arno
/
pi-hole
mirror of https://github.com/pi-hole/pi-hole
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #563 from pi-hole/development

Browse Source 
Push to release 2.8 - Gold
pull/588/head 2.8
Dan Schaper 8 years ago committed by GitHub
parent 412c0a172d e106ff0fef
commit a27f1f17de
12 changed files with 457 additions and 76 deletions
Show Stats Download Patch File Download Diff File

6
adlists.default
Unescape View File

@ -43,11 +43,15 @@ https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
# Block the BBC News website Breaking News banner # Block the BBC News website Breaking News banner
#https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts #https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts
# List of known C&C malware servers (see https://github.com/pi-hole/pi-hole/issues/528)
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
# Untested Lists: # Untested Lists:
#https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt #https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt
#http://spam404bl.com/spam404scamlist.txt #https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
#http://malwaredomains.lehigh.edu/files/domains.txt #http://malwaredomains.lehigh.edu/files/domains.txt
# Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/) # Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/)
#https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt #https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
#https://raw.github.com/notracking/hosts-blocklists/master/domains.txt #https://raw.github.com/notracking/hosts-blocklists/master/domains.txt
# Combination of serveral host files on the internet (warning some facebook domains are also blocked but you can go to facebook.com). See https://github.com/mat1th/Dns-add-block for more information.
#https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts

2
advanced/Scripts/blacklist.sh
Unescape View File

@ -17,7 +17,7 @@ else
echo "::: sudo will be used." echo "::: sudo will be used."
# Check if it is actually installed # Check if it is actually installed
# If it isn't, exit because the install cannot complete # If it isn't, exit because the install cannot complete
if [[ $(dpkg-query -s sudo) ]];then if [ -x "$(command -v sudo)" ];then
export SUDO="sudo" export SUDO="sudo"
else else
echo "::: Please install sudo or run this script as root." echo "::: Please install sudo or run this script as root."

23
advanced/Scripts/piholeDebug.sh
Unescape View File

@ -36,7 +36,7 @@ if [[ $EUID -eq 0 ]]; then
else else
echo "::: Sudo will be used for debugging." echo "::: Sudo will be used for debugging."
# Check if sudo is actually installed # Check if sudo is actually installed
if [[ $(dpkg-query -s sudo) ]]; then if [ -x "$(command -v sudo)" ]; then
export SUDO="sudo" export SUDO="sudo"
else else
echo "::: Please install sudo or run this as root." echo "::: Please install sudo or run this as root."
@ -67,6 +67,14 @@ function versionCheck {
echo >> $DEBUG_LOG echo >> $DEBUG_LOG
} }
function distroCheck {
echo "#######################################" >> $DEBUG_LOG
echo "######## Distribution Section #########" >> $DEBUG_LOG
echo "#######################################" >> $DEBUG_LOG
TMP=$(cat /etc/*release/ || echo "Failed to find release")
echo "Distribution Version: $TMP" >> $DEBUG_LOG
function compareWhitelist { function compareWhitelist {
if [ ! -f "$WHITELISTMATCHES" ]; then if [ ! -f "$WHITELISTMATCHES" ]; then
$SUDO touch $WHITELISTMATCHES $SUDO touch $WHITELISTMATCHES
@ -195,6 +203,7 @@ echo "$GATEWAY_CHECK" >> $DEBUG_LOG
echo >> $DEBUG_LOG echo >> $DEBUG_LOG
versionCheck versionCheck
distroCheck
compareWhitelist compareWhitelist
compareBlacklist compareBlacklist
testNslookup testNslookup
@ -330,8 +339,16 @@ function dumpPiHoleLog {
# Anything to be done after capturing of pihole.log terminates # Anything to be done after capturing of pihole.log terminates
function finalWork { function finalWork {
echo "::: Finshed debugging!" echo "::: Finshed debugging!"
echo "::: Debug log can be found at : /var/log/pihole_debug.log" TERMBIN=$(cat /var/log/pihole_debug.log | nc termbin.com 9999)
# Check if termbin.com is reachable. When it's not, point to local log instead
if [ -n "$TERMBIN" ]
then
echo "::: Debug log can be found at : $TERMBIN"
else
echo "::: Debug log can be found at : /var/log/pihole_debug.log"
fi
} }
trap finalWork EXIT trap finalWork EXIT

2
advanced/Scripts/setupLCD.sh
Unescape View File

@ -19,7 +19,7 @@ else
echo "::: sudo will be used." echo "::: sudo will be used."
# Check if it is actually installed # Check if it is actually installed
# If it isn't, exit because the install cannot complete # If it isn't, exit because the install cannot complete
if [[ $(dpkg-query -s sudo) ]];then if [ -x "$(command -v sudo)" ];then
export SUDO="sudo" export SUDO="sudo"
else else
echo "::: Please install sudo or run this script as root." echo "::: Please install sudo or run this script as root."

