arno/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole synced 2025-01-22 05:51:15 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2496 from pi-hole/release/v4.1

Browse Source 
Release v4.1
This commit is contained in:
Jacob Salmela 2018-12-09 14:33:58 -06:00 committed by GitHub
commit f65f793a0d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 741 additions and 588 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
README.md
View File

@ -22,7 +22,7 @@ The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a
<a href="https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE"><img src="https://www.bountysource.com/badge/tracker?tracker_id=3011939" alt="BountySource"/></a> <a href="https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE"><img src="https://www.bountysource.com/badge/tracker?tracker_id=3011939" alt="BountySource"/></a>
## One-Step Automated Install ## One-Step Automated Install
Those who want to get started quickly and conveniently, may install Pi-hole using the following command: Those who want to get started quickly and conveniently may install Pi-hole using the following command:
#### `curl -sSL https://install.pi-hole.net | bash` #### `curl -sSL https://install.pi-hole.net | bash`
@ -46,14 +46,14 @@ sudo bash basic-install.sh
Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention. Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention.
If your router does not support setting the DNS server, you can [use Pi-hole's built in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available). If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available).
As a last resort, you can always manually set each device to use Pi-hole as their DNS server. As a last resort, you can always manually set each device to use Pi-hole as their DNS server.
----- -----
## Pi-hole is free, but powered by your support ## Pi-hole is free, but powered by your support
There are many reoccurring costs involved with maintaining free, open source, and privacy respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained. There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained.
Make no mistake: **your support is absolutely vital to help keep us innovating!** Make no mistake: **your support is absolutely vital to help keep us innovating!**
@ -70,7 +70,7 @@ Sending a donation using our links below is **extremely helpful** in offsetting
If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us: If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us:
- [Patreon](https://patreon.com/pihole) _Become a patron for rewards_ - [Patreon](https://patreon.com/pihole) _Become a patron for rewards_
- [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_ - [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
- [UNIXstickers.com](http://unixstickers.refr.cc/jacobs) _save $5 when you spend $9 using our affiliate link_ - [Stickermule](https://www.stickermule.com/unlock?ref_id=6055890701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_
- [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_ - [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_
- [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_ - [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
- [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_ - [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_
@ -82,7 +82,7 @@ We welcome _everyone_ to contribute to issue reports, suggest new features, and
If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve. If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve.
You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it, and submit a pull request for us to review. You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review.
### Presentations about Pi-hole ### Presentations about Pi-hole
Word-of-mouth continues to help our project grow immensely, and so we are helping make this easier for people. Word-of-mouth continues to help our project grow immensely, and so we are helping make this easier for people.
@ -110,7 +110,7 @@ While we are primarily reachable on our <a href="https://discourse.pi-hole.net/"
## Breakdown of Features ## Breakdown of Features
### The Command Line Interface ### The Command Line Interface
The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with understanding of `bash`. The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
<a href="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif"><img src="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif" alt="Pi-hole Blacklist Demo"/></a> <a href="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif"><img src="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif" alt="Pi-hole Blacklist Demo"/></a>
@ -137,7 +137,7 @@ Some notable features include:
* Detailed graphs and doughnut charts * Detailed graphs and doughnut charts
* Top lists of domains and clients * Top lists of domains and clients
* A filterable and sortable query log * A filterable and sortable query log
* Long Term Statistics to view data over user defined time ranges * Long Term Statistics to view data over user-defined time ranges
* The ability to easily manage and configure Pi-hole features * The ability to easily manage and configure Pi-hole features
* ... and all the main features of the Command Line Interface! * ... and all the main features of the Command Line Interface!
@ -148,7 +148,7 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t
3. `http://pi.hole/` (when using Pi-hole as your DNS server) 3. `http://pi.hole/` (when using Pi-hole as your DNS server)
## Faster-than-light Engine ## Faster-than-light Engine
FTLDNS[™](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*! FTLDNS is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
Some of the statistics you can integrate include: Some of the statistics you can integrate include:
* Total number of domains being blocked * Total number of domains being blocked
@ -165,40 +165,46 @@ The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web
----- -----
## The Origin Of Pi-hole ## The Origin Of Pi-hole
Pi-hole being a **advertising-aware DNS/Web server**, makes use of the following technologies: Pi-hole being an **advertising-aware DNS/Web server**, makes use of the following technologies:
* [`dnsmasq`](http://www.thekelleys.org.uk/dnsmasq/doc.html) - a lightweight DNS and DHCP server * [`dnsmasq`](http://www.thekelleys.org.uk/dnsmasq/doc.html) - a lightweight DNS and DHCP server
* [`curl`](https://curl.haxx.se) - A command line tool for transferring data with URL syntax * [`curl`](https://curl.haxx.se) - A command line tool for transferring data with URL syntax
* [`lighttpd`](https://www.lighttpd.net) - webserver designed and optimized for high performance * [`lighttpd`](https://www.lighttpd.net) - web server designed and optimized for high performance
* [`php`](https://secure.php.net) - a popular general-purpose web scripting language * [`php`](https://secure.php.net) - a popular general-purpose web scripting language
* [AdminLTE Dashboard](https://github.com/almasaeed2010/AdminLTE) - premium admin control panel based on Bootstrap 3.x * [AdminLTE Dashboard](https://github.com/almasaeed2010/AdminLTE) - premium admin control panel based on Bootstrap 3.x
While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally setup and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state. While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally set up and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state.
----- -----
## Coverage ## Coverage
- [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/) - [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/) (Feburary, 2015)
- [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers) - [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) (March, 2015)
- [Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/) - [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/) (September, 2015)
- [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole) - [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s) (October, 2015)
- [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/) - [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m) (December, 2015)
- [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) - [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s) (December, 2015)
- [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/) - [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d) (December, 2015)
- [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s) - [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/) (December, 2015)
- [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m) - [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585) (December, 2015)
- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s) - [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s) (January, 2016)
- [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d) - [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/) (March, 2016)
- [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/) - [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s) (March, 2016)
- [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585) - [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) (June, 2016)
- [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s) - [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) (December, 2016)
- [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/) - [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole) (July, 2017)
- [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s) - [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole) (August, 2017)
- [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) - [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) (October, 2017)
- [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) - [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) (November, 2017)
- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole) - [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355) (November, 2017)
- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) - [Hobohouse: Block Advertising on your Network with Pi-hole and Raspberry Pi](https://hobo.house/2018/02/27/block-advertising-with-pi-hole-and-raspberry-pi/) (March, 2018)
- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) - [Scott Helme: Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/) (April, 2018)
- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355) - [Scott Helme: Catching and dealing with naughty devices on my home network](https://scotthelme.co.uk/catching-naughty-devices-on-my-home-network/) (April, 2018)
- [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers) (May, 2018)
- [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/) (May, 2018)
- [Raspberry Pi: Block ads at home using Pi-hole and a Raspberry Pi](https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/) (July, 2018)
- [Troy Hunt: Mmm... Pi-hole...](https://www.troyhunt.com/mmm-pi-hole/) (September, 2018)
- [PEBKAK Podcast: Interview With Jacob Salmela](https://www.jerseystudios.net/2018/10/11/150-pi-hole/) (October, 2018)
----- -----

