diff options
author | Dan Schaper <dschaper@users.noreply.github.com> | 2016-07-15 22:05:20 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-07-15 22:05:20 +0300 |
commit | a27f1f17de78985843be55537cd95b81217962bb (patch) | |
tree | 30c00662b744be8a1eaa6f478c1f7951acfe0b17 | |
parent | 412c0a172d08476a79bbb7ff399010121c52cd33 (diff) | |
parent | e106ff0fef36682da16c26fe3b43559d2f24e25f (diff) |
Merge pull request #563 from pi-hole/development2.8
Push to release 2.8 - Gold
-rw-r--r-- | adlists.default | 6 | ||||
-rwxr-xr-x | advanced/Scripts/blacklist.sh | 2 | ||||
-rwxr-xr-x | advanced/Scripts/piholeDebug.sh | 23 | ||||
-rwxr-xr-x | advanced/Scripts/setupLCD.sh | 2 | ||||
-rwxr-xr-x | advanced/Scripts/whitelist.sh | 2 | ||||
-rw-r--r-- | advanced/lighttpd.conf.debian (renamed from advanced/lighttpd.conf) | 2 | ||||
-rw-r--r-- | advanced/lighttpd.conf.fedora | 77 | ||||
-rw-r--r-- | advanced/selinux/pihole.te | 87 | ||||
-rwxr-xr-x | automated install/basic-install.sh | 269 | ||||
-rwxr-xr-x | automated install/uninstall.sh | 55 | ||||
-rwxr-xr-x | gravity.sh | 6 | ||||
-rwxr-xr-x | pihole | 2 |
12 files changed, 457 insertions, 76 deletions
diff --git a/adlists.default b/adlists.default index 2bb9d9f2..2c171e87 100644 --- a/adlists.default +++ b/adlists.default @@ -43,11 +43,15 @@ https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt # Block the BBC News website Breaking News banner #https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts +# List of known C&C malware servers (see https://github.com/pi-hole/pi-hole/issues/528) +https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt # Untested Lists: #https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt -#http://spam404bl.com/spam404scamlist.txt +#https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt #http://malwaredomains.lehigh.edu/files/domains.txt # Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/) #https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt #https://raw.github.com/notracking/hosts-blocklists/master/domains.txt +# Combination of serveral host files on the internet (warning some facebook domains are also blocked but you can go to facebook.com). See https://github.com/mat1th/Dns-add-block for more information. +#https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts diff --git a/advanced/Scripts/blacklist.sh b/advanced/Scripts/blacklist.sh index 7e99f830..d83ca867 100755 --- a/advanced/Scripts/blacklist.sh +++ b/advanced/Scripts/blacklist.sh @@ -17,7 +17,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 263fe9cd..87a87f88 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -36,7 +36,7 @@ if [[ $EUID -eq 0 ]]; then else echo "::: Sudo will be used for debugging." # Check if sudo is actually installed - if [[ $(dpkg-query -s sudo) ]]; then + if [ -x "$(command -v sudo)" ]; then export SUDO="sudo" else echo "::: Please install sudo or run this as root." @@ -67,6 +67,14 @@ function versionCheck { echo >> $DEBUG_LOG } +function distroCheck { + echo "#######################################" >> $DEBUG_LOG + echo "######## Distribution Section #########" >> $DEBUG_LOG + echo "#######################################" >> $DEBUG_LOG + + TMP=$(cat /etc/*release/ || echo "Failed to find release") + echo "Distribution Version: $TMP" >> $DEBUG_LOG + function compareWhitelist { if [ ! -f "$WHITELISTMATCHES" ]; then $SUDO touch $WHITELISTMATCHES @@ -195,6 +203,7 @@ echo "$GATEWAY_CHECK" >> $DEBUG_LOG echo >> $DEBUG_LOG versionCheck +distroCheck compareWhitelist compareBlacklist testNslookup @@ -330,8 +339,16 @@ function dumpPiHoleLog { # Anything to be done after capturing of pihole.log terminates function finalWork { - echo "::: Finshed debugging!" - echo "::: Debug log can be found at : /var/log/pihole_debug.log" + echo "::: Finshed debugging!" + TERMBIN=$(cat /var/log/pihole_debug.log | nc termbin.com 9999) + + # Check if termbin.com is reachable. When it's not, point to local log instead + if [ -n "$TERMBIN" ] + then + echo "::: Debug log can be found at : $TERMBIN" + else + echo "::: Debug log can be found at : /var/log/pihole_debug.log" + fi } trap finalWork EXIT diff --git a/advanced/Scripts/setupLCD.sh b/advanced/Scripts/setupLCD.sh index df2be704..03be4e0a 100755 --- a/advanced/Scripts/setupLCD.sh +++ b/advanced/Scripts/setupLCD.sh @@ -19,7 +19,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/advanced/Scripts/whitelist.sh