2
advanced/Scripts/whitelist.sh
Unescape View File

@ -17,7 +17,7 @@ else
echo "::: sudo will be used." echo "::: sudo will be used."
# Check if it is actually installed # Check if it is actually installed
# If it isn't, exit because the install cannot complete # If it isn't, exit because the install cannot complete
if [[ $(dpkg-query -s sudo) ]];then if [ -x "$(command -v sudo)" ];then
export SUDO="sudo" export SUDO="sudo"
else else
echo "::: Please install sudo or run this script as root." echo "::: Please install sudo or run this script as root."

2
advanced/lighttpd.conf → advanced/lighttpd.conf.debian
Unescape View File

@ -14,7 +14,7 @@ server.modules = (
"mod_accesslog", "mod_accesslog",
"mod_expire", "mod_expire",
"mod_compress", "mod_compress",
"mod_redirect", "mod_redirect",
"mod_setenv", "mod_setenv",
"mod_rewrite" "mod_rewrite"
) )

77
advanced/lighttpd.conf.fedora
Unescape View File

@ -0,0 +1,77 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2015, 2016 by Jacob Salmela
# Network-wide ad blocking via your Raspberry Pi
# http://pi-hole.net
# lighttpd config for Pi-hole
#
# Pi-hole is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
server.modules = (
"mod_access",
"mod_fastcgi",
"mod_accesslog",
"mod_expire",
"mod_compress",
"mod_redirect",
"mod_setenv",
"mod_rewrite"
)
server.document-root = "/var/www/html"
server.error-handler-404 = "pihole/index.html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
server.port = 80
accesslog.filename = "/var/log/lighttpd/access.log"
accesslog.format = "%{%s}t|%V|%r|%s|%b"
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
mimetype.assign = ( ".png" => "image/png",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".html" => "text/html",
".css" => "text/css; charset=utf-8",
".js" => "application/javascript",
".json" => "application/json",
".txt" => "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/tmp/php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi"
)
)
)
# If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" {
# Create a response header for debugging using curl -I
setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" )
}
# If the URL does not start with /admin, then it is a query for an ad domain
$HTTP["url"] =~ "^(?!/admin)/.*" {
# Create a response header for debugging using curl -I
setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." )
# rewrite only js requests
url.rewrite = ("(.*).js" => "pihole/index.js")
}

