From 42afaa9f66668de4900997b1393e98bed0635bad Mon Sep 17 00:00:00 2001 From: bcambl Date: Mon, 25 Apr 2016 17:31:00 -0600 Subject: [PATCH 01/49] remove dpkg-query dependency from sudo check --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 699f68ee..3cff09a6 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -55,7 +55,7 @@ else echo "::: sudo will be used for the install." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: sudo is needed for the Web interface to run pihole commands. Please run this script as root and it will be automatically installed." From 063e3e85e16620bf15c48f4cd25a0953bb472af5 Mon Sep 17 00:00:00 2001 From: bcambl Date: Mon, 25 Apr 2016 22:51:00 -0600 Subject: [PATCH 02/49] Fedora compatibility variables and dependencies --- automated install/basic-install.sh | 58 ++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 3cff09a6..edc9ee74 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -63,6 +63,35 @@ else fi fi +# Compatability +if [ -x "$(command -v rpm)" ];then + # Fedora Family + if [ -x "$(command -v dnf)" ];then + PKG_MANAGER="dnf" + else + PKG_MANAGER="yum" + fi + PKG_CACHE="/var/cache/$PKG_MANAGER" + PKG_UPDATE="$PKG_MANAGER update -y" + PKG_INSTALL="$PKG_MANAGER install -y" + PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget ) + package_check() { + rpm -qa | grep ^$1- > /dev/null + } +elif [ -x "$(command -v apt-get)" ];then + # Debian Family + PKG_MANAGER="apt-get" + PKG_CACHE="/var/cache/apt" + PKG_UPDATE="apt-get -qq update" + PKG_INSTALL="apt-get -y -qq install" + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) + package_check() { + dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" + } +else + echo "OS distribution not supported" + exit +fi ####### FUNCTIONS ########## spinner() @@ -521,16 +550,15 @@ checkForDependencies() { # if so, advise the user to run apt-get update/upgrade at their own discretion #Check to see if apt-get update has already been run today # it needs to have been run at least once on new installs! - - timestamp=$(stat -c %Y /var/cache/apt/) + timestamp=$(stat -c %Y $PKG_CACHE) timestampAsDate=$(date -d @"$timestamp" "+%b %e") today=$(date "+%b %e") if [ ! "$today" == "$timestampAsDate" ]; then #update package lists echo ":::" - echo -n "::: apt-get update has not been run today. Running now..." - $SUDO apt-get -qq update & spinner $! + echo -n "::: $PKG_MANAGER update has not been run today. Running now..." + $SUDO $PKG_UPDATE & spinner $! echo " done!" fi echo ":::" @@ -548,17 +576,17 @@ checkForDependencies() { echo ":::" echo "::: Checking dependencies:" - dependencies=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo) - for i in "${dependencies[@]}"; do - echo -n "::: Checking for $i..." - if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then - echo -n " Not found! Installing...." - $SUDO apt-get -y -qq install "$i" > /dev/null & spinner $! - echo " done!" - else - echo " already installed!" - fi - done + for i in "${PIHOLE_DEPS[@]}"; do + echo -n "::: Checking for $i..." + package_check $i > /dev/null + if ! [ $? -eq 0 ]; then + echo -n " Not found! Installing...." + $SUDO $PKG_INSTALL "$i" > /dev/null & spinner $! + echo " done!" + else + echo " already installed!" + fi + done } getGitFiles() { From 37dda79db28b85210e82b27ff47883c38a703753 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 30 Apr 2016 18:11:37 -0600 Subject: [PATCH 03/49] install dependencies for install script --- automated install/basic-install.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index edc9ee74..60482f8a 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -72,8 +72,9 @@ if [ -x "$(command -v rpm)" ];then PKG_MANAGER="yum" fi PKG_CACHE="/var/cache/$PKG_MANAGER" - PKG_UPDATE="$PKG_MANAGER update -y" + PKG_UPDATE="$PKG_MANAGER check-update -q" PKG_INSTALL="$PKG_MANAGER install -y" + INSTALLER_DEPS=( iproute procps-ng newt ) PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget ) package_check() { rpm -qa | grep ^$1- > /dev/null @@ -84,6 +85,7 @@ elif [ -x "$(command -v apt-get)" ];then PKG_CACHE="/var/cache/apt" PKG_UPDATE="apt-get -qq update" PKG_INSTALL="apt-get -y -qq install" + INSTALLER_DEPS=( apt-utils whiptail ) PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) package_check() { dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" @@ -93,6 +95,20 @@ else exit fi +echo "::: Checking installer dependencies..." +for i in "${INSTALLER_DEPS[@]}"; do + echo -n "::: Checking for $i..." + package_check $i > /dev/null + if ! [ $? -eq 0 ]; then + $SUDO $PKG_UPDATE + echo -n " Not found! Installing...." + $SUDO $PKG_INSTALL "$i" > /dev/null + echo " done!" + else + echo " already installed!" + fi +done + ####### FUNCTIONS ########## spinner() { From 29d48bbd9a5c015c20b4c7dd12a933824e38a2be Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 30 Apr 2016 20:27:38 -0600 Subject: [PATCH 04/49] move IP/route discovery to a function Defer use of 'ip' utility until after install script dependencies have been satisfied. --- automated install/basic-install.sh | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 60482f8a..dd916191 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -36,16 +36,6 @@ columns=$(tput cols) r=$(( rows / 2 )) c=$(( columns / 2 )) - -# Find IP used to route to outside world - -IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') -IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}') -IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}') - -availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1) -dhcpcdFile=/etc/dhcpcd.conf - ######## FIRST CHECK ######## # Must be root to install echo ":::" @@ -75,7 +65,7 @@ if [ -x "$(command -v rpm)" ];then PKG_UPDATE="$PKG_MANAGER check-update -q" PKG_INSTALL="$PKG_MANAGER install -y" INSTALLER_DEPS=( iproute procps-ng newt ) - PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget ) + PIHOLE_DEPS=( dhcpcd bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget ) package_check() { rpm -qa | grep ^$1- > /dev/null } @@ -125,6 +115,15 @@ spinner() printf " \b\b\b\b" } +findIPRoute() { + # Find IP used to route to outside world + IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') + IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}') + IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}') + availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1) + dhcpcdFile=/etc/dhcpcd.conf +} + backupLegacyPihole() { # This function detects and backups the pi-hole v1 files. It will not do anything to the current version files. if [[ -f /etc/dnsmasq.d/adList.conf ]];then @@ -767,6 +766,8 @@ verifyFreeDiskSpace # Just back up the original Pi-hole right away since it won't take long and it gets it out of the way backupLegacyPihole +# Find IP used to route to outside world +findIPRoute # Find interfaces and let the user choose one chooseInterface # Let the user decide if they want to block ads over IPv4 and/or IPv6 From ffaf243160c8c4abf808a3c722b412343ae69811 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 00:27:46 -0600 Subject: [PATCH 05/49] split dependency installations into two separate functions - installerDependencies: - updates the package manager list/cache - installs dependencies for install script - checkForDependencies: - install dependencies for Pi-Hole --- automated install/basic-install.sh | 58 +++++++++++++++++------------- 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index dd916191..28ebd4f3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -62,8 +62,10 @@ if [ -x "$(command -v rpm)" ];then PKG_MANAGER="yum" fi PKG_CACHE="/var/cache/$PKG_MANAGER" - PKG_UPDATE="$PKG_MANAGER check-update -q" + UPDATE_PKG_CACHE="$PKG_MANAGER check-update -q" + PKG_UPDATE="$PKG_MANAGER update -y" PKG_INSTALL="$PKG_MANAGER install -y" + PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute procps-ng newt ) PIHOLE_DEPS=( dhcpcd bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget ) package_check() { @@ -73,10 +75,12 @@ elif [ -x "$(command -v apt-get)" ];then # Debian Family PKG_MANAGER="apt-get" PKG_CACHE="/var/cache/apt" - PKG_UPDATE="apt-get -qq update" + UPDATE_PKG_CACHE="apt-get -qq