23
advanced/01-pihole.conf
View File

@ -1,13 +1,11 @@
# Pi-hole: A black hole for Internet advertisements # Pi-hole: A black hole for Internet advertisements
# (c) 2015, 2016 by Jacob Salmela # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your Raspberry Pi # Network-wide ad blocking via your own hardware.
# http://pi-hole.net
# dnsmasq config for Pi-hole
# #
# Pi-hole is free software: you can redistribute it and/or modify # Dnsmasq config for Pi-hole's FTLDNS
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 2 of the License, or # This file is copyright under the latest version of the EUPL.
# (at your option) any later version. # Please see LICENSE file for your rights under this license.
############################################################################### ###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # # FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
@ -16,14 +14,17 @@
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: # # IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf # # /etc/pihole/setupVars.conf #
# # # #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE # # ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# OR IN /etc/dnsmasq.conf # # WITHIN /etc/dnsmasq.d/yourname.conf #
############################################################################### ###############################################################################
addn-hosts=/etc/pihole/gravity.list addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list addn-hosts=/etc/pihole/local.list
user=pihole
group=pihole
domain-needed domain-needed
localise-queries localise-queries
@ -39,7 +40,7 @@ interface=@INT@
cache-size=10000 cache-size=10000
log-queries=extra log-queries
log-facility=/var/log/pihole.log log-facility=/var/log/pihole.log
local-ttl=2 local-ttl=2

5
advanced/Scripts/chronometer.sh
View File

@ -8,6 +8,7 @@
# #
# This file is copyright under the latest version of the EUPL. # This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license. # Please see LICENSE file for your rights under this license.
LC_ALL=C
LC_NUMERIC=C LC_NUMERIC=C
# Retrieve stats from FTL engine # Retrieve stats from FTL engine
@ -243,7 +244,7 @@ get_sys_stats() {
disk_total="${disk_raw[1]}" disk_total="${disk_raw[1]}"
disk_perc="${disk_raw[2]}" disk_perc="${disk_raw[2]}"
net_gateway=$(route -n | awk '$4 == "UG" {print $2;exit}') net_gateway=$(ip route | grep default | cut -d ' ' -f 3 | head -n 1)
# Get DHCP stats, if feature is enabled # Get DHCP stats, if feature is enabled
if [[ "$DHCP_ACTIVE" == "true" ]]; then if [[ "$DHCP_ACTIVE" == "true" ]]; then
@ -478,7 +479,7 @@ chronoFunc() {
${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC} ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC}
${COL_DARK_GRAY}$scr_line_str${COL_NC}" ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
else else
echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str|_| |_| |_||_\\___/_\\___|$ftl_ver_str ${COL_DARK_GRAY}$scr_line_str${COL_NC}" echo -e "|¯¯¯(¯)_|¯|_ ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
fi fi
printFunc " Hostname: " "$sys_name" "$host_info" printFunc " Hostname: " "$sys_name" "$host_info"