87
advanced/selinux/pihole.te
Unescape View File

@ -0,0 +1,87 @@
module pihole 1.0;
require {
type var_log_t;
type unconfined_t;
type init_t;
type auditd_t;
type syslogd_t;
type NetworkManager_t;
type mdadm_t;
type tuned_t;
type avahi_t;
type irqbalance_t;
type system_dbusd_t;
type kernel_t;
type httpd_sys_script_t;
type systemd_logind_t;
type httpd_t;
type policykit_t;
type dnsmasq_t;
type udev_t;
type postfix_pickup_t;
type sshd_t;
type crond_t;
type getty_t;
type lvm_t;
type postfix_qmgr_t;
type postfix_master_t;
class dir { getattr search };
class file { read open setattr };
}
#============= dnsmasq_t ==============
allow dnsmasq_t var_log_t:file { open setattr };
#============= httpd_t ==============
allow httpd_t var_log_t:file { read open };
#============= httpd_sys_script_t (class: dir) ==============
allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
allow httpd_sys_script_t auditd_t:dir { getattr search };
allow httpd_sys_script_t avahi_t:dir { getattr search };
allow httpd_sys_script_t crond_t:dir { getattr search };
allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
allow httpd_sys_script_t getty_t:dir { getattr search };
allow httpd_sys_script_t httpd_t:dir { getattr search };
allow httpd_sys_script_t init_t:dir { getattr search };
allow httpd_sys_script_t irqbalance_t:dir { getattr search };
allow httpd_sys_script_t kernel_t:dir { getattr search };
allow httpd_sys_script_t lvm_t:dir { getattr search };
allow httpd_sys_script_t mdadm_t:dir { getattr search };
allow httpd_sys_script_t policykit_t:dir { getattr search };
allow httpd_sys_script_t postfix_master_t:dir { getattr search };
allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
allow httpd_sys_script_t sshd_t:dir { getattr search };
allow httpd_sys_script_t syslogd_t:dir { getattr search };
allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
allow httpd_sys_script_t tuned_t:dir { getattr search };
allow httpd_sys_script_t udev_t:dir { getattr search };
allow httpd_sys_script_t unconfined_t:dir { getattr search };
#============= httpd_sys_script_t (class: file) ==============
allow httpd_sys_script_t NetworkManager_t:file { read open };
allow httpd_sys_script_t auditd_t:file { read open };
allow httpd_sys_script_t avahi_t:file { read open };
allow httpd_sys_script_t crond_t:file { read open };
allow httpd_sys_script_t dnsmasq_t:file { read open };
allow httpd_sys_script_t getty_t:file { read open };
allow httpd_sys_script_t httpd_t:file { read open };
allow httpd_sys_script_t init_t:file { read open };
allow httpd_sys_script_t irqbalance_t:file { read open };
allow httpd_sys_script_t kernel_t:file { read open };
allow httpd_sys_script_t lvm_t:file { read open };
allow httpd_sys_script_t mdadm_t:file { read open };
allow httpd_sys_script_t policykit_t:file { read open };
allow httpd_sys_script_t postfix_master_t:file { read open };
allow httpd_sys_script_t postfix_pickup_t:file { read open };
allow httpd_sys_script_t postfix_qmgr_t:file { read open };
allow httpd_sys_script_t sshd_t:file { read open };
allow httpd_sys_script_t syslogd_t:file { read open };
allow httpd_sys_script_t system_dbusd_t:file { read open };
allow httpd_sys_script_t systemd_logind_t:file { read open };
allow httpd_sys_script_t tuned_t:file { read open };
allow httpd_sys_script_t udev_t:file { read open };
allow httpd_sys_script_t unconfined_t:file { read open };