update" + PKG_UPDATE="$PKG_MANAGER upgrade" PKG_INSTALL="apt-get -y -qq install" + PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" INSTALLER_DEPS=( apt-utils whiptail ) - PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) + PIHOLE_DEPS=( dhcpcd dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) package_check() { dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" } @@ -85,20 +89,6 @@ else exit fi -echo "::: Checking installer dependencies..." -for i in "${INSTALLER_DEPS[@]}"; do - echo -n "::: Checking for $i..." - package_check $i > /dev/null - if ! [ $? -eq 0 ]; then - $SUDO $PKG_UPDATE - echo -n " Not found! Installing...." - $SUDO $PKG_INSTALL "$i" > /dev/null - echo " done!" - else - echo " already installed!" - fi -done - ####### FUNCTIONS ########## spinner() { @@ -558,7 +548,7 @@ stopServices() { $SUDO echo " done." } -checkForDependencies() { +installerDependencies() { #Running apt-get update/upgrade with minimal output can cause some issues with #requiring user input (e.g password for phpmyadmin see #218) #We'll change the logic up here, to check to see if there are any updates availible and @@ -573,23 +563,39 @@ checkForDependencies() { #update package lists echo ":::" echo -n "::: $PKG_MANAGER update has not been run today. Running now..." - $SUDO $PKG_UPDATE & spinner $! + $SUDO $UPDATE_PKG_CACHE > /dev/null 2>&1 echo " done!" fi echo ":::" - echo -n "::: Checking apt-get for upgraded packages...." - updatesToInstall=$($SUDO apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst) - echo " done!" + echo -n "::: Checking $PKG_MANAGER for upgraded packages...." + updatesToInstall=$(eval "$SUDO $PKG_COUNT") + echo " done!" echo ":::" if [[ $updatesToInstall -eq "0" ]]; then echo "::: Your pi is up to date! Continuing with pi-hole installation..." else echo "::: There are $updatesToInstall updates availible for your pi!" - echo "::: We recommend you run 'sudo apt-get upgrade' after installing Pi-Hole! " + echo "::: We recommend you run '$PKG_UPDATE' after installing Pi-Hole! " echo ":::" fi echo ":::" - echo "::: Checking dependencies:" + echo "::: Checking installer dependencies..." + for i in "${INSTALLER_DEPS[@]}"; do + echo -n "::: Checking for $i..." + package_check $i > /dev/null + if ! [ $? -eq 0 ]; then + echo -n " Not found! Installing...." + $SUDO $PKG_INSTALL "$i" > /dev/null 2>&1 + echo " done!" + else + echo " already installed!" + fi + done +} + +checkForDependencies() { + # Install dependencies for Pi-Hole + echo "::: Checking Pi-Hole dependencies:" for i in "${PIHOLE_DEPS[@]}"; do echo -n "::: Checking for $i..." @@ -759,6 +765,10 @@ View the web interface at http://pi.hole/admin or http://${IPv4addr%/*}/admin" $ ######## SCRIPT ############ # Start the installer $SUDO mkdir -p /etc/pihole/ + +# Install packages used by this installation script +installerDependencies + welcomeDialogs # Verify there is enough disk space for the install From f4228b04f8ef450d96c67a97315ad0a262d2a917 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 00:45:21 -0600 Subject: [PATCH 06/49] additional fedora dependancies based on current fedora (23 at this moment) docker image --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 28ebd4f3..cd16ca5c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -67,7 +67,7 @@ if [ -x "$(command -v rpm)" ];then PKG_INSTALL="$PKG_MANAGER install -y" PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute procps-ng newt ) - PIHOLE_DEPS=( dhcpcd bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget ) + PIHOLE_DEPS=( dhcpcd bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget findutils cronie ) package_check() { rpm -qa | grep ^$1- > /dev/null } From 7af0029175c03814de5466cccce04da2bd5fa603 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 08:45:41 -0600 Subject: [PATCH 07/49] check for systemctl for systemd service management --- automated install/basic-install.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index cd16ca5c..a346edd4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -544,7 +544,11 @@ stopServices() { $SUDO echo ":::" $SUDO echo -n "::: Stopping services..." #$SUDO service dnsmasq stop & spinner $! || true - $SUDO service lighttpd stop & spinner $! || true + if [ -x "$(command -v systemctl)" ]; then + $SUDO systemctl stop lighttpd & spinner $! || true + else + $SUDO service lighttpd stop & spinner $! || true + fi $SUDO echo " done." } @@ -796,8 +800,15 @@ displayFinalMessage echo -n "::: Restarting services..." # Start services -$SUDO service dnsmasq restart -$SUDO service lighttpd start + +if [ -x "$(command -v systemctl)" ]; then + $SUDO systemctl restart dnsmasq + $SUDO systemctl start lighttpd +else + $SUDO service dnsmasq restart + $SUDO service lighttpd start +fi + echo " done." echo ":::" From 94f131a0b76ef756726a5c787002b321fc9b7144 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 10:52:46 -0600 Subject: [PATCH 08/49] update deps and package manager variables --- automated install/basic-install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a346edd4..40116ca2 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -66,8 +66,8 @@ if [ -x "$(command -v rpm)" ];then PKG_UPDATE="$PKG_MANAGER update -y" PKG_INSTALL="$PKG_MANAGER install -y" PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" - INSTALLER_DEPS=( iproute procps-ng newt ) - PIHOLE_DEPS=( dhcpcd bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget findutils cronie ) + INSTALLER_DEPS=( iproute procps-ng newt dhcpcd ) + PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget findutils cronie ) package_check() { rpm -qa | grep ^$1- > /dev/null } @@ -75,9 +75,9 @@ elif [ -x "$(command -v apt-get)" ];then # Debian Family PKG_MANAGER="apt-get" PKG_CACHE="/var/cache/apt" - UPDATE_PKG_CACHE="apt-get -qq update" + UPDATE_PKG_CACHE="$PKG_MANAGER -qq update" PKG_UPDATE="$PKG_MANAGER upgrade" - PKG_INSTALL="apt-get -y -qq install" + PKG_INSTALL="$PKG_MANAGER -y -qq install" PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" INSTALLER_DEPS=( apt-utils whiptail ) PIHOLE_DEPS=( dhcpcd dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) From d67957d015657a6328cefc418650c8370ba0f85c Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 14:22:51 -0600 Subject: [PATCH 09/49] add fedora lighttpd.conf template --- advanced/lighttpd.conf.fedora | 77 +++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 advanced/lighttpd.conf.fedora diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora new file mode 100644 index 00000000..7d38f95b --- /dev/null +++ b/advanced/lighttpd.conf.fedora @@ -0,0 +1,77 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2015, 2016 by Jacob Salmela +# Network-wide ad blocking via your Raspberry Pi +# http://pi-hole.net +# lighttpd config for Pi-hole +# +# Pi-hole is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. + +server.modules = ( + "mod_access", + "mod_fastcgi", + "mod_accesslog", + "mod_expire", + "mod_compress", + "mod_redirect", + "mod_setenv", + "mod_rewrite" +) + +server.document-root = "/var/www/html" +server.error-handler-404 = "pihole/index.html" +server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/var/run/lighttpd.pid" +server.username = "lighttpd" +server.groupname = "lighttpd" +server.port = 80 +accesslog.filename = "/var/log/lighttpd/access.log" +accesslog.format = "%{%s}t|%V|%r|%s|%b" + + +index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) +url.access-deny = ( "~", ".inc" ) +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +compress.cache-dir = "/var/cache/lighttpd/compress/" +compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) + +mimetype.assign = ( ".png" => "image/png", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".html" => "text/html", + ".css" => "text/css; charset=utf-8", + ".js" => "application/javascript", + ".json" => "application/json", + ".txt" => "text/plain" ) + +# default listening port for IPv6 falls back to the IPv4 port +#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port +#include_shell "/usr/share/lighttpd/create-mime.assign.pl" +#include_shell "/usr/share/lighttpd/include-conf-enabled.pl" + +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/var/run/lighttpd/php-fastcgi.socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# If the URL starts with /admin, it is the Web interface +$HTTP["url"] =~ "^/admin/" { + # Create a response header for debugging using curl -I + setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" ) +} + +# If the URL does not start with /admin, then it is a query for an ad domain +$HTTP["url"] =~ "^(?!