1
advanced/Scripts/list.sh
View File

@ -13,6 +13,7 @@ basename=pihole
piholeDir=/etc/"${basename}" piholeDir=/etc/"${basename}"
whitelist="${piholeDir}"/whitelist.txt whitelist="${piholeDir}"/whitelist.txt
blacklist="${piholeDir}"/blacklist.txt blacklist="${piholeDir}"/blacklist.txt
readonly regexlist="/etc/pihole/regex.list" readonly regexlist="/etc/pihole/regex.list"
reload=false reload=false
addmode=true addmode=true

24
advanced/Scripts/piholeDebug.sh
View File

@ -119,7 +119,7 @@ PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
#SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS") #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")
# Store Pi-hole's processes in an array for easy use and parsing # Store Pi-hole's processes in an array for easy use and parsing
PIHOLE_PROCESSES=( "dnsmasq" "lighttpd" "pihole-FTL" ) PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" )
# Store the required directories in an array so it can be parsed through # Store the required directories in an array so it can be parsed through
#REQUIRED_DIRECTORIES=("${CORE_GIT_DIRECTORY}" #REQUIRED_DIRECTORIES=("${CORE_GIT_DIRECTORY}"
@ -337,8 +337,6 @@ get_program_version() {
case "${program_name}" in case "${program_name}" in
"lighttpd") program_version="$(${program_name} -v |& head -n1 | cut -d '/' -f2 | cut -d ' ' -f1)" "lighttpd") program_version="$(${program_name} -v |& head -n1 | cut -d '/' -f2 | cut -d ' ' -f1)"
;; ;;
"dnsmasq") program_version="$(${program_name} -v |& head -n1 | awk '{print $3}')"
;;
"php") program_version="$(${program_name} -v |& head -n1 | cut -d '-' -f1 | cut -d ' ' -f2)" "php") program_version="$(${program_name} -v |& head -n1 | cut -d '-' -f1 | cut -d ' ' -f2)"
;; ;;
# If a match is not found, show an error # If a match is not found, show an error
@ -358,7 +356,6 @@ get_program_version() {
# and their versions, using the functions above. # and their versions, using the functions above.
check_critical_program_versions() { check_critical_program_versions() {
# Use the function created earlier and bundle them into one function that checks all the version numbers # Use the function created earlier and bundle them into one function that checks all the version numbers
get_program_version "dnsmasq"
get_program_version "lighttpd" get_program_version "lighttpd"
get_program_version "php" get_program_version "php"
} }
@ -640,11 +637,12 @@ ping_internet() {
compare_port_to_service_assigned() { compare_port_to_service_assigned() {
local service_name="${1}" local service_name="${1}"
# The programs we use may change at some point, so they are in a varible here # The programs we use may change at some point, so they are in a varible here
local resolver="dnsmasq" local resolver="pihole-FTL"
local web_server="lighttpd" local web_server="lighttpd"
local ftl="pihole-FTL" local ftl="pihole-FTL"
# If the service is a Pi-hole service, highlight it in green
if [[ "${service_name}" == "${resolver}" ]] || [[ "${service_name}" == "${web_server}" ]] || [[ "${service_name}" == "${ftl}" ]]; then if [[ "${service_name}" == "${resolver}" ]] || [[ "${service_name}" == "${web_server}" ]] || [[ "${service_name}" == "${ftl}" ]]; then
# if port 53 is dnsmasq, show it in green as it's standard
log_write "[${COL_GREEN}${port_number}${COL_NC}] is in use by ${COL_GREEN}${service_name}${COL_NC}" log_write "[${COL_GREEN}${port_number}${COL_NC}] is in use by ${COL_GREEN}${service_name}${COL_NC}"
# Otherwise, # Otherwise,
else else
@ -657,7 +655,7 @@ check_required_ports() {
echo_current_diagnostic "Ports in use" echo_current_diagnostic "Ports in use"
# Since Pi-hole needs 53, 80, and 4711, check what they are being used by # Since Pi-hole needs 53, 80, and 4711, check what they are being used by
# so we can detect any issues # so we can detect any issues
local resolver="dnsmasq" local resolver="pihole-FTL"
local web_server="lighttpd" local web_server="lighttpd"
local ftl="pihole-FTL" local ftl="pihole-FTL"
# Create an array for these ports in use # Create an array for these ports in use
@ -682,7 +680,7 @@ check_required_ports() {
continue continue
fi fi
# Use a case statement to determine if the right services are using the right ports # Use a case statement to determine if the right services are using the right ports
case "${port_number}" in case "$(echo "$port_number" | rev | cut -d: -f1 | rev)" in
53) compare_port_to_service_assigned "${resolver}" 53) compare_port_to_service_assigned "${resolver}"
;; ;;
80) compare_port_to_service_assigned "${web_server}" 80) compare_port_to_service_assigned "${web_server}"
@ -836,9 +834,13 @@ process_status(){
local status_of_process local status_of_process
status_of_process=$(systemctl is-active "${i}") status_of_process=$(systemctl is-active "${i}")
else else
# Otherwise, use the service command # Otherwise, use the service command and mock the output of `systemctl is-active`
local status_of_process local status_of_process
status_of_process=$(service "${i}" status | awk '/Active:/ {print $2}') &> /dev/null if service "${i}" status | grep -E 'is\srunning' &> /dev/null; then
status_of_process="active"
else
status_of_process="inactive"
fi
fi fi
# and print it out to the user # and print it out to the user
if [[ "${status_of_process}" == "active" ]]; then if [[ "${status_of_process}" == "active" ]]; then
@ -907,7 +909,7 @@ parse_file() {
#shellcheck disable=SC2016 #shellcheck disable=SC2016
IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )' IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )'
else else
read -a file_info <<< $filename read -r -a file_info <<< "$filename"
fi fi
# Set a named variable for better readability # Set a named variable for better readability
local file_lines local file_lines

