":::"
-		echo -n "::: apt-get update has not been run today. Running now..."
-		$SUDO apt-get -qq update & spinner $!
+		echo -n "::: $PKG_MANAGER update has not been run today. Running now..."
+		$SUDO $UPDATE_PKG_CACHE > /dev/null 2>&1
 		echo " done!"
 	fi
 	echo ":::"
-	echo -n "::: Checking apt-get for upgraded packages...."
-    updatesToInstall=$($SUDO apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst)
-    echo " done!"
-    echo ":::"
-    if [[ $updatesToInstall -eq "0" ]]; then
+	echo -n "::: Checking $PKG_MANAGER for upgraded packages...."
+	updatesToInstall=$(eval "$SUDO $PKG_COUNT")
+	echo " done!"
+	echo ":::"
+	if [[ $updatesToInstall -eq "0" ]]; then
 		echo "::: Your pi is up to date! Continuing with pi-hole installation..."
-    else
+	else
 		echo "::: There are $updatesToInstall updates availible for your pi!"
-		echo "::: We recommend you run 'sudo apt-get upgrade' after installing Pi-Hole! "
+		echo "::: We recommend you run '$PKG_UPDATE' after installing Pi-Hole! "
 		echo ":::"
-    fi
-    echo ":::"
-    echo "::: Checking dependencies:"
-
-  dependencies=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo)
-	for i in "${dependencies[@]}"; do
+	fi
+	echo ":::"
+	echo "::: Checking installer dependencies..."
+	for i in "${INSTALLER_DEPS[@]}"; do
 		echo -n ":::    Checking for $i..."
-		if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then
+		package_check $i > /dev/null
+		if ! [ $? -eq 0 ]; then
 			echo -n " Not found! Installing...."
-			$SUDO apt-get -y -qq install "$i" > /dev/null & spinner $!
+			$SUDO $PKG_INSTALL "$i" > /dev/null 2>&1
 			echo " done!"
 		else
 			echo " already installed!"
@@ -561,6 +639,23 @@ checkForDependencies() {
 	done
 }
 
+checkForDependencies() {
+	# Install dependencies for Pi-Hole
+    echo "::: Checking Pi-Hole dependencies:"
+
+    for i in "${PIHOLE_DEPS[@]}"; do
+	echo -n ":::    Checking for $i..."
+	package_check $i > /dev/null
+	if ! [ $? -eq 0 ]; then
+		echo -n " Not found! Installing...."
+		$SUDO $PKG_INSTALL "$i" > /dev/null & spinner $!
+		echo " done!"
+	else
+		echo " already installed!"
+	fi
+    done
+}
+
 getGitFiles() {
 	# Setup git repos for base files and web admin
 	echo ":::"
@@ -677,6 +772,27 @@ setUser(){
 	fi
 }
 
+configureFirewall() {
+	# Allow HTTP and DNS traffic
+	if [ -x "$(command -v firewall-cmd)" ]; then
+		$SUDO firewall-cmd --state > /dev/null
+		if [[ $? -eq 0 ]]; then
+			$SUDO echo "::: Configuring firewalld for httpd and dnsmasq.."
+			$SUDO firewall-cmd --permanent --add-port=80/tcp
+			$SUDO firewall-cmd --permanent --add-port=53/tcp
+			$SUDO firewall-cmd --permanent --add-port=53/udp
+			$SUDO firewall-cmd --reload
+		fi
+	elif [ -x "$(command -v iptables)" ]; then
+		$SUDO echo "::: Configuring iptables for httpd and dnsmasq.."
+		$SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+		$SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
+		$SUDO iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
+	else
+		$SUDO echo "::: No firewall detected.. skipping firewall configuration."
+	fi
+}
+
 installPihole() {
 	# Install base files and web interface
 	checkForDependencies # done
@@ -686,18 +802,55 @@ installPihole() {
 	if [ ! -d "/var/www/html" ]; then
 		$SUDO mkdir -p /var/www/html
 	fi
-	$SUDO chown www-data:www-data /var/www/html
+	$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/www/html
 	$SUDO chmod 775 /var/www/html
-	$SUDO usermod -a -G www-data pihole
-	$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null
+	$SUDO usermod -a -G $LIGHTTPD_GROUP pihole
+	if [ -x "$(command -v lighty-enable-mod)" ]; then
+		$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null
+	else
+		printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n"
+	fi
 