/admin)/.*" { + # Create a response header for debugging using curl -I + setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." ) + # rewrite only js requests + url.rewrite = ("(.*).js" => "pihole/index.js") +} From b3ec3b487c4d3dc87a21ce601c4b7bc827a6a7b1 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 14:26:43 -0600 Subject: [PATCH 10/49] add Fedora dependency: lighttpd-fastcgi --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 40116ca2..495eea5d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -67,7 +67,7 @@ if [ -x "$(command -v rpm)" ];then PKG_INSTALL="$PKG_MANAGER install -y" PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute procps-ng newt dhcpcd ) - PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd php-common php-cli php git curl unzip wget findutils cronie ) + PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie ) package_check() { rpm -qa | grep ^$1- > /dev/null } From 6f2117d786acaf51938718871f58826fe8e790b8 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 15:06:57 -0600 Subject: [PATCH 11/49] append '.debian' to lighttpd.conf for compatability --- advanced/{lighttpd.conf => lighttpd.conf.debian} | 6 +++--- automated install/basic-install.sh | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) rename advanced/{lighttpd.conf => lighttpd.conf.debian} (97%) diff --git a/advanced/lighttpd.conf b/advanced/lighttpd.conf.debian similarity index 97% rename from advanced/lighttpd.conf rename to advanced/lighttpd.conf.debian index f899350a..c6a9af69 100644 --- a/advanced/lighttpd.conf +++ b/advanced/lighttpd.conf.debian @@ -14,9 +14,9 @@ server.modules = ( "mod_accesslog", "mod_expire", "mod_compress", - "mod_redirect", - "mod_setenv", - "mod_rewrite" + "mod_redirect", + "mod_setenv", + "mod_rewrite" ) server.document-root = "/var/www/html" diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 495eea5d..ea186887 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -68,6 +68,7 @@ if [ -x "$(command -v rpm)" ];then PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute procps-ng newt dhcpcd ) PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie ) + LIGHTTPD_CFG="lighttpd.conf.fedora" package_check() { rpm -qa | grep ^$1- > /dev/null } @@ -81,6 +82,7 @@ elif [ -x "$(command -v apt-get)" ];then PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" INSTALLER_DEPS=( apt-utils whiptail ) PIHOLE_DEPS=( dhcpcd dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) + LIGHTTPD_CFG="lighttpd.conf.debian" package_check() { dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" } @@ -536,7 +538,7 @@ installConfigs() { $SUDO chown "$USER":root /etc/lighttpd $SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig fi - $SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf + $SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf } stopServices() { From 8198f06073de3e8d1cde6785191bce916664b989 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 17:23:33 -0600 Subject: [PATCH 12/49] ensure dnsmasq conf-dir is configured for /etc/dnsmasq.d --- automated install/basic-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ea186887..b226750c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -491,6 +491,7 @@ versionCheckDNSmasq(){ else $SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation fi + $SUDO sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' $dnsFile1 } installScripts() { From 62fa9c0f6e8b1ede103d74d4a108997e5fb24cdb Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 17:46:15 -0600 Subject: [PATCH 13/49] fixing whitespace --- advanced/lighttpd.conf.debian | 4 ++-- automated install/basic-install.sh | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index c6a9af69..8b62f448 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -15,8 +15,8 @@ server.modules = ( "mod_expire", "mod_compress", "mod_redirect", - "mod_setenv", - "mod_rewrite" + "mod_setenv", + "mod_rewrite" ) server.document-root = "/var/www/html" diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b226750c..53b8280f 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -577,15 +577,15 @@ installerDependencies() { echo -n "::: Checking $PKG_MANAGER for upgraded packages...." updatesToInstall=$(eval "$SUDO $PKG_COUNT") echo " done!" - echo ":::" - if [[ $updatesToInstall -eq "0" ]]; then + echo ":::" + if [[ $updatesToInstall -eq "0" ]]; then echo "::: Your pi is up to date! Continuing with pi-hole installation..." - else + else echo "::: There are $updatesToInstall updates availible for your pi!" echo "::: We recommend you run '$PKG_UPDATE' after installing Pi-Hole! " echo ":::" - fi - echo ":::" + fi + echo ":::" echo "::: Checking installer dependencies..." for i in "${INSTALLER_DEPS[@]}"; do echo -n "::: Checking for $i..." From c4234f4542593e1bf33dd6e642645fd101059135 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 1 May 2016 20:39:35 -0600 Subject: [PATCH 14/49] ensure ownership/existence of /var/cache/lighttpd/compress --- automated install/basic-install.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 53b8280f..31b7a3be 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -68,6 +68,7 @@ if [ -x "$(command -v rpm)" ];then PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute procps-ng newt dhcpcd ) PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie ) + LIGHTTPD_USER="lighttpd:lighttpd" LIGHTTPD_CFG="lighttpd.conf.fedora" package_check() { rpm -qa | grep ^$1- > /dev/null @@ -82,6 +83,7 @@ elif [ -x "$(command -v apt-get)" ];then PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" INSTALLER_DEPS=( apt-utils whiptail ) PIHOLE_DEPS=( dhcpcd dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) + LIGHTTPD_USER="www-data:www-data" LIGHTTPD_CFG="lighttpd.conf.debian" package_check() { dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" @@ -540,6 +542,8 @@ installConfigs() { $SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig fi $SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf + $SUDO mkdir -p /var/cache/lighttpd/compress + $SUDO chown $LIGHTTPD_USER /var/cache/lighttpd/compress } stopServices() { From c160b2e54b0f4f14e61832c1c69174d9772208cb Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 4 May 2016 02:01:38 -0400 Subject: [PATCH 15/49] fix lighttpd user/group variables --- automated install/basic-install.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 31b7a3be..21e03321 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -68,7 +68,8 @@ if [ -x "$(command -v rpm)" ];then PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute procps-ng newt dhcpcd ) PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie ) - LIGHTTPD_USER="lighttpd:lighttpd" + LIGHTTPD_USER="lighttpd" + LIGHTTPD_GROUP="lighttpd" LIGHTTPD_CFG="lighttpd.conf.fedora" package_check() { rpm -qa | grep ^$1- > /dev/null @@ -83,7 +84,8 @@ elif [ -x "$(command -v apt-get)" ];then PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" INSTALLER_DEPS=( apt-utils whiptail ) PIHOLE_DEPS=( dhcpcd dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) - LIGHTTPD_USER="www-data:www-data" + LIGHTTPD_USER="www-data" + LIGHTTPD_GROUP="www-data" LIGHTTPD_CFG="lighttpd.conf.debian" package_check() { dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" @@ -543,7 +545,7 @@ installConfigs() { fi $SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf $SUDO mkdir -p /var/cache/lighttpd/compress - $SUDO chown $LIGHTTPD_USER /var/cache/lighttpd/compress + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/cache/lighttpd/compress } stopServices() { @@ -746,9 +748,9 @@ installPihole() { if [ ! -d "/var/www/html" ]; then $SUDO mkdir -p /var/www/html fi - $SUDO chown www-data:www-data /var/www/html + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/www/html $SUDO chmod 775 /var/www/html - $SUDO usermod -a -G www-data pihole + $SUDO usermod -a -G $LIGHTTPD_GROUP pihole $SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null getGitFiles From c74af2c21f46176f2796f59aca50ca61e3a97522 Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 4 May 2016 02:03:07 -0400 Subject: [PATCH 16/49] warn if lighty-enable-mod utility is not available Fastcgi can be enabled via lighttpd configuration. This step may not be required for all distributions. --- automated install/basic-install.