2
advanced/Scripts/piholeLogFlush.sh
View File

@ -58,6 +58,8 @@ else
# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1") deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1")
# Restart pihole-FTL to force reloading history
sudo pihole restartdns
fi fi
if [[ "$@" != *"quiet"* ]]; then if [[ "$@" != *"quiet"* ]]; then

47
advanced/Scripts/updatecheck.sh
View File

@ -37,30 +37,55 @@ function get_local_version() {
git describe --long --dirty --tags || return 1 git describe --long --dirty --tags || return 1
} }
# Source the setupvars config file
# shellcheck disable=SC1091
. /etc/pihole/setupVars.conf
if [[ "$2" == "remote" ]]; then if [[ "$2" == "remote" ]]; then
if [[ "$3" == "reboot" ]]; then if [[ "$3" == "reboot" ]]; then
sleep 30 sleep 30
fi fi
GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")" GITHUB_VERSION_FILE="/etc/pihole/GitHubVersions"
GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
echo -n "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions" GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
echo -n " ${GITHUB_WEB_VERSION}" >> "${GITHUB_VERSION_FILE}"
fi
GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
echo -n " ${GITHUB_FTL_VERSION}" >> "${GITHUB_VERSION_FILE}"
else else
CORE_BRANCH="$(get_local_branch /etc/.pihole)" LOCAL_BRANCH_FILE="/etc/pihole/localbranches"
WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
FTL_BRANCH="$(pihole-FTL branch)"
echo -n "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches" CORE_BRANCH="$(get_local_branch /etc/.pihole)"
echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
echo -n " ${WEB_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
fi
FTL_BRANCH="$(pihole-FTL branch)"
echo -n " ${FTL_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
LOCAL_VERSION_FILE="/etc/pihole/localversions"
CORE_VERSION="$(get_local_version /etc/.pihole)" CORE_VERSION="$(get_local_version /etc/.pihole)"
WEB_VERSION="$(get_local_version /var/www/html/admin)" echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
FTL_VERSION="$(pihole-FTL version)"
echo -n "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions" if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
WEB_VERSION="$(get_local_version /var/www/html/admin)"
echo -n " ${WEB_VERSION}" >> "${LOCAL_VERSION_FILE}"
fi
FTL_VERSION="$(pihole-FTL version)"
echo -n " ${FTL_VERSION}" >> "${LOCAL_VERSION_FILE}"
fi fi

28
advanced/Scripts/webpage.sh
View File

@ -110,7 +110,7 @@ SetWebPassword() {
# Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed. # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed.
# So we reset the terminal via stty if the user does press Ctrl+C # So we reset the terminal via stty if the user does press Ctrl+C
trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT
read -s -p "Enter New Password (Blank for no password): " PASSWORD read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
echo "" echo ""
if [ "${PASSWORD}" == "" ]; then if [ "${PASSWORD}" == "" ]; then
@ -119,12 +119,13 @@ SetWebPassword() {
exit 0 exit 0
fi fi
read -s -p "Confirm Password: " CONFIRM read -s -r -p "Confirm Password: " CONFIRM
echo "" echo ""
fi fi
if [ "${PASSWORD}" == "${CONFIRM}" ] ; then if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
hash=$(HashPassword "${PASSWORD}") # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax
hash=$(HashPassword "$PASSWORD")
# Save hash to file # Save hash to file
change_setting "WEBPASSWORD" "${hash}" change_setting "WEBPASSWORD" "${hash}"
echo -e " ${TICK} New password set" echo -e " ${TICK} New password set"
@ -525,14 +526,24 @@ Teleporter() {
php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.zip" php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.zip"
} }
audit() addAudit()
{ {
echo "${args[2]}" >> /etc/pihole/auditlog.list shift # skip "-a"
shift # skip "audit"
for var in "$@"
do
echo "${var}" >> /etc/pihole/auditlog.list
done
}
clearAudit()
{
echo -n "" > /etc/pihole/auditlog.list
} }
SetPrivacyLevel() { SetPrivacyLevel() {
# Set privacy level. Minimum is 0, maximum is 3 # Set privacy level. Minimum is 0, maximum is 4
if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 4 ]; then
changeFTLsetting "PRIVACYLEVEL" "${args[2]}" changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
fi fi
} }
@ -565,7 +576,8 @@ main() {
"-i" | "interface" ) SetListeningMode "$@";; "-i" | "interface" ) SetListeningMode "$@";;
"-t" | "teleporter" ) Teleporter;; "-t" | "teleporter" ) Teleporter;;
"adlist" ) CustomizeAdLists;; "adlist" ) CustomizeAdLists;;
"audit" ) audit;; "audit" ) addAudit "$@";;
"clearaudit" ) clearAudit;;
"-l" | "privacylevel" ) SetPrivacyLevel;; "-l" | "privacylevel" ) SetPrivacyLevel;;
* ) helpFunc;; * ) helpFunc;;
esac esac