269
automated install/basic-install.sh
Unescape View File

@ -36,16 +36,6 @@ columns=$(tput cols)
r=$(( rows / 2 )) r=$(( rows / 2 ))
c=$(( columns / 2 )) c=$(( columns / 2 ))
# Find IP used to route to outside world
IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
dhcpcdFile=/etc/dhcpcd.conf
######## FIRST CHECK ######## ######## FIRST CHECK ########
# Must be root to install # Must be root to install
echo ":::" echo ":::"
@ -55,7 +45,7 @@ else
echo "::: sudo will be used for the install." echo "::: sudo will be used for the install."
# Check if it is actually installed # Check if it is actually installed
# If it isn't, exit because the install cannot complete # If it isn't, exit because the install cannot complete
if [[ $(dpkg-query -s sudo) ]];then if [ -x "$(command -v sudo)" ];then
export SUDO="sudo" export SUDO="sudo"
else else
echo "::: sudo is needed for the Web interface to run pihole commands. Please run this script as root and it will be automatically installed." echo "::: sudo is needed for the Web interface to run pihole commands. Please run this script as root and it will be automatically installed."
@ -63,6 +53,47 @@ else
fi fi
fi fi
# Compatability
if [ -x "$(command -v rpm)" ];then
# Fedora Family
if [ -x "$(command -v dnf)" ];then
PKG_MANAGER="dnf"
else
PKG_MANAGER="yum"
fi
PKG_CACHE="/var/cache/$PKG_MANAGER"
UPDATE_PKG_CACHE="$PKG_MANAGER check-update -q"
PKG_UPDATE="$PKG_MANAGER update -y"
PKG_INSTALL="$PKG_MANAGER install -y"
PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]"
INSTALLER_DEPS=( iproute net-tools procps-ng newt )
PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo netcat )
LIGHTTPD_USER="lighttpd"
LIGHTTPD_GROUP="lighttpd"
LIGHTTPD_CFG="lighttpd.conf.fedora"
package_check() {
rpm -qa | grep ^$1- > /dev/null
}
elif [ -x "$(command -v apt-get)" ];then
# Debian Family
PKG_MANAGER="apt-get"
PKG_CACHE="/var/cache/apt"
UPDATE_PKG_CACHE="$PKG_MANAGER -qq update"
PKG_UPDATE="$PKG_MANAGER upgrade"
PKG_INSTALL="$PKG_MANAGER --yes --quiet install"
PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst"
INSTALLER_DEPS=( apt-utils whiptail dhcpcd5)
PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo netcat )
LIGHTTPD_USER="www-data"
LIGHTTPD_GROUP="www-data"
LIGHTTPD_CFG="lighttpd.conf.debian"
package_check() {
dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
}
else
echo "OS distribution not supported"
exit
fi
####### FUNCTIONS ########## ####### FUNCTIONS ##########
spinner() spinner()
@ -80,6 +111,14 @@ spinner()
printf " \b\b\b\b" printf " \b\b\b\b"
} }
findIPRoute() {
# Find IP used to route to outside world
IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
}
backupLegacyPihole() { backupLegacyPihole() {
# This function detects and backups the pi-hole v1 files. It will not do anything to the current version files. # This function detects and backups the pi-hole v1 files. It will not do anything to the current version files.
if [[ -f /etc/dnsmasq.d/adList.conf ]];then if [[ -f /etc/dnsmasq.d/adList.conf ]];then
@ -236,7 +275,7 @@ getStaticIPv4Settings() {
If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want. If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want.
It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." $r $c It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." $r $c
#piholeIP is saved to a permanent file so gravity.sh can use it when updating #piholeIP is saved to a permanent file so gravity.sh can use it when updating
echo "${IPv4addr%/*}" > /etc/pihole/piholeIP $SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
# Nothing else to do since the variables are already set above # Nothing else to do since the variables are already set above
else else
# Otherwise, we need to ask the user to input their desired settings. # Otherwise, we need to ask the user to input their desired settings.
@ -258,8 +297,8 @@ It is also possible to use a DHCP reservation, but if you are going to do that,
Gateway: $IPv4gw" $r $c)then Gateway: $IPv4gw" $r $c)then