 	getGitFiles
 	installScripts
 	installConfigs
 	CreateLogFile
+	configureSelinux
 	installPiholeWeb
 	installCron
 	runGravity
+	configureFirewall
+}
+
+configureSelinux() {
+	if [ -x "$(command -v getenforce)" ]; then
+		printf "\n::: SELinux Detected\n"
+		printf ":::\tChecking for SELinux policy development packages..."
+		package_check "selinux-policy-devel" > /dev/null
+		if ! [ $? -eq 0 ]; then
+			echo -n " Not found! Installing...."
+			$SUDO $PKG_INSTALL "selinux-policy-devel" > /dev/null & spinner $!
+			echo " done!"
+		else
+			echo " already installed!"
+		fi
+		printf "::: Enabling httpd server side includes (SSI).. "
+		$SUDO setsebool -P httpd_ssi_exec on
+		if [ $? -eq 0 ]; then
+			echo -n "Success\n"
+		fi
+		printf ":::\tCompiling Pi-Hole SELinux policy..\n"
+		$SUDO checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
+		$SUDO semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
+		$SUDO semodule -i /etc/pihole/pihole.pp
+		$SUDO rm -f /etc/pihole/pihole.mod
+		$SUDO semodule -l | grep pihole > /dev/null
+		if [ $? -eq 0 ]; then
+			printf "::: Successfully installed Pi-Hole SELinux policy\n"
+		else
+			printf "::: Warning: Pi-Hole SELinux policy did not install correctly!\n"
+		fi
+	fi
 }
 
 displayFinalMessage() {
@@ -716,6 +869,10 @@ View the web interface at http://pi.hole/admin or http://${IPv4addr%/*}/admin" $
 ######## SCRIPT ############
 # Start the installer
 $SUDO mkdir -p /etc/pihole/
+
+# Install packages used by this installation script
+installerDependencies
+
 welcomeDialogs
 
 # Verify there is enough disk space for the install
@@ -723,6 +880,8 @@ verifyFreeDiskSpace
 
 # Just back up the original Pi-hole right away since it won't take long and it gets it out of the way
 backupLegacyPihole
+# Find IP used to route to outside world
+findIPRoute
 # Find interfaces and let the user choose one
 chooseInterface
 # Let the user decide if they want to block ads over IPv4 and/or IPv6
@@ -741,8 +900,16 @@ displayFinalMessage
 
 echo -n "::: Restarting services..."
 # Start services
-$SUDO service dnsmasq restart
-$SUDO service lighttpd start
+if [ -x "$(command -v systemctl)" ]; then
+	$SUDO systemctl enable dnsmasq
+	$SUDO systemctl restart dnsmasq
+	$SUDO systemctl enable lighttpd
+	$SUDO systemctl start lighttpd
+else
+	$SUDO service dnsmasq restart
+	$SUDO service lighttpd start
+fi
+
 echo " done."
 
 echo ":::"

automated install/uninstall.sh

@@ -17,7 +17,7 @@ else
 	echo "::: Sudo will be used for the uninstall."
   # Check if it is actually installed
   # If it isn't, exit because the unnstall cannot complete
-  if [[ $(dpkg-query -s sudo) ]];then
+  if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
   else
     echo "::: Please install sudo or run this as root."
@@ -25,6 +25,39 @@ else
   fi
 fi
 