84
advanced/Templates/pihole-FTL.conf
View File

@ -1,84 +0,0 @@
### This file contains parameters for FTL behavior.
### At install, all parameters are commented out. The user can select desired options.
### Options shown are the default configuration. No modification is needed for most
### installations.
### Visit https://docs.pi-hole.net/ftldns/configfile/ for more detailed parameter explanations
## Socket Listening
## Listen only for local socket connections or permit all connections
## Options: localonly, all
#SOCKET_LISTENING=localonly
## Query Display
## Display all queries? Set to no to hide query display
## Options: yes, no
#QUERY_DISPLAY=yes
## AAA Query Analysis
## Allow FTL to analyze AAAA queries from pihole.log?
## Options: yes, no
#AAAA_QUERY_ANALYSIS=yes
## Resolve IPv6
## Should FTL try to resolve IPv6 addresses to host names?
## Options: yes, no
#RESOLVE_IPV6=yes
## Resolve IPv4
## Should FTL try to resolve IPv4 addresses to host names?
## Options: yes, no
#RESOLVE_IPV4=yes
## Max Database Days
## How long should queries be stored in the database (days)?
## Setting this to 0 disables the database
## See: https://docs.pi-hole.net/ftldns/database/
## Options: number of days
#MAXDBDAYS=365
## Database Interval
## How often do we store queries in FTL's database (minutes)?
## See: https://docs.pi-hole.net/ftldns/database/
## Options: number of minutes
#DBINTERVAL=1.0
## Database File
## Specify path and filename of FTL's SQLite3 long-term database.
## Setting this to DBFILE= disables the database altogether
## See: https://docs.pi-hole.net/ftldns/database/
## Option: path to db file
#DBFILE=/etc/pihole/pihole-FTL.db
## Max Log Age
## Up to how many hours of queries should be imported from the database and logs (hours)?
## Maximum is 744 (31 days)
## Options: number of days
#MAXLOGAGE=24.0
## FTL Port
## On which port should FTL be listening?
## Options: tcp port
#FTLPORT=4711
## Privacy Level
## Which privacy level is used?
## See: https://docs.pi-hole.net/ftldns/privacylevels/
## Options: 0, 1, 2, 3
#PRIVACYLEVEL=0
## Ignore Localhost
## Should FTL ignore queries coming from the local machine?
## Options: yes, no
#IGNORE_LOCALHOST=no
## Blocking Mode
## How should FTL reply to blocked queries?
## See: https://docs.pi-hole.net/ftldns/blockingmode/
## Options: NULL, IP-AAAA-NODATA, IP, NXDOMAIN
#BLOCKINGMODE=NULL
## Regex Debug Mode
## Controls if FTLDNS should print extended details about regex matching into pihole-FTL.log.
## See: https://docs.pi-hole.net/ftldns/regex/overview/
## Options: true, false
#REGEX_DEBUGMODE=false

21
advanced/Templates/pihole-FTL.service
View File

@ -26,17 +26,26 @@ start() {
if is_running; then if is_running; then
echo "pihole-FTL is already running" echo "pihole-FTL is already running"
else else
touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log # Touch files to ensure they exist (create if non-existing, preserve if existing)
touch /var/log/pihole-FTL.log /var/log/pihole.log
touch /run/pihole-FTL.pid /run/pihole-FTL.port
touch /etc/pihole/dhcp.leases
mkdir -p /var/run/pihole mkdir -p /var/run/pihole
mkdir -p /var/log/pihole mkdir -p /var/log/pihole
chown pihole:pihole /var/run/pihole /var/log/pihole chown pihole:pihole /var/run/pihole /var/log/pihole
rm /var/run/pihole/FTL.sock 2> /dev/null rm /var/run/pihole/FTL.sock 2> /dev/null
chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port # Ensure that permissions are set so that pihole-FTL can edit all necessary files
chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port
chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null
chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log
chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"
echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL
su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER" if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"; then
su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
else
echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
pihole-FTL
fi
echo echo
fi fi
} }
@ -78,7 +87,7 @@ status() {
echo "[ ] pihole-FTL is not running" echo "[ ] pihole-FTL is not running"
exit 1 exit 1
fi fi
} }
### main logic ### ### main logic ###

4
advanced/Templates/pihole.cron
View File

@ -16,7 +16,9 @@
# Pi-hole: Update the ad sources once a week on Sunday at a random time in the # Pi-hole: Update the ad sources once a week on Sunday at a random time in the
# early morning. Download any updates from the adlists # early morning. Download any updates from the adlists
59 1 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updateGravity # Squash output to log, then splat the log to stdout on error to allow for
# standard crontab job error handling.
59 1 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
# Pi-hole: Flush the log daily at 00:00 # Pi-hole: Flush the log daily at 00:00
# The flush script will use logrotate if available # The flush script will use logrotate if available

