From 954a0c2a14fd4b1a80f41bfcc333f7b6c39fe078 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Sun, 19 Jun 2022 23:09:05 +0200
Subject: [PATCH 1/4] Remove read permission for others on senible log files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 advanced/Scripts/piholeDebug.sh       | 2 +-
 advanced/Scripts/piholeLogFlush.sh    | 4 ++--
 advanced/Templates/pihole-FTL.service | 5 +++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh
index 1f12e868..ebab375a 100755
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -1394,7 +1394,7 @@ curl_to_tricorder() {
 upload_to_tricorder() {
     local username="pihole"
     # Set the permissions and owner
-    chmod 644 ${PIHOLE_DEBUG_LOG}
+    chmod 640 ${PIHOLE_DEBUG_LOG}
     chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG}
 
     # Let the user know debugging is complete with something strikingly visual
diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh
index 60d5856b..3473fad5 100755
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -46,7 +46,7 @@ if [[ "$@" == *"once"* ]]; then
         # moved file (it will have the same file handler)
         cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
         echo " " > /var/log/pihole/pihole.log
-        chmod 644 /var/log/pihole/pihole.log
+        chmod 640 /var/log/pihole/pihole.log
     fi
 else
     # Manual flushing
@@ -59,7 +59,7 @@ else
         echo " " > /var/log/pihole/pihole.log
         if [ -f /var/log/pihole/pihole.log.1 ]; then
             echo " " > /var/log/pihole/pihole.log.1
-            chmod 644 /var/log/pihole/pihole.log.1
+            chmod 640 /var/log/pihole/pihole.log.1
         fi
     fi
     # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service
index 11bbe1c9..941f1ee0 100644
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -71,12 +71,13 @@ start() {
     [ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
     [ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
     [ ! -f /var/log/pihole/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole-FTL.log
-    [ ! -f /var/log/pihole/pihole.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
+    [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
     [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
     # Ensure that permissions are set so that pihole-FTL can edit all necessary files
     chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
     # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
-    chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log
+    chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log
+    chmod -f 0640 /var/log/pihole/pihole.log
     # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
     chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
     # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist

From 2c5907a8b1f58d091d16ab935cd91d5316f36deb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Sun, 19 Jun 2022 23:25:53 +0200
Subject: [PATCH 2/4] Requiere sudo for pihole -t
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 pihole | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pihole b/pihole
index 965f6288..c54a3192 100755
--- a/pihole
+++ b/pihole
@@ -503,7 +503,7 @@ case "${1}" in
   "-c" | "chronometer"          ) chronometerFunc "$@";;
   "-q" | "query"                ) queryFunc "$@";;
   "status"                      ) statusFunc "$2";;
-  "-t" | "tail"                 ) tailFunc "$2";;
+
   "tricorder"                   ) tricorderFunc;;
 
   # we need to add all arguments that require sudo power to not trigger the * argument
@@ -527,6 +527,7 @@ case "${1}" in
   "checkout"                    ) ;;
   "updatechecker"               ) ;;
   "arpflush"                    ) ;;
+  "-t" | "tail"                 ) ;;
   *                             ) helpFunc;;
 esac
 
@@ -563,4 +564,5 @@ case "${1}" in
   "checkout"                    ) piholeCheckoutFunc "$@";;
   "updatechecker"               ) updateCheckFunc "$@";;
   "arpflush"                    ) arpFunc "$@";;
+  "-t" | "tail"                 ) tailFunc "$2";;
 esac

From 287d5d37b1a70dd7f737eb929d6f010a38477a58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Fri, 24 Jun 2022 08:33:21 +0200
Subject: [PATCH 3/4] Add stale-issue-reason: not planned
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 .github/workflows/stale.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 783f1419..ccac6511 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -23,3 +23,4 @@ jobs:
         exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
         exempt-all-issue-assignees: true
         operations-per-run: 300
+        stale-issue-reason: 'not_planned'

From d88ab2ca600b9e548ee2eef4a81839c365c547b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Fri, 24 Jun 2022 19:57:44 +0200
Subject: [PATCH 4/4] Remove unnecassry file types from editorconfig
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 .editorconfig | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/.editorconfig b/.editorconfig
index a50f2f70..33448755 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -12,27 +12,3 @@ indent_size = tab
 tab_width = 4
 charset = utf-8
 trim_trailing_whitespace = true
-
-# Matches multiple files with brace expansion notation
-# Set default charset
-[*.{js,py}]
-charset = utf-8
-
-# 4 space indentation
-[*.py]
-indent_style = space
-indent_size = 4
-
-# Tab indentation (no size specified)
-[Makefile]
-indent_style = tab
-
-# Indentation override for all JS under lib directory
-[scripts/**.js]
-indent_style = space
-indent_size = 2
-
-# Matches the exact files either package.json or .travis.yml
-[{package.json,.travis.yml}]
-indent_style = space
-indent_size = 2