# If the settings are correct, then we need to set the piholeIP # If the settings are correct, then we need to set the piholeIP
# Saving it to a temporary file us to retrieve it later when we run the gravity.sh script. piholeIP is saved to a permanent file so gravity.sh can use it when updating # Saving it to a temporary file us to retrieve it later when we run the gravity.sh script. piholeIP is saved to a permanent file so gravity.sh can use it when updating
echo "${IPv4addr%/*}" > /etc/pihole/piholeIP $SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
echo "$piholeInterface" > /tmp/piholeINT $SUDO echo "$piholeInterface" > /tmp/piholeINT
# After that's done, the loop ends and we move on # After that's done, the loop ends and we move on
ipSettingsCorrect=True ipSettingsCorrect=True
else else
@ -288,20 +327,52 @@ setDHCPCD() {
echo "::: interface $piholeInterface echo "::: interface $piholeInterface
static ip_address=$IPv4addr static ip_address=$IPv4addr
static routers=$IPv4gw static routers=$IPv4gw
static domain_name_servers=$IPv4gw" | $SUDO tee -a $dhcpcdFile >/dev/null static domain_name_servers=$IPv4gw" | $SUDO tee -a /etc/dhcpcd.conf >/dev/null
} }
setStaticIPv4() { setStaticIPv4() {
# Tries to set the IPv4 address if [[ -f /etc/dhcpcd.conf ]];then
if grep -q "$IPv4addr" $dhcpcdFile; then # Debian Family
# address already set, noop if grep -q "$IPv4addr" /etc/dhcpcd.conf; then
: echo "::: Static IP already configured"
else
setDHCPCD
$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
echo ":::"
echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete."
echo ":::"
fi
elif [[ -f /etc/sysconfig/network-scripts/ifcfg-$piholeInterface ]];then
# Fedora Family
IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$piholeInterface
if grep -q "$IPv4addr" $IFCFG_FILE; then
echo "::: Static IP already configured"
else
IPADDR=$(echo $IPv4addr | cut -f1 -d/)
CIDR=$(echo $IPv4addr | cut -f2 -d/)
# Backup existing interface configuration:
cp $IFCFG_FILE $IFCFG_FILE.backup-$(date +%Y-%m-%d-%H%M%S)
# Build Interface configuration file:
$SUDO echo "# Configured via Pi-Hole installer" > $IFCFG_FILE
$SUDO echo "DEVICE=$piholeInterface" >> $IFCFG_FILE
$SUDO echo "BOOTPROTO=none" >> $IFCFG_FILE
$SUDO echo "ONBOOT=yes" >> $IFCFG_FILE
$SUDO echo "IPADDR=$IPADDR" >> $IFCFG_FILE
$SUDO echo "PREFIX=$CIDR" >> $IFCFG_FILE
$SUDO echo "USERCTL=no" >> $IFCFG_FILE
$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
if [ -x "$(command -v nmcli)" ];then
# Tell NetworkManager to read our new sysconfig file
$SUDO nmcli con load $IFCFG_FILE > /dev/null
fi
echo ":::"
echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete."
echo ":::"
fi
else else
setDHCPCD echo "::: Warning: Unable to locate configuration file to set static IPv4 address!"
$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" exit 1
echo ":::"
echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete."
echo ":::"
fi fi
} }
@ -455,6 +526,7 @@ versionCheckDNSmasq(){
else else
$SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation $SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation
fi fi
$SUDO sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' $dnsFile1
} }
installScripts() { installScripts() {
@ -502,7 +574,11 @@ installConfigs() {
$SUDO chown "$USER":root /etc/lighttpd $SUDO chown "$USER":root /etc/lighttpd
$SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig $SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
fi fi
$SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf $SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf
$SUDO mkdir -p /var/run/lighttpd
$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/run/lighttpd
$SUDO mkdir -p /var/cache/lighttpd/compress
$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/cache/lighttpd/compress
} }
stopServices() { stopServices() {
@ -510,50 +586,52 @@ stopServices() {
$SUDO echo ":::" $SUDO echo ":::"
$SUDO echo -n "::: Stopping services..." $SUDO echo -n "::: Stopping services..."
#$SUDO service dnsmasq stop & spinner $! || true #$SUDO service dnsmasq stop & spinner $! || true
$SUDO service lighttpd stop & spinner $! || true if [ -x "$(command -v systemctl)" ]; then