2
advanced/index.php
View File

@ -8,6 +8,8 @@
// Sanitise HTTP_HOST output // Sanitise HTTP_HOST output
$serverName = htmlspecialchars($_SERVER["HTTP_HOST"]); $serverName = htmlspecialchars($_SERVER["HTTP_HOST"]);
// Remove external ipv6 brackets if any
$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
if (!is_file("/etc/pihole/setupVars.conf")) if (!is_file("/etc/pihole/setupVars.conf"))
die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>"); die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");

1
advanced/lighttpd.conf.debian
View File

@ -72,4 +72,5 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
} }
# Add user chosen options held in external file # Add user chosen options held in external file
# This uses include_shell instead of an include wildcard for compatibility
include_shell "cat external.conf 2>/dev/null" include_shell "cat external.conf 2>/dev/null"

1
advanced/lighttpd.conf.fedora
View File

@ -90,4 +90,5 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
} }
# Add user chosen options held in external file # Add user chosen options held in external file
# This uses include_shell instead of an include wildcard for compatibility
include_shell "cat external.conf 2>/dev/null" include_shell "cat external.conf 2>/dev/null"

870
automated install/basic-install.sh
View File

File diff suppressed because it is too large Load Diff

2
automated install/uninstall.sh
View File

@ -106,7 +106,7 @@ removeNoPurge() {
${SUDO} rm -rf /var/www/html/pihole &> /dev/null ${SUDO} rm -rf /var/www/html/pihole &> /dev/null
${SUDO} rm -f /var/www/html/index.lighttpd.orig &> /dev/null ${SUDO} rm -f /var/www/html/index.lighttpd.orig &> /dev/null
# If the web directory is empty after removing these files, then the parent html folder can be removed. # If the web directory is empty after removing these files, then the parent html directory can be removed.
if [ -d "/var/www/html" ]; then if [ -d "/var/www/html" ]; then
if [[ ! "$(ls -A /var/www/html)" ]]; then if [[ ! "$(ls -A /var/www/html)" ]]; then
${SUDO} rm -rf /var/www/html &> /dev/null ${SUDO} rm -rf /var/www/html &> /dev/null

65
gravity.sh
View File

@ -68,11 +68,35 @@ else
exit 1 exit 1
fi fi
# Source pihole-FTL from install script
pihole_FTL="${piholeDir}/pihole-FTL.conf"
if [[ -f "${pihole_FTL}" ]]; then
source "${pihole_FTL}"
fi
if [[ -z "${BLOCKINGMODE}" ]] ; then
BLOCKINGMODE="NULL"
fi
# Determine if superseded pihole.conf exists # Determine if superseded pihole.conf exists
if [[ -r "${piholeDir}/pihole.conf" ]]; then if [[ -r "${piholeDir}/pihole.conf" ]]; then
echo -e " ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}" echo -e " ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}"
fi fi
# Determine if Pi-hole blocking is disabled
# If this is the case, we want to update
# gravity.list.bck and black.list.bck instead of
# gravity.list and black.list
detect_pihole_blocking_status() {
if [[ "${BLOCKING_ENABLED}" == false ]]; then
echo -e " ${INFO} Pi-hole blocking is disabled"
adList="${adList}.bck"
blackList="${blackList}.bck"
else
echo -e " ${INFO} Pi-hole blocking is enabled"
fi
}
# Determine if DNS resolution is available before proceeding # Determine if DNS resolution is available before proceeding
gravity_CheckDNSResolutionAvailable() { gravity_CheckDNSResolutionAvailable() {
local lookupDomain="pi.hole" local lookupDomain="pi.hole"
@ -182,7 +206,7 @@ gravity_SetDownloadOptions() {
activeDomains[$i]="${saveLocation}" activeDomains[$i]="${saveLocation}"
# Default user-agent (for Cloudflare's Browser Integrity Check: https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-) # Default user-agent (for Cloudflare's Browser Integrity Check: https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-)
agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
# Provide special commands for blocklists which may need them # Provide special commands for blocklists which may need them
case "${domain}" in case "${domain}" in
@ -216,6 +240,39 @@ gravity_DownloadBlocklistFromUrl() {
str="Status:" str="Status:"
echo -ne " ${INFO} ${str} Pending..." echo -ne " ${INFO} ${str} Pending..."
blocked=false
case $BLOCKINGMODE in
"IP-NODATA-AAAA"|"IP")
if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then
blocked=true
fi;;
"NXDOMAIN")
if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
blocked=true
fi;;
"NULL"|*)
if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
blocked=true
fi;;
esac
if [[ "${blocked}" == true ]]; then
printf -v ip_addr "%s" "${PIHOLE_DNS_1%#*}"
if [[ ${PIHOLE_DNS_1} != *"#"* ]]; then
port=53
else
printf -v port "%s" "${PIHOLE_DNS_1#*#}"
fi
ip=$(dig "@${ip_addr}" -p "${port}" +short "${domain}")
if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then
port=443;
else port=80
fi
bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}')
echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:}. Using DNS on ${PIHOLE_DNS_1} to download ${url}";
echo -ne " ${INFO} ${str} Pending..."
cmd_ext="--resolve $domain:$port:$ip $cmd_ext"
fi
# shellcheck disable=SC2086 # shellcheck disable=SC2086
httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null) httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null)
@ -464,7 +521,7 @@ gravity_ShowBlockCount() {
fi fi
if [[ -f "${regexFile}" ]]; then if [[ -f "${regexFile}" ]]; then
num=$(grep -c "^(?!#)" "${regexFile}") num=$(grep -cv "^#" "${regexFile}")
echo -e " ${INFO} Number of regex filters: ${num}" echo -e " ${INFO} Number of regex filters: ${num}"
fi fi
} }
@ -522,7 +579,7 @@ gravity_ParseBlacklistDomains() {
mv "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" mv "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}"
else else
# There was no whitelist file, so use preEventHorizon instead of whitelistMatter. # There was no whitelist file, so use preEventHorizon instead of whitelistMatter.
mv "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}" cp "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
fi fi
# Move the file over as /etc/pihole/gravity.list so dnsmasq can use it # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it
@ -621,6 +678,8 @@ if [[ "${forceDelete:-}" == true ]]; then
echo -e "${OVER} ${TICK} ${str}" echo -e "${OVER} ${TICK} ${str}"
fi fi
detect_pihole_blocking_status
# Determine which functions to run # Determine which functions to run
if [[ "${skipDownload}" == false ]]; then if [[ "${skipDownload}" == false ]]; then
# Gravity needs to download blocklists # Gravity needs to download blocklists