+# Compatability
+if [ -x "$(command -v rpm)" ];then
+	# Fedora Family
+	if [ -x "$(command -v dnf)" ];then
+		PKG_MANAGER="dnf"
+	else
+		PKG_MANAGER="yum"
+	fi
+	PKG_REMOVE="$PKG_MANAGER remove -y"
+	PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common git curl unzip wget findutils )
+	package_check() {
+		rpm -qa | grep ^$1- > /dev/null
+	}
+	package_cleanup() {
+		$SUDO $PKG_MANAGER -y autoremove
+	}
+elif [ -x "$(command -v apt-get)" ];then
+	# Debian Family
+	PKG_MANAGER="apt-get"
+	PKG_REMOVE="$PKG_MANAGER -y remove --purge"
+	PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget )
+	package_check() {
+		dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
+	}
+	package_cleanup() {
+		$SUDO $PKG_MANAGER -y autoremove
+		$SUDO $PKG_MANAGER -y autoclean
+	}
+else
+	echo "OS distribution not supported"
+	exit
+fi
+
 spinner()
 {
     local pid=$1
@@ -43,14 +76,13 @@ spinner()
 function removeAndPurge {
 	# Purge dependencies
 echo ":::"
-	# Nate 3/28/2016 - Removed `php5-cgi` and `php5` as they are removed with php5-common
-	dependencies=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget )
-	for i in "${dependencies[@]}"; do
-		if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then
+	for i in "${PIHOLE_DEPS[@]}"; do
+		package_check $i > /dev/null
+		if [ $? -eq 0 ]; then
 			while true; do
 				read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn
 				case $yn in
-					[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; break;;
+					[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO $PKG_REMOVE "$i" &> /dev/null & spinner $!; printf "done!\n"; break;;
 					[Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;;
 					* ) printf "::: You must answer yes or no!\n";;
 				esac
@@ -65,10 +97,8 @@ echo ":::"
 	$SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null
 
 	# Take care of any additional package cleaning
-	printf "::: Auto removing remaining dependencies..."
-	$SUDO apt-get -y autoremove &> /dev/null & spinner $!; printf "done!\n";
-	printf "::: Auto cleaning remaining dependencies..."
-	$SUDO apt-get -y autoclean &> /dev/null & spinner $!; printf "done!\n";
+	printf "::: Auto removing & cleaning remaining dependencies..."
+	package_cleanup &> /dev/null & spinner $!; printf "done!\n";
 
 	# Call removeNoPurge to remove PiHole specific files
 	removeNoPurge
@@ -107,7 +137,8 @@ function removeNoPurge {
 	fi
 
 	echo "::: Removing config files and scripts..."
-	if [ ! "$(dpkg-query -W --showformat='${Status}\n' lighttpd 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then
+	package_check $i > /dev/null
+	if [ $? -eq 1 ]; then
 		$SUDO rm -rf /etc/lighttpd/ &> /dev/null
 	else
 		if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then
@@ -143,5 +174,3 @@ while true; do
 		[Nn]* ) removeNoPurge; break;;
 	esac
 done
-
-

gravity.sh

@@ -19,7 +19,7 @@ else
 	echo "::: sudo will be used."
 	# Check if it is actually installed
 	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
+	if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
 	else
 		echo "::: Please install sudo or run this script as root."
@@ -152,7 +152,7 @@ function gravity_transport() {
 	fi
 
 	# Silently curl url
-	curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer
+	curl -s -L $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer
 	# Check for list updates
 	gravity_patternCheck "$patternBuffer"
 	# Cleanup
@@ -181,7 +181,7 @@ function gravity_spinup() {
         # to complete properly and reset the user agent when required
         case "$domain" in
             "adblock.mahakala.is")
-                agent='Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0'
+                agent='Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36'
                 cmd_ext="-e http://forum.xda-developers.com/"
             ;;
 

pihole

@@ -17,7 +17,7 @@ if [[ ! $EUID -eq 0 ]];then
 	#echo "::: Sudo will be used for this tool."
   # Check if it is actually installed
   # If it isn't, exit because the pihole cannot be invoked without privileges.
-  if [[ $(dpkg-query -s sudo) ]];then
+  if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
   else
     echo "::: Please install sudo or run this as root."