$SUDO systemctl stop lighttpd & spinner $! || true
else
$SUDO service lighttpd stop & spinner $! || true
fi
$SUDO echo " done." $SUDO echo " done."
} }
checkForDependencies() { installerDependencies() {
#Running apt-get update/upgrade with minimal output can cause some issues with #Running apt-get update/upgrade with minimal output can cause some issues with
#requiring user input (e.g password for phpmyadmin see #218) #requiring user input (e.g password for phpmyadmin see #218)
#We'll change the logic up here, to check to see if there are any updates availible and #We'll change the logic up here, to check to see if there are any updates availible and
# if so, advise the user to run apt-get update/upgrade at their own discretion # if so, advise the user to run apt-get update/upgrade at their own discretion
#Check to see if apt-get update has already been run today #Check to see if apt-get update has already been run today
# it needs to have been run at least once on new installs! # it needs to have been run at least once on new installs!
timestamp=$(stat -c %Y $PKG_CACHE)
timestamp=$(stat -c %Y /var/cache/apt/)
timestampAsDate=$(date -d @"$timestamp" "+%b %e") timestampAsDate=$(date -d @"$timestamp" "+%b %e")
today=$(date "+%b %e") today=$(date "+%b %e")
if [ ! "$today" == "$timestampAsDate" ]; then if [ ! "$today" == "$timestampAsDate" ]; then
#update package lists #update package lists
echo ":::" echo ":::"
echo -n "::: apt-get update has not been run today. Running now..." echo -n "::: $PKG_MANAGER update has not been run today. Running now..."
$SUDO apt-get -qq update & spinner $! $SUDO $UPDATE_PKG_CACHE > /dev/null 2>&1
echo " done!" echo " done!"
fi fi
echo ":::" echo ":::"
echo -n "::: Checking apt-get for upgraded packages...." echo -n "::: Checking $PKG_MANAGER for upgraded packages...."
updatesToInstall=$($SUDO apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst) updatesToInstall=$(eval "$SUDO $PKG_COUNT")
echo " done!" echo " done!"
echo ":::" echo ":::"
if [[ $updatesToInstall -eq "0" ]]; then if [[ $updatesToInstall -eq "0" ]]; then
echo "::: Your pi is up to date! Continuing with pi-hole installation..." echo "::: Your pi is up to date! Continuing with pi-hole installation..."
else else
echo "::: There are $updatesToInstall updates availible for your pi!" echo "::: There are $updatesToInstall updates availible for your pi!"
echo "::: We recommend you run 'sudo apt-get upgrade' after installing Pi-Hole! " echo "::: We recommend you run '$PKG_UPDATE' after installing Pi-Hole! "
echo ":::" echo ":::"
fi fi
echo ":::" echo ":::"
echo "::: Checking dependencies:" echo "::: Checking installer dependencies..."
for i in "${INSTALLER_DEPS[@]}"; do
dependencies=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo)
for i in "${dependencies[@]}"; do
echo -n "::: Checking for $i..." echo -n "::: Checking for $i..."
if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then package_check $i > /dev/null
if ! [ $? -eq 0 ]; then
echo -n " Not found! Installing...." echo -n " Not found! Installing...."
$SUDO apt-get -y -qq install "$i" > /dev/null & spinner $! $SUDO $PKG_INSTALL "$i" > /dev/null 2>&1
echo " done!" echo " done!"
else else
echo " already installed!" echo " already installed!"
@ -561,6 +639,23 @@ checkForDependencies() {
done done
} }
checkForDependencies() {
# Install dependencies for Pi-Hole
echo "::: Checking Pi-Hole dependencies:"
for i in "${PIHOLE_DEPS[@]}"; do
echo -n "::: Checking for $i..."
package_check $i > /dev/null
if ! [ $? -eq 0 ]; then
echo -n " Not found! Installing...."
$SUDO $PKG_INSTALL "$i" > /dev/null & spinner $!
echo " done!"
else
echo " already installed!"
fi
done
}
getGitFiles() { getGitFiles() {
# Setup git repos for base files and web admin # Setup git repos for base files and web admin
echo ":::" echo ":::"
@ -677,6 +772,27 @@ setUser(){
fi fi
} }
configureFirewall() {
# Allow HTTP and DNS traffic
if [ -x "$(command -v firewall-cmd)" ]; then
$SUDO firewall-cmd --state > /dev/null
if [[ $? -eq 0 ]]; then
$SUDO echo "::: Configuring firewalld for httpd and dnsmasq.."
$SUDO firewall-cmd --permanent --add-port=80/tcp