57
pihole
View File

@ -10,7 +10,14 @@
# Please see LICENSE file for your rights under this license. # Please see LICENSE file for your rights under this license.
readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf" readonly gravitylist="/etc/pihole/gravity.list"
readonly blacklist="/etc/pihole/black.list"
# setupVars is not readonly here because in some funcitons (checkout),
# it might get set again when the installer is sourced. This causes an
# error due to modifying a readonly variable.
setupVars="/etc/pihole/setupVars.conf"
readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
source "${colfile}" source "${colfile}"
@ -73,7 +80,7 @@ reconfigurePiholeFunc() {
updateGravityFunc() { updateGravityFunc() {
"${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@" "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
exit 0 exit $?
} }
queryFunc() { queryFunc() {
@ -127,9 +134,11 @@ restartDNS() {
if [[ "${status}" -eq 0 ]]; then if [[ "${status}" -eq 0 ]]; then
[[ -t 1 ]] && echo -e "${OVER} ${TICK} ${str}" [[ -t 1 ]] && echo -e "${OVER} ${TICK} ${str}"
return 0
else else
[[ ! -t 1 ]] && local OVER="" [[ ! -t 1 ]] && local OVER=""
echo -e "${OVER} ${CROSS} ${output}" echo -e "${OVER} ${CROSS} ${output}"
return 1
fi fi
} }
@ -146,10 +155,13 @@ Time:
elif [[ "${1}" == "0" ]]; then elif [[ "${1}" == "0" ]]; then
# Disable Pi-hole # Disable Pi-hole
sed -i 's/^addn-hosts=\/etc\/pihole\/gravity.list/#addn-hosts=\/etc\/pihole\/gravity.list/' /etc/dnsmasq.d/01-pihole.conf if [[ -e "${gravitylist}" ]]; then
sed -i 's/^addn-hosts=\/etc\/pihole\/black.list/#addn-hosts=\/etc\/pihole\/black.list/' /etc/dnsmasq.d/01-pihole.conf mv "${gravitylist}" "${gravitylist}.bck"
if [[ -e "$wildcardlist" ]]; then echo "" > "${gravitylist}"
mv "$wildcardlist" "/etc/pihole/wildcard.list" fi
if [[ -e "${blacklist}" ]]; then
mv "${blacklist}" "${blacklist}.bck"
echo "" > "${blacklist}"
fi fi
if [[ $# > 1 ]]; then if [[ $# > 1 ]]; then
local error=false local error=false
@ -187,19 +199,25 @@ Time:
fi fi
local str="Pi-hole Disabled" local str="Pi-hole Disabled"
sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
echo "BLOCKING_ENABLED=false" >> "${setupVars}"
fi fi
else else
# Enable Pi-hole # Enable Pi-hole
echo -e " ${INFO} Enabling blocking" echo -e " ${INFO} Enabling blocking"
local str="Pi-hole Enabled" local str="Pi-hole Enabled"
sed -i 's/^#addn-hosts/addn-hosts/' /etc/dnsmasq.d/01-pihole.conf if [[ -e "${gravitylist}.bck" ]]; then
if [[ -e "/etc/pihole/wildcard.list" ]]; then mv "${gravitylist}.bck" "${gravitylist}"
mv "/etc/pihole/wildcard.list" "$wildcardlist"
fi fi
if [[ -e "${blacklist}.bck" ]]; then
mv "${blacklist}.bck" "${blacklist}"
fi
sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
echo "BLOCKING_ENABLED=true" >> "${setupVars}"
fi fi
restartDNS restartDNS reload
echo -e "${OVER} ${TICK} ${str}" echo -e "${OVER} ${TICK} ${str}"
} }
@ -242,8 +260,6 @@ Options:
} }
statusFunc() { statusFunc() {
local addnConfigs
# Determine if service is running on port 53 (Cr: https://superuser.com/a/806331) # Determine if service is running on port 53 (Cr: https://superuser.com/a/806331)
if (echo > /dev/tcp/127.0.0.1/53) >/dev/null 2>&1; then if (echo > /dev/tcp/127.0.0.1/53) >/dev/null 2>&1; then
if [[ "${1}" != "web" ]]; then if [[ "${1}" != "web" ]]; then
@ -257,16 +273,14 @@ statusFunc() {
return 0 return 0
fi fi
# Determine if Pi-hole's addn-hosts configs are commented out # Determine if Pi-hole's blocking is enabled
addnConfigs=$(grep -i "addn-hosts=/" /etc/dnsmasq.d/01-pihole.conf) if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then
if [[ "${addnConfigs}" =~ "#" ]]; then
# A config is commented out # A config is commented out
case "${1}" in case "${1}" in
"web") echo 0;; "web") echo 0;;
*) echo -e " ${CROSS} Pi-hole blocking is Disabled";; *) echo -e " ${CROSS} Pi-hole blocking is Disabled";;
esac esac
elif [[ -n "${addnConfigs}" ]]; then elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf; then
# Configs are set # Configs are set
case "${1}" in case "${1}" in
"web") echo 1;; "web") echo 1;;
@ -276,11 +290,10 @@ statusFunc() {
# No configs were found # No configs were found
case "${1}" in case "${1}" in
"web") echo 99;; "web") echo 99;;
*) echo -e " ${INFO} No hosts file linked to dnsmasq, adding it in enabled state";; *) echo -e " ${INFO} Pi-hole blocking will be enabled";;
esac esac
# Add addn-host= to dnsmasq # Enable blocking
echo "addn-hosts=/etc/pihole/gravity.list" >> /etc/dnsmasq.d/01-pihole.conf pihole enable
restartDNS
fi fi
} }
@ -303,7 +316,7 @@ tailFunc() {
# Colour everything else as gray # Colour everything else as gray
tail -f /var/log/pihole.log | sed -E \ tail -f /var/log/pihole.log | sed -E \
-e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \ -e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \
-e "s,(.*(gravity.list|black.list| config ).* is (${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \ -e "s,(.*(gravity.list|black.list|regex.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
-e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \ -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
-e "s,.*,${COL_GRAY}&${COL_NC}," -e "s,.*,${COL_GRAY}&${COL_NC},"
exit 0 exit 0