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 21e03321..f128e470 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -751,7 +751,11 @@ installPihole() { $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/www/html $SUDO chmod 775 /var/www/html $SUDO usermod -a -G $LIGHTTPD_GROUP pihole - $SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null + if [ -x "$(command -v lighty-enable-mod)" ]; then + $SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null + else + printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n" + fi getGitFiles installScripts From b31931c907f960e1420c863bdb24182a7c15e9a5 Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 4 May 2016 00:24:19 -0600 Subject: [PATCH 17/49] add epel-release for CentOS support --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index f128e470..6a583892 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -67,7 +67,7 @@ if [ -x "$(command -v rpm)" ];then PKG_INSTALL="$PKG_MANAGER install -y" PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute procps-ng newt dhcpcd ) - PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie ) + PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie ) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" LIGHTTPD_CFG="lighttpd.conf.fedora" From 9c26bdd676c021d14e8cd555fe1b32b26dfaa4dc Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 4 May 2016 22:50:48 -0600 Subject: [PATCH 18/49] ensure fastcgi socket directory and permissions --- automated install/basic-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6a583892..6b6999d9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -544,6 +544,8 @@ installConfigs() { $SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig fi $SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf + $SUDO mkdir -p /var/run/lighttpd + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/run/lighttpd $SUDO mkdir -p /var/cache/lighttpd/compress $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/cache/lighttpd/compress } From 65638973eaa0b97f0a13fc605557d3df56672c58 Mon Sep 17 00:00:00 2001 From: bcambl Date: Thu, 5 May 2016 00:15:00 -0600 Subject: [PATCH 19/49] correct dhcpcd package name to dhcpcd5 move dhcpcd5 to installer dependencies --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6b6999d9..71186a5f 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -82,8 +82,8 @@ elif [ -x "$(command -v apt-get)" ];then PKG_UPDATE="$PKG_MANAGER upgrade" PKG_INSTALL="$PKG_MANAGER -y -qq install" PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" - INSTALLER_DEPS=( apt-utils whiptail ) - PIHOLE_DEPS=( dhcpcd dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) + INSTALLER_DEPS=( apt-utils whiptail dhcpcd5) + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) LIGHTTPD_USER="www-data" LIGHTTPD_GROUP="www-data" LIGHTTPD_CFG="lighttpd.conf.debian" From 04e375a52324ff446d0397abe402f719d88f8572 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 14 May 2016 16:29:56 -0600 Subject: [PATCH 20/49] enable lighttpd and dnsmasq via systemd --- automated install/basic-install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 71186a5f..347b29f0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -815,9 +815,10 @@ displayFinalMessage echo -n "::: Restarting services..." # Start services - if [ -x "$(command -v systemctl)" ]; then + $SUDO systemctl enable dnsmasq $SUDO systemctl restart dnsmasq + $SUDO systemctl enable lighttpd $SUDO systemctl start lighttpd else $SUDO service dnsmasq restart From 66724826f5800169513d315922a92833fdb5e03d Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 14 May 2016 16:35:40 -0600 Subject: [PATCH 21/49] moved php-fastcgi.socket to /tmp on Fedora fastcgi is spawned by lighttpd (lighttpd user). /var/run is owned by root, so we will put the socket in /tmp --- advanced/lighttpd.conf.fedora | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 7d38f95b..30784b1a 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -56,7 +56,7 @@ mimetype.assign = ( ".png" => "image/png", fastcgi.server = ( ".php" => ( "localhost" => ( - "socket" => "/var/run/lighttpd/php-fastcgi.socket", + "socket" => "/tmp/php-fastcgi.socket", "bin-path" => "/usr/bin/php-cgi" ) ) From e6634531c743f8698604f96f7eff6682b609523b Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 14 May 2016 17:05:40 -0600 Subject: [PATCH 22/49] basic firewalld/iptables configuration --- automated install/basic-install.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 347b29f0..98668a3d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -741,6 +741,22 @@ setUser(){ fi } +configureFirewall() { + # Allow HTTP and DNS traffic + if [ -x "$(command -v firewall-cmd)" ]; then + $SUDO echo "::: Configuring firewalld for httpd and dnsmasq.." + $SUDO firewall-cmd --zone=public --permanent --add-service=http + $SUDO firewall-cmd --zone=public --permanent --add-service=dns + $SUDO firewall-cmd --reload + elif [ -x "$(command -v iptables)" ]; then + $SUDO echo "::: Configuring iptables for httpd and dnsmasq.." + $SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT + $SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT + else + $SUDO echo "::: No firewall detected.. skipping firewall configuration." + fi +} + installPihole() { # Install base files and web interface checkForDependencies # done @@ -766,6 +782,7 @@ installPihole() { installPiholeWeb installCron runGravity + configureFirewall } displayFinalMessage() { From 4fc40d96d90ce2b96ecc36e5224b7277b13414ce Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 14 May 2016 19:51:05 -0600 Subject: [PATCH 23/49] ensure firewalld is running before configuration --- automated install/basic-install.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 98668a3d..d47a5fe5 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -744,10 +744,13 @@ setUser(){ configureFirewall() { # Allow HTTP and DNS traffic if [ -x "$(command -v firewall-cmd)" ]; then - $SUDO echo "::: Configuring firewalld for httpd and dnsmasq.." - $SUDO firewall-cmd --zone=public --permanent --add-service=http - $SUDO firewall-cmd --zone=public --permanent --add-service=dns - $SUDO firewall-cmd --reload + $SUDO firewall-cmd --state > /dev/null + if [[ $? -eq 0 ]]; then + $SUDO echo "::: Configuring firewalld for httpd and dnsmasq.." + $SUDO firewall-cmd --zone=public --permanent --add-service=http + $SUDO firewall-cmd --zone=public --permanent --add-service=dns + $SUDO firewall-cmd --reload + fi elif [ -x "$(command -v iptables)" ]; then $SUDO echo "::: Configuring iptables for httpd and dnsmasq.." $SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT From 376eb81181c2f0e101e19962115e410356580c9d Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 5 Jun 2016 14:43:18 -0600 Subject: [PATCH 24/49] SELinux Support --- advanced/selinux/pihole.te | 87 ++++++++++++++++++++++++++++++ automated install/basic-install.sh | 29 ++++++++++ 2 files changed, 116 insertions(+) create mode 100644 advanced/selinux/pihole.te diff --git a/advanced/selinux/pihole.te b/advanced/selinux/pihole.te new file mode 100644 index 00000000..595755dd --- /dev/null +++ b/advanced/selinux/pihole.te @@ -0,0 +1,87 @@ +module pihole 1.0; + +require { + type var_log_t; + type unconfined_t; + type init_t; + type auditd_t; + type syslogd_t; + type NetworkManager_t; + type mdadm_t; + type tuned_t; + type avahi_t; + type irqbalance_t; + type system_dbusd_t; + type kernel_t; + type httpd_sys_script_t; + type systemd_logind_t; + type httpd_t; + type policykit_t; + type dnsmasq_t; + type udev_t; + type postfix_pickup_t; + type sshd_t; + type crond_t; + type getty_t; + type lvm_t; + type