$SUDO firewall-cmd --permanent --add-port=53/tcp
$SUDO firewall-cmd --permanent --add-port=53/udp
$SUDO firewall-cmd --reload
fi
elif [ -x "$(command -v iptables)" ]; then
$SUDO echo "::: Configuring iptables for httpd and dnsmasq.."
$SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
$SUDO iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
else
$SUDO echo "::: No firewall detected.. skipping firewall configuration."
fi
}
installPihole() { installPihole() {
# Install base files and web interface # Install base files and web interface
checkForDependencies # done checkForDependencies # done
@ -686,18 +802,55 @@ installPihole() {
if [ ! -d "/var/www/html" ]; then if [ ! -d "/var/www/html" ]; then
$SUDO mkdir -p /var/www/html $SUDO mkdir -p /var/www/html
fi fi
$SUDO chown www-data:www-data /var/www/html $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/www/html
$SUDO chmod 775 /var/www/html $SUDO chmod 775 /var/www/html
$SUDO usermod -a -G www-data pihole $SUDO usermod -a -G $LIGHTTPD_GROUP pihole
$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null if [ -x "$(command -v lighty-enable-mod)" ]; then
$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null
else
printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n"
fi
getGitFiles getGitFiles
installScripts installScripts
installConfigs installConfigs
CreateLogFile CreateLogFile
configureSelinux
installPiholeWeb installPiholeWeb
installCron installCron
runGravity runGravity
configureFirewall
}
configureSelinux() {
if [ -x "$(command -v getenforce)" ]; then
printf "\n::: SELinux Detected\n"
printf ":::\tChecking for SELinux policy development packages..."
package_check "selinux-policy-devel" > /dev/null
if ! [ $? -eq 0 ]; then
echo -n " Not found! Installing...."
$SUDO $PKG_INSTALL "selinux-policy-devel" > /dev/null & spinner $!
echo " done!"
else
echo " already installed!"
fi
printf "::: Enabling httpd server side includes (SSI).. "
$SUDO setsebool -P httpd_ssi_exec on
if [ $? -eq 0 ]; then
echo -n "Success\n"
fi
printf ":::\tCompiling Pi-Hole SELinux policy..\n"
$SUDO checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
$SUDO semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
$SUDO semodule -i /etc/pihole/pihole.pp
$SUDO rm -f /etc/pihole/pihole.mod
$SUDO semodule -l | grep pihole > /dev/null
if [ $? -eq 0 ]; then
printf "::: Successfully installed Pi-Hole SELinux policy\n"
else
printf "::: Warning: Pi-Hole SELinux policy did not install correctly!\n"
fi
fi
} }
displayFinalMessage() { displayFinalMessage() {
@ -716,6 +869,10 @@ View the web interface at http://pi.hole/admin or http://${IPv4addr%/*}/admin" $
######## SCRIPT ############ ######## SCRIPT ############
# Start the installer # Start the installer
$SUDO mkdir -p /etc/pihole/ $SUDO mkdir -p /etc/pihole/
# Install packages used by this installation script
installerDependencies
welcomeDialogs welcomeDialogs
# Verify there is enough disk space for the install # Verify there is enough disk space for the install
@ -723,6 +880,8 @@ verifyFreeDiskSpace
# Just back up the original Pi-hole right away since it won't take long and it gets it out of the way # Just back up the original Pi-hole right away since it won't take long and it gets it out of the way
backupLegacyPihole backupLegacyPihole
# Find IP used to route to outside world
findIPRoute
# Find interfaces and let the user choose one # Find interfaces and let the user choose one
chooseInterface chooseInterface
# Let the user decide if they want to block ads over IPv4 and/or IPv6 # Let the user decide if they want to block ads over IPv4 and/or IPv6
@ -741,8 +900,16 @@ displayFinalMessage
echo -n "::: Restarting services..." echo -n "::: Restarting services..."
# Start services # Start services
$SUDO service dnsmasq restart if [ -x "$(command -v systemctl)" ]; then
$SUDO service lighttpd start $SUDO systemctl enable dnsmasq
$SUDO systemctl restart dnsmasq
$SUDO systemctl enable lighttpd
$SUDO systemctl start lighttpd
else
$SUDO service dnsmasq restart
$SUDO service lighttpd start
fi
echo " done." echo " done."
echo ":::" echo ":::"