7
test/test_automated_install.py
View File

@ -81,6 +81,7 @@ def test_setupVars_saved_to_file(Pihole):
{} {}
mkdir -p /etc/dnsmasq.d mkdir -p /etc/dnsmasq.d
version_check_dnsmasq version_check_dnsmasq
echo "" > /etc/pihole/pihole-FTL.conf
finalExports finalExports
cat /etc/pihole/setupVars.conf cat /etc/pihole/setupVars.conf
'''.format(set_setup_vars)) '''.format(set_setup_vars))
@ -501,8 +502,10 @@ def test_FTL_download_unknown_fails_no_errors(Pihole):
''') ''')
expected_stdout = cross_box + ' Downloading and Installing FTL' expected_stdout = cross_box + ' Downloading and Installing FTL'
assert expected_stdout in download_binary.stdout assert expected_stdout in download_binary.stdout
error = 'Error: URL not found' error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/'
assert error in download_binary.stdout assert error1 in download_binary.stdout
error2 = 'not found'
assert error2 in download_binary.stdout
def test_FTL_binary_installed_and_responsive_no_errors(Pihole): def test_FTL_binary_installed_and_responsive_no_errors(Pihole):

13
test/test_centos_fedora_support.py
View File

@ -31,20 +31,13 @@ def test_release_supported_version_check_centos(Pihole):
''' '''
confirms installer exits on unsupported releases of CentOS confirms installer exits on unsupported releases of CentOS
''' '''
# mock CentOS release < 7 (unsupported) # modify /etc/redhat-release to mock an unsupported CentOS release
mock_command_2( Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
'rpm',
{"-q --queryformat '%{VERSION}' centos-release'": (
'5',
'0'
)},
Pihole
)
distro_check = Pihole.run(''' distro_check = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
distro_check distro_check
''') ''')
expected_stdout = cross_box + (' CentOS is not suported.') expected_stdout = cross_box + (' CentOS 6 is not supported.')
assert expected_stdout in distro_check.stdout assert expected_stdout in distro_check.stdout
expected_stdout = 'Please update to CentOS release 7 or later' expected_stdout = 'Please update to CentOS release 7 or later'
assert expected_stdout in distro_check.stdout assert expected_stdout in distro_check.stdout