postfix_qmgr_t; + type postfix_master_t; + class dir { getattr search }; + class file { read open setattr }; +} + +#============= dnsmasq_t ============== +allow dnsmasq_t var_log_t:file { open setattr }; + +#============= httpd_t ============== +allow httpd_t var_log_t:file { read open }; + +#============= httpd_sys_script_t (class: dir) ============== +allow httpd_sys_script_t NetworkManager_t:dir { getattr search }; +allow httpd_sys_script_t auditd_t:dir { getattr search }; +allow httpd_sys_script_t avahi_t:dir { getattr search }; +allow httpd_sys_script_t crond_t:dir { getattr search }; +allow httpd_sys_script_t dnsmasq_t:dir { getattr search }; +allow httpd_sys_script_t getty_t:dir { getattr search }; +allow httpd_sys_script_t httpd_t:dir { getattr search }; +allow httpd_sys_script_t init_t:dir { getattr search }; +allow httpd_sys_script_t irqbalance_t:dir { getattr search }; +allow httpd_sys_script_t kernel_t:dir { getattr search }; +allow httpd_sys_script_t lvm_t:dir { getattr search }; +allow httpd_sys_script_t mdadm_t:dir { getattr search }; +allow httpd_sys_script_t policykit_t:dir { getattr search }; +allow httpd_sys_script_t postfix_master_t:dir { getattr search }; +allow httpd_sys_script_t postfix_pickup_t:dir { getattr search }; +allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search }; +allow httpd_sys_script_t sshd_t:dir { getattr search }; +allow httpd_sys_script_t syslogd_t:dir { getattr search }; +allow httpd_sys_script_t system_dbusd_t:dir { getattr search }; +allow httpd_sys_script_t systemd_logind_t:dir { getattr search }; +allow httpd_sys_script_t tuned_t:dir { getattr search }; +allow httpd_sys_script_t udev_t:dir { getattr search }; +allow httpd_sys_script_t unconfined_t:dir { getattr search }; + +#============= httpd_sys_script_t (class: file) ============== +allow httpd_sys_script_t NetworkManager_t:file { read open }; +allow httpd_sys_script_t auditd_t:file { read open }; +allow httpd_sys_script_t avahi_t:file { read open }; +allow httpd_sys_script_t crond_t:file { read open }; +allow httpd_sys_script_t dnsmasq_t:file { read open }; +allow httpd_sys_script_t getty_t:file { read open }; +allow httpd_sys_script_t httpd_t:file { read open }; +allow httpd_sys_script_t init_t:file { read open }; +allow httpd_sys_script_t irqbalance_t:file { read open }; +allow httpd_sys_script_t kernel_t:file { read open }; +allow httpd_sys_script_t lvm_t:file { read open }; +allow httpd_sys_script_t mdadm_t:file { read open }; +allow httpd_sys_script_t policykit_t:file { read open }; +allow httpd_sys_script_t postfix_master_t:file { read open }; +allow httpd_sys_script_t postfix_pickup_t:file { read open }; +allow httpd_sys_script_t postfix_qmgr_t:file { read open }; +allow httpd_sys_script_t sshd_t:file { read open }; +allow httpd_sys_script_t syslogd_t:file { read open }; +allow httpd_sys_script_t system_dbusd_t:file { read open }; +allow httpd_sys_script_t systemd_logind_t:file { read open }; +allow httpd_sys_script_t tuned_t:file { read open }; +allow httpd_sys_script_t udev_t:file { read open }; +allow httpd_sys_script_t unconfined_t:file { read open }; diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d47a5fe5..1006bd10 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -788,6 +788,32 @@ installPihole() { configureFirewall } +configureSelinux() { + if [ -x "$(command -v getenforce)" ]; then + printf "\n::: SELinux Detected\n" + printf ":::\tChecking for SELinux policy development packages..." + package_check "selinux-policy-devel" > /dev/null + if ! [ $? -eq 0 ]; then + echo -n " Not found! Installing...." + $SUDO $PKG_INSTALL "selinux-policy-devel" > /dev/null & spinner $! + echo " done!" + else + echo " already installed!" + fi + printf ":::\tCompiling Pi-Hole SELinux policy..\n" + $SUDO checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te + $SUDO semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod + $SUDO semodule -i /etc/pihole/pihole.pp + $SUDO rm -f /etc/pihole/pihole.mod + $SUDO semodule -l | grep pihole > /dev/null + if [ $? -eq 0 ]; then + printf "::: Successfully installed Pi-Hole SELinux policy\n" + else + printf "::: Warning: Pi-Hole SELinux policy did not install correctly!\n" + fi + fi +} + displayFinalMessage() { # Final completion message to user whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using: @@ -831,6 +857,9 @@ installPihole | tee $tmpLog # Move the log file into /etc/pihole for storage $SUDO mv $tmpLog $instalLogLoc +# Configure SELinux (if applicable) +configureSelinux + displayFinalMessage echo -n "::: Restarting services..." From 682113892a40cb99d108166b78e7aabcbace38a0 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sun, 5 Jun 2016 15:24:33 -0600 Subject: [PATCH 25/49] enable SELinux boolean for httpd server side includes (SSI) --- automated install/basic-install.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 1006bd10..6f837df0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -800,6 +800,11 @@ configureSelinux() { else echo " already installed!" fi + printf "::: Enabling httpd server side includes (SSI).. " + $SUDO setsebool -P httpd_ssi_exec on + if [ $? -eq 0 ]; then + echo -n "Success\n" + fi printf ":::\tCompiling Pi-Hole SELinux policy..\n" $SUDO checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te $SUDO semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod From 5e27ccc37c7ee6705385db48fb3efb6df5d916ff Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 8 Jun 2016 00:00:20 -0600 Subject: [PATCH 26/49] firewalld: specify ports and use default zone --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6f837df0..5096c8e7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -747,8 +747,8 @@ configureFirewall() { $SUDO firewall-cmd --state > /dev/null if [[ $? -eq 0 ]]; then $SUDO echo "::: Configuring firewalld for httpd and dnsmasq.." - $SUDO firewall-cmd --zone=public --permanent --add-service=http - $SUDO firewall-cmd --zone=public --permanent --add-service=dns + $SUDO firewall-cmd --permanent --add-port=80/tcp + $SUDO firewall-cmd --permanent --add-port=53/tcp $SUDO firewall-cmd --reload fi elif [ -x "$(command -v iptables)" ]; then From 97737ee9e37a90f4d91237849e10701bc02a36b5 Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 8 Jun 2016 12:21:35 -0600 Subject: [PATCH 27/49] move SELinux config to installPihole() for logging --- automated install/basic-install.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 5096c8e7..922f3d77 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -786,6 +786,7 @@ installPihole() { installCron runGravity configureFirewall + configureSelinux } configureSelinux() { @@ -862,9 +863,6 @@ installPihole | tee $tmpLog # Move the log file into /etc/pihole for storage $SUDO mv $tmpLog $instalLogLoc -# Configure SELinux (if applicable) -configureSelinux - displayFinalMessage echo -n "::: Restarting services..." From d0b6ff2d083b075b8c78b3a8787f61e5cb2d4a9d Mon Sep 17 00:00:00 2001 From: bcambl Date: Wed, 8 Jun 2016 21:42:08 -0600 Subject: [PATCH 28/49] add udp port 53 to iptables/firewalld configuration --- automated install/basic-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 922f3d77..73a45365 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -749,12 +749,14 @@ configureFirewall() { $SUDO echo "::: Configuring firewalld for httpd and dnsmasq.." $SUDO firewall-cmd --permanent --add-port=80/tcp $SUDO firewall-cmd --permanent --add-port=53/tcp + $SUDO firewall-cmd --permanent --add-port=53/udp $SUDO firewall-cmd --reload fi elif [ -x "$(command -v iptables)" ]; then $SUDO echo "::: Configuring iptables for httpd and dnsmasq.." $SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT $SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT + $SUDO iptables -A INPUT -p tcp -m udp --dport 53 -j ACCEPT else $SUDO echo "::: No firewall detected.. skipping firewall configuration." fi From 27a964209031fc6211993f8de94452aecd4a4548 Mon Sep 17 00:00:00 2001 From: bcambl Date: Fri, 10 Jun 2016 12:30:43 -0600 Subject: [PATCH 29/49] check for sudo via 'command -v' instead of dkpg-query --- advanced/Scripts/blacklist.sh | 2 +- advanced/Scripts/piholeDebug.sh | 2 +- advanced/Scripts/setupLCD.sh | 2 +- advanced/Scripts/whitelist.sh | 2 +- automated install/uninstall.sh | 2 +- gravity.sh | 2 +- pihole | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/advanced/Scripts/blacklist.sh b/advanced/Scripts/blacklist.sh index 7e99f830..d83ca867 100755 --- a/advanced/Scripts/blacklist.sh +++ b/advanced/Scripts/blacklist.sh @@ -17,7 +17,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 263fe9cd..a5958bbd 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -36,7 +36,7 @@ if [[ $EUID -eq 0 ]]; then else echo "::: Sudo will be used for debugging." # Check if sudo is actually installed - if [[ $(dpkg-query -s sudo) ]]; then + if [ -x "$(command -v sudo)" ]; then export SUDO="sudo" else echo "::: Please install sudo or run this as root." diff --git a/advanced/Scripts/setupLCD.sh b/advanced/Scripts/setupLCD.sh index df2be704..03be4e0a 100755 --- a/advanced/Scripts/setupLCD.sh +++ b/advanced/Scripts/setupLCD.sh @@ -19,7 +19,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/advanced/Scripts/whitelist.sh b/advanced/Scripts/whitelist.sh index 37b4ade4..266ac49e 100755 --- a/advanced/Scripts/whitelist.sh +++ b/advanced/Scripts/whitelist.sh @@ -17,7 +17,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 83168d6a..749bf799 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -17,7 +17,7 @@ else echo "::: Sudo will be used for the uninstall." # Check if it is actually installed # If it isn't, exit because the unnstall cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this as root." diff --git a/gravity.sh b/gravity.sh index ce04e181..ff85fd21 100755 --- a/gravity.sh +++ b/gravity.sh @@ -19,7 +19,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/pihole b/pihole index 1c348b71..bbcb82d0 100755 --- a/pihole +++ b/pihole @@ -17,7 +17,7 @@ if [[ ! $EUID -eq 0 ]];then #echo "::: Sudo will be used for this tool." # Check if it is actually installed # If it isn't, exit because the pihole cannot be invoked without privileges. - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this as root." From 943f7c06b57efbdea85ce9b094d3084afbe68224 Mon Sep 17 00:00:00 2001 From: bcambl Date: Fri, 10 Jun 2016 18:01:13 -0600 Subject: [PATCH 30/49] uninstaller support for Fedora/CentOS --- automated install/uninstall.sh | 53 ++++++++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 12 deletions(-) diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 749bf799..5730c531 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -25,6 +25,39 @@ else fi fi +# Compatability +if [ -x "$(command -v rpm)" ];then + # Fedora Family + if [ -x "$(command -v dnf)" ];then + PKG_MANAGER="dnf" + else + PKG_MANAGER="yum" + fi + PKG_REMOVE="$PKG_MANAGER remove -y" + PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common git curl unzip wget findutils ) + package_check() { + rpm -qa | grep ^$1- > /dev/null + } + package_cleanup() { + $SUDO $PKG_MANAGER -y autoremove + } +elif [ -x "$(command -v apt-get)" ];then + # Debian Family + PKG_MANAGER="apt-get" + PKG_REMOVE="$PKG_MANAGER -y remove --purge" + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget ) + package_check() { + dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" + } + package_cleanup() { + $SUDO $PKG_MANAGER -y autoremove + $SUDO $PKG_MANAGER -y autoclean + } +else + echo "OS distribution not supported" + exit +fi + spinner() { local pid=$1 @@ -43,14 +76,13 @@ spinner() function removeAndPurge { # Purge dependencies echo ":::" - # Nate 3/28/2016 - Removed `php5-cgi` and `php5` as they are removed with php5-common - dependencies=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget ) - for i in "${dependencies[@]}"; do - if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then + for i in "${PIHOLE_DEPS[@]}"; do + package_check $i > /dev/null + if [ $? -eq 0 ]; then while true; do read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn case $yn in - [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; break;; + [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO $PKG_REMOVE "$i" &> /dev/null & spinner $!; printf "done!\n"; break;; [Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;; * ) printf "::: You must answer yes or no!\n";; esac @@ -65,10 +97,8 @@ echo ":::" $SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null # Take care of any additional package cleaning - printf "::: Auto removing remaining dependencies..." - $SUDO apt-get -y autoremove &> /dev/null & spinner $!; printf "done!\n"; - printf "::: Auto cleaning remaining dependencies..." - $SUDO apt-get -y autoclean &> /dev/null & spinner $!; printf "done!\n"; + printf "::: Auto removing & cleaning remaining dependencies..." + package_cleanup &> /dev/null & spinner $!; printf "done!\n"; # Call removeNoPurge to remove PiHole specific files removeNoPurge @@ -107,7 +137,8 @@ function removeNoPurge { fi echo "::: Removing config files and scripts..." - if [ ! "$(dpkg-query -W --showformat='${Status}\n' lighttpd 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then + package_check $i > /dev/null + if [ $? -eq 1 ]; then $SUDO rm -rf /etc/lighttpd/ &> /dev/null else if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then @@ -143,5 +174,3 @@ while true; do [Nn]* ) removeNoPurge; break;; esac done - - From afdf3ae7a1c5d45300e4662fb8b1127c0d65343f Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 11 Jun 2016 16:10:31 -0600 Subject: [PATCH 31/49] add sudo package to PIHOLE_DEPS --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 73a45365..b1141676 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -67,7 +67,7 @@ if [ -x "$(command -v rpm)" ];then PKG_INSTALL="$PKG_MANAGER install -y" PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute procps-ng newt dhcpcd ) - PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie ) + PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo ) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" LIGHTTPD_CFG="lighttpd.conf.fedora" @@ -83,7 +83,7 @@ elif [ -x "$(command -v apt-get)" ];then PKG_INSTALL="$PKG_MANAGER -y -qq install" PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" INSTALLER_DEPS=( apt-utils whiptail dhcpcd5) - PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget ) + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo ) LIGHTTPD_USER="www-data" LIGHTTPD_GROUP="www-data" LIGHTTPD_CFG="lighttpd.conf.debian" From 3d619d9ccce8423e08b2fe1dfe7bc79d7c0b0a67 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 11 Jun 2016 17:04:45 -0600 Subject: [PATCH 32/49] fix iptables udp rule fixes dmesg: ip_tables: udp match: only valid for protocol 17 --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b1141676..6a6acfae 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -756,7 +756,7 @@ configureFirewall() { $SUDO echo "::: Configuring iptables for httpd and dnsmasq.." $SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT $SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT - $SUDO iptables -A INPUT -p tcp -m udp --dport 53 -j ACCEPT + $SUDO iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT else $SUDO echo "::: No firewall detected.. skipping firewall configuration." fi From 5c79184d3b58a956f360315bf5d1c48700a1925f Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 11 Jun 2016 17:17:12 -0600 Subject: [PATCH 33/49] add ifconfig dependency for Fedora install --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6a6acfae..80e50b1d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -66,7 +66,7 @@ if [ -x "$(command -v rpm)" ];then PKG_UPDATE="$PKG_MANAGER update -y" PKG_INSTALL="$PKG_MANAGER install -y" PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" - INSTALLER_DEPS=( iproute procps-ng newt dhcpcd ) + INSTALLER_DEPS=( iproute net-tools procps-ng newt dhcpcd ) PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo ) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" From 0d9a8d70bf25112048d3b40ff9e8089900982beb Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 11 Jun 2016 17:28:57 -0600 Subject: [PATCH 34/49] configureSelinux prior to installPihole --- automated install/basic-install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 80e50b1d..a8a47bae 