55
automated install/uninstall.sh
Unescape View File

@ -17,7 +17,7 @@ else
echo "::: Sudo will be used for the uninstall." echo "::: Sudo will be used for the uninstall."
# Check if it is actually installed # Check if it is actually installed
# If it isn't, exit because the unnstall cannot complete # If it isn't, exit because the unnstall cannot complete
if [[ $(dpkg-query -s sudo) ]];then if [ -x "$(command -v sudo)" ];then
export SUDO="sudo" export SUDO="sudo"
else else
echo "::: Please install sudo or run this as root." echo "::: Please install sudo or run this as root."
@ -25,6 +25,39 @@ else
fi fi
fi fi
# Compatability
if [ -x "$(command -v rpm)" ];then
# Fedora Family
if [ -x "$(command -v dnf)" ];then
PKG_MANAGER="dnf"
else
PKG_MANAGER="yum"
fi
PKG_REMOVE="$PKG_MANAGER remove -y"
PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common git curl unzip wget findutils )
package_check() {
rpm -qa | grep ^$1- > /dev/null
}
package_cleanup() {
$SUDO $PKG_MANAGER -y autoremove
}
elif [ -x "$(command -v apt-get)" ];then
# Debian Family
PKG_MANAGER="apt-get"
PKG_REMOVE="$PKG_MANAGER -y remove --purge"
PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget )
package_check() {
dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
}
package_cleanup() {
$SUDO $PKG_MANAGER -y autoremove
$SUDO $PKG_MANAGER -y autoclean
}
else
echo "OS distribution not supported"
exit
fi
spinner() spinner()
{ {
local pid=$1 local pid=$1
@ -43,14 +76,13 @@ spinner()
function removeAndPurge { function removeAndPurge {
# Purge dependencies # Purge dependencies
echo ":::" echo ":::"
# Nate 3/28/2016 - Removed `php5-cgi` and `php5` as they are removed with php5-common for i in "${PIHOLE_DEPS[@]}"; do
dependencies=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget ) package_check $i > /dev/null
for i in "${dependencies[@]}"; do if [ $? -eq 0 ]; then
if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then
while true; do while true; do
read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn
case $yn in case $yn in
[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; break;; [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO $PKG_REMOVE "$i" &> /dev/null & spinner $!; printf "done!\n"; break;;
[Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;; [Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;;
* ) printf "::: You must answer yes or no!\n";; * ) printf "::: You must answer yes or no!\n";;
esac esac
@ -65,10 +97,8 @@ echo ":::"
$SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null $SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null
# Take care of any additional package cleaning # Take care of any additional package cleaning
printf "::: Auto removing remaining dependencies..." printf "::: Auto removing & cleaning remaining dependencies..."
$SUDO apt-get -y autoremove &> /dev/null & spinner $!; printf "done!\n"; package_cleanup &> /dev/null & spinner $!; printf "done!\n";
printf "::: Auto cleaning remaining dependencies..."
$SUDO apt-get -y autoclean &> /dev/null & spinner $!; printf "done!\n";
# Call removeNoPurge to remove PiHole specific files # Call removeNoPurge to remove PiHole specific files
removeNoPurge removeNoPurge
@ -107,7 +137,8 @@ function removeNoPurge {
fi fi
echo "::: Removing config files and scripts..." echo "::: Removing config files and scripts..."
if [ ! "$(dpkg-query -W --showformat='${Status}\n' lighttpd 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then package_check $i > /dev/null
if [ $? -eq 1 ]; then
$SUDO rm -rf /etc/lighttpd/ &> /dev/null $SUDO rm -rf /etc/lighttpd/ &> /dev/null
else else
if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then
@ -143,5 +174,3 @@ while true; do
[Nn]* ) removeNoPurge; break;; [Nn]* ) removeNoPurge; break;;
esac esac
done done

6
gravity.sh
Unescape View File

@ -19,7 +19,7 @@ else
echo "::: sudo will be used." echo "::: sudo will be used."
# Check if it is actually installed # Check if it is actually installed
# If it isn't, exit because the install cannot complete # If it isn't, exit because the install cannot complete
if [[ $(dpkg-query -s sudo) ]];then if [ -x "$(command -v sudo)" ];then
export SUDO="sudo" export SUDO="sudo"
else else
echo "::: Please install sudo or run this script as root." echo "::: Please install sudo or run this script as root."
@ -152,7 +152,7 @@ function gravity_transport() {
fi fi
# Silently curl url # Silently curl url
curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer curl -s -L $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer
# Check for list updates # Check for list updates
gravity_patternCheck "$patternBuffer" gravity_patternCheck "$patternBuffer"
# Cleanup # Cleanup
@ -181,7 +181,7 @@ function gravity_spinup() {
# to complete properly and reset the user agent when required # to complete properly and reset the user agent when required
case "$domain" in case "$domain" in
"adblock.mahakala.is") "adblock.mahakala.is")
agent='Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0' agent='Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36'
cmd_ext="-e http://forum.xda-developers.com/" cmd_ext="-e http://forum.xda-developers.com/"
;; ;;

2
pihole
Unescape View File

@ -17,7 +17,7 @@ if [[ ! $EUID -eq 0 ]];then
#echo "::: Sudo will be used for this tool." #echo "::: Sudo will be used for this tool."
# Check if it is actually installed # Check if it is actually installed
# If it isn't, exit because the pihole cannot be invoked without privileges. # If it isn't, exit because the pihole cannot be invoked without privileges.
if [[ $(dpkg-query -s sudo) ]];then if [ -x "$(command -v sudo)" ];then
export SUDO="sudo" export SUDO="sudo"
else else
echo "::: Please install sudo or run this as root." echo "::: Please install sudo or run this as root."

Write Preview
Loading…
Cancel
Save