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -788,7 +788,6 @@ installPihole() { installCron runGravity configureFirewall - configureSelinux } configureSelinux() { @@ -859,6 +858,9 @@ use4andor6 # Decide what upstream DNS Servers to use setDNS +# Configure SELinux (if applicable) +configureSelinux + # Install and log everything to a file installPihole | tee $tmpLog From 3ba05d027413ba0a4bf215483ebf486767b02ba6 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 11 Jun 2016 22:08:18 -0600 Subject: [PATCH 35/49] configure static IP on Fedora via sysconfig script --- automated install/basic-install.sh | 55 +++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 12 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a8a47bae..ed7b57ba 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -66,7 +66,7 @@ if [ -x "$(command -v rpm)" ];then PKG_UPDATE="$PKG_MANAGER update -y" PKG_INSTALL="$PKG_MANAGER install -y" PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" - INSTALLER_DEPS=( iproute net-tools procps-ng newt dhcpcd ) + INSTALLER_DEPS=( iproute net-tools procps-ng newt ) PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo ) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" @@ -117,7 +117,6 @@ findIPRoute() { IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}') IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}') availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1) - dhcpcdFile=/etc/dhcpcd.conf } backupLegacyPihole() { @@ -328,20 +327,52 @@ setDHCPCD() { echo "::: interface $piholeInterface static ip_address=$IPv4addr static routers=$IPv4gw - static domain_name_servers=$IPv4gw" | $SUDO tee -a $dhcpcdFile >/dev/null + static domain_name_servers=$IPv4gw" | $SUDO tee -a /etc/dhcpcd.conf >/dev/null } setStaticIPv4() { - # Tries to set the IPv4 address - if grep -q "$IPv4addr" $dhcpcdFile; then - # address already set, noop - : + if [[ -f /etc/dhcpcd.conf ]];then + # Debian Family + if grep -q "$IPv4addr" /etc/dhcpcd.conf; then + echo "::: Static IP already configured" + else + setDHCPCD + $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" + echo ":::" + echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." + echo ":::" + fi + elif [[ -f /etc/sysconfig/network-scripts/ifcfg-$piholeInterface ]];then + # Fedora Family + IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$piholeInterface + if grep -q "$IPv4addr" $IFCFG_FILE; then + echo "::: Static IP already configured" + else + IPADDR=$(echo $IPv4addr | cut -f1 -d/) + CIDR=$(echo $IPv4addr | cut -f2 -d/) + # Backup existing interface configuration: + cp $IFCFG_FILE $IFCFG_FILE.backup-$(date +%Y-%m-%d-%H%M%S) + # Build Interface configuration file: + $SUDO echo "# Configured via Pi-Hole installer" > $IFCFG_FILE + $SUDO echo "DEVICE=$piholeInterface" >> $IFCFG_FILE + $SUDO echo "BOOTPROTO=none" >> $IFCFG_FILE + $SUDO echo "ONBOOT=yes" >> $IFCFG_FILE + $SUDO echo "IPADDR=$IPADDR" >> $IFCFG_FILE + $SUDO echo "PREFIX=$CIDR" >> $IFCFG_FILE + $SUDO echo "USERCTL=no" >> $IFCFG_FILE + $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" + if [ -x "$(command -v nmcli)" ];then + # Tell NetworkManager to read our new sysconfig file + $SUDO nmcli con load $IFCFG_FILE > /dev/null + fi + echo ":::" + echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." + echo ":::" + + fi else - setDHCPCD - $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" - echo ":::" - echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." - echo ":::" + echo "::: Warning: Unable to locate configuration file to set static IPv4 address!" + exit 1 fi } From fa89bd830aa8612cde04f8a887d0d9c7316bf612 Mon Sep 17 00:00:00 2001 From: bcambl Date: Sat, 11 Jun 2016 22:33:44 -0600 Subject: [PATCH 36/49] re-order when SELinux gets configured configure SELinux *after* git clone/pull & file setup and *before* service configuration --- automated install/basic-install.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ed7b57ba..f8e2c426 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -815,6 +815,7 @@ installPihole() { installScripts installConfigs CreateLogFile + configureSelinux installPiholeWeb installCron runGravity @@ -889,9 +890,6 @@ use4andor6 # Decide what upstream DNS Servers to use setDNS -# Configure SELinux (if applicable) -configureSelinux - # Install and log everything to a file installPihole | tee $tmpLog From 46df6e7dd390d9631f30727854eb8c98320eb166 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 16 Jun 2016 10:11:55 +0100 Subject: [PATCH 37/49] Update adlists.default Add C&C malware list from #528 --- adlists.default | 2 ++ 1 file changed, 2 insertions(+) diff --git a/adlists.default b/adlists.default index 02d9b92c..6e9cec50 100644 --- a/adlists.default +++ b/adlists.default @@ -43,6 +43,8 @@ https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt # Block the BBC News website Breaking News banner #https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts +# List of known C&C malware servers (see https://github.com/pi-hole/pi-hole/issues/528) +https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt # Untested Lists: #https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt From fd92752f5215a496f22e7627474b6a265f3e374c Mon Sep 17 00:00:00 2001 From: Frederic Hemberger Date: Mon, 20 Jun 2016 19:10:06 +0200 Subject: [PATCH 38/49] Fix link for spam404scamlist.txt The redirect `http://spam404bl.com/spam404scamlist.txt` resolves to `https://raw.githubusercontent.com/spam404scamlist.txt/Dawsey21/Lists/master/main-blacklist.txt`, which is wrong. Instead, use `https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt`directly. --- adlists.default | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adlists.default b/adlists.default index 6e9cec50..0aeee73b 100644 --- a/adlists.default +++ b/adlists.default @@ -48,7 +48,7 @@ https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt # Untested Lists: #https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt -#http://spam404bl.com/spam404scamlist.txt +#https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt #http://malwaredomains.lehigh.edu/files/domains.txt # Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/) #https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt From 1f130b6550c8f72a61f8a55439eada864b734aa5 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Tue, 21 Jun 2016 19:16:11 -0400 Subject: [PATCH 39/49] Fix missing permissions on piholeIP Without sudo/root privileges, the echo command is unable to write to the file. --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 699f68ee..d26c33cc 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -236,7 +236,7 @@ getStaticIPv4Settings() { If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want. It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." $r $c #piholeIP is saved to a permanent file so gravity.sh can use it when updating - echo "${IPv4addr%/*}" > /etc/pihole/piholeIP + $SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP # Nothing else to do since the variables are already set above else # Otherwise, we need to ask the user to input their desired settings. @@ -258,8 +258,8 @@ It is also possible to use a DHCP reservation, but if you are going to do that, Gateway: $IPv4gw" $r $c)then # If the settings are correct, then we need to set the piholeIP # Saving it to a temporary file us to retrieve it later when we run the gravity.sh script. piholeIP is saved to a permanent file so gravity.sh can use it when updating - echo "${IPv4addr%/*}" > /etc/pihole/piholeIP - echo "$piholeInterface" > /tmp/piholeINT + $SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP + $SUDO echo "$piholeInterface" > /tmp/piholeINT # After that's done, the loop ends and we move on ipSettingsCorrect=True else From 636a9123b83d8d8a229e82898f58bf36b7dcc8aa Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Thu, 23 Jun 2016 18:37:45 -0700 Subject: [PATCH 40/49] Have `curl` auto-redirect This should solve the redirection issue if a list is moved. --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index ce04e181..130c5409 100755 --- a/gravity.sh +++ b/gravity.sh @@ -152,7 +152,7 @@ function gravity_transport() { fi # Silently curl url - curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer + curl -s -L $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer # Check for list updates gravity_patternCheck "$patternBuffer" # Cleanup From 7670b4e380e4526099eac53d0725b56c9dac99f1 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sat, 25 Jun 2016 06:00:49 -0700 Subject: [PATCH 41/49] Mahakala User Agen modernization Update Curl User Agent for Maha list. --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index ce04e181..8fa93e22 100755 --- a/gravity.sh +++ b/gravity.sh @@ -181,7 +181,7 @@ function gravity_spinup() { # to complete properly and reset the user agent when required case "$domain" in "adblock.mahakala.is") - agent='Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0' + agent='Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' cmd_ext="-e http://forum.xda-developers.com/" ;; From 0e143f727561b96c8c1fe879907be6dd59ed1918 Mon Sep 17 00:00:00 2001 From: Matth Date: Sat, 25 Jun 2016 15:45:51 +0200 Subject: [PATCH 42/49] Update adlists.default --- adlists.default | 2 ++ 1 file changed, 2 insertions(+) diff --git a/adlists.default b/adlists.default index 0aeee73b..d2b5e798 100644 --- a/adlists.default +++ b/adlists.default @@ -53,3 +53,5 @@ https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt # Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/) #https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt #https://raw.github.com/notracking/hosts-blocklists/master/domains.txt +# Combination of serveral host files on the internet (warning some facebook domains are also blocked but you can go to facebook.com). See https://github.com/mat1th/Dns-add-block for more information. +#https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts From 9b8efe1b27f296fafc88652b43e46afd6bd4223a Mon Sep 17 00:00:00 2001 From: Daniel Date: Sun, 3 Jul 2016 19:50:42 -0400 Subject: [PATCH 43/49] Upload log to sprunge.us --- advanced/Scripts/piholeDebug.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index a5958bbd..dfe9f4ac 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -330,8 +330,16 @@ function dumpPiHoleLog { # Anything to be done after capturing of pihole.log terminates function finalWork { - echo "::: Finshed debugging!" - echo "::: Debug log can be found at : /var/log/pihole_debug.log" + echo "::: Finshed debugging!" + SPRUNGE=$(cat /var/log/pihole_debug.log | curl --silent --connect-timeout 5 -F 'sprunge=<-' http://sprunge.us) + + # Check if sprunge.us is reachable. When it's not, point to local log instead + if [ -n "$SPRUNGE" ] + then + echo "::: Debug log can be found at : $SPRUNGE" + else + echo "::: Debug log can be found at : /var/log/pihole_debug.log" + fi } trap finalWork EXIT From 2b0ba281a4b3e1e390b801d9f888f7a431180238 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 4 Jul 2016 15:35:46 -0400 Subject: [PATCH 44/49] Repairs apt-get incorrect options --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a61c5e9b..9474d729 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -80,7 +80,7 @@ elif [ -x "$(command -v apt-get)" ];then PKG_CACHE="/var/cache/apt" UPDATE_PKG_CACHE="$PKG_MANAGER -qq update" PKG_UPDATE="$PKG_MANAGER upgrade" - PKG_INSTALL="$PKG_MANAGER -y -qq install" + PKG_INSTALL="$PKG_MANAGER --yes --quiet install" PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" INSTALLER_DEPS=( apt-utils whiptail dhcpcd5) PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo ) From f45eb84d6bbb8946c01315812bbd1631ad685c29 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Thu, 14 Jul 2016 11:27:47 -0700 Subject: [PATCH 45/49] Add distribution Check --- advanced/Scripts/piholeDebug.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index dfe9f4ac..8d0d3fa7 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -67,6 +67,14 @@ function versionCheck { echo >> $DEBUG_LOG } +function distroCheck { + echo "#######################################" >> $DEBUG_LOG + echo "######## Distribution Section #########" >> $DEBUG_LOG + echo "#######################################" >> $DEBUG_LOG + + TMP=$(cat /etc/lsb-release/ || echo "Failed to find lsb") + echo "Distribution Version: $TMP" >> $DEBUG_LOG + function compareWhitelist { if [ ! -f "$WHITELISTMATCHES" ]; then $SUDO touch $WHITELISTMATCHES @@ -195,6 +203,7 @@ echo "$GATEWAY_CHECK" >> $DEBUG_LOG echo >> $DEBUG_LOG versionCheck +distroCheck compareWhitelist compareBlacklist testNslookup From b011e5f838e74e808856a426fa11b2cfc08339cb Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Thu, 14 Jul 2016 11:35:52 -0700 Subject: [PATCH 46/49] Add os-release check --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 8d0d3fa7..86bff3c2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -72,7 +72,7 @@ function distroCheck { echo "######## Distribution Section #########" >> $DEBUG_LOG echo "#######################################" >> $DEBUG_LOG - TMP=$(cat /etc/lsb-release/ || echo "Failed to find lsb") + TMP=$(cat /etc/lsb-release/ || cat /etc/os-release || echo "Failed to find release") echo "Distribution Version: $TMP" >> $DEBUG_LOG function compareWhitelist { From 11f2524b9b2d8ad2a4d423d00dc37727c91803de Mon Sep 17 00:00:00 2001 From: Sander Date: Thu, 14 Jul 2016 20:47:27 +0200 Subject: [PATCH 47/49] Instead of an or, cat *release --- advanced/Scripts/piholeDebug.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 86bff3c2..fdb7847d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -72,7 +72,7 @@ function distroCheck { echo "######## Distribution Section #########" >> $DEBUG_LOG echo "#######################################" >> $DEBUG_LOG - TMP=$(cat /etc/lsb-release/ || cat /etc/os-release || echo "Failed to find release") + TMP=$(cat /etc/*release/ || echo "Failed to find release") echo "Distribution Version: $TMP" >> $DEBUG_LOG function compareWhitelist { From 6f068e0b9c3696d1ecbb0fbc139e2cca696ad3f1 Mon Sep 17 00:00:00 2001 From: Promofaux Date: Fri, 15 Jul 2016 19:32:49 +0100 Subject: [PATCH 48/49] Replace sprunge.us with termbin, which appears to be more reliable. --- advanced/Scripts/piholeDebug.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index fdb7847d..87a87f88 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -340,12 +340,12 @@ function dumpPiHoleLog { # Anything to be done after capturing of pihole.log terminates function finalWork { echo "::: Finshed debugging!" - SPRUNGE=$(cat /var/log/pihole_debug.log | curl --silent --connect-timeout 5 -F 'sprunge=<-' http://sprunge.us) + TERMBIN=$(cat /var/log/pihole_debug.log | nc termbin.com 9999) - # Check if sprunge.us is reachable. When it's not, point to local log instead - if [ -n "$SPRUNGE" ] + # Check if termbin.com is reachable. When it's not, point to local log instead + if [ -n "$TERMBIN" ] then - echo "::: Debug log can be found at : $SPRUNGE" + echo "::: Debug log can be found at : $TERMBIN" else echo "::: Debug log can be found at : /var/log/pihole_debug.log" fi From e106ff0fef36682da16c26fe3b43559d2f24e25f Mon Sep 17 00:00:00 2001 From: Promofaux Date: Fri, 15 Jul 2016 19:58:26 +0100 Subject: [PATCH 49/49] Add netcat to dependencies for termbin.com. Should be installed by default, but JUST IN CASE. --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9474d729..bd6722ee 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -67,7 +67,7 @@ if [ -x "$(command -v rpm)" ];then PKG_INSTALL="$PKG_MANAGER install -y" PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" INSTALLER_DEPS=( iproute net-tools procps-ng newt ) - PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo ) + PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo netcat ) LIGHTTPD_USER="lighttpd" LIGHTTPD_GROUP="lighttpd" LIGHTTPD_CFG="lighttpd.conf.fedora" @@ -83,7 +83,7 @@ elif [ -x "$(command -v apt-get)" ];then PKG_INSTALL="$PKG_MANAGER --yes --quiet install" PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" INSTALLER_DEPS=( apt-utils whiptail dhcpcd5) - PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo ) + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo netcat ) LIGHTTPD_USER="www-data" LIGHTTPD_GROUP="www-data" LIGHTTPD_CFG="lighttpd.conf.debian"