b/advanced/Scripts/whitelist.sh index 37b4ade4..266ac49e 100755 --- a/advanced/Scripts/whitelist.sh +++ b/advanced/Scripts/whitelist.sh @@ -17,7 +17,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/advanced/lighttpd.conf b/advanced/lighttpd.conf.debian index f899350a..8b62f448 100644 --- a/advanced/lighttpd.conf +++ b/advanced/lighttpd.conf.debian @@ -14,7 +14,7 @@ server.modules = ( "mod_accesslog", "mod_expire", "mod_compress", - "mod_redirect", + "mod_redirect", "mod_setenv", "mod_rewrite" ) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora new file mode 100644 index 00000000..30784b1a --- /dev/null +++ b/advanced/lighttpd.conf.fedora @@ -0,0 +1,77 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2015, 2016 by Jacob Salmela +# Network-wide ad blocking via your Raspberry Pi +# http://pi-hole.net +# lighttpd config for Pi-hole +# +# Pi-hole is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. + +server.modules = ( + "mod_access", + "mod_fastcgi", + "mod_accesslog", + "mod_expire", + "mod_compress", + "mod_redirect", + "mod_setenv", + "mod_rewrite" +) + +server.document-root = "/var/www/html" +server.error-handler-404 = "pihole/index.html" +server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/var/run/lighttpd.pid" +server.username = "lighttpd" +server.groupname = "lighttpd" +server.port = 80 +accesslog.filename = "/var/log/lighttpd/access.log" +accesslog.format = "%{%s}t|%V|%r|%s|%b" + + +index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) +url.access-deny = ( "~", ".inc" ) +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +compress.cache-dir = "/var/cache/lighttpd/compress/" +compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) + +mimetype.assign = ( ".png" => "image/png", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".html" => "text/html", + ".css" => "text/css; charset=utf-8", + ".js" => "application/javascript", + ".json" => "application/json", + ".txt" => "text/plain" ) + +# default listening port for IPv6 falls back to the IPv4 port +#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port +#include_shell "/usr/share/lighttpd/create-mime.assign.pl" +#include_shell "/usr/share/lighttpd/include-conf-enabled.pl" + +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# If the URL starts with /admin, it is the Web interface +$HTTP["url"] =~ "^/admin/" { + # Create a response header for debugging using curl -I + setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" ) +} + +# If the URL does not start with /admin, then it is a query for an ad domain +$HTTP["url"] =~ "^(?!/admin)/.*" { + # Create a response header for debugging using curl -I + setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." ) + # rewrite only js requests + url.rewrite = ("(.*).js" => "pihole/index.js") +} diff --git a/advanced/selinux/pihole.te b/advanced/selinux/pihole.te new file mode 100644 index 00000000..595755dd --- /dev/null +++ b/advanced/selinux/pihole.te @@ -0,0 +1,87 @@ +module pihole 1.0; + +require { + type var_log_t; + type unconfined_t; + type init_t; + type auditd_t; + type syslogd_t; + type NetworkManager_t; + type mdadm_t; + type tuned_t; + type avahi_t; + type irqbalance_t; + type system_dbusd_t; + type kernel_t; + type httpd_sys_script_t; + type systemd_logind_t; + type httpd_t; + type policykit_t; + type dnsmasq_t; + type udev_t; + type postfix_pickup_t; + type sshd_t; + type crond_t; + type getty_t; + type lvm_t; + type postfix_qmgr_t; + type postfix_master_t; + class dir { getattr search }; + class file { read open setattr }; +} + +#============= dnsmasq_t ============== +allow dnsmasq_t var_log_t:file { open setattr }; + +#============= httpd_t ============== +allow httpd_t var_log_t:file { read open }; + +#============= httpd_sys_script_t (class: dir) ============== +allow httpd_sys_script_t NetworkManager_t:dir { getattr search }; +allow httpd_sys_script_t auditd_t:dir { getattr search }; +allow httpd_sys_script_t avahi_t:dir { getattr search }; +allow httpd_sys_script_t crond_t:dir { getattr search }; +allow httpd_sys_script_t dnsmasq_t:dir { getattr search }; +allow httpd_sys_script_t getty_t:dir { getattr search }; +allow httpd_sys_script_t httpd_t:dir { getattr search }; +allow httpd_sys_script_t init_t:dir { getattr search }; +allow httpd_sys_script_t irqbalance_t:dir { getattr search }; +allow httpd_sys_script_t kernel_t:dir { getattr search }; +allow httpd_sys_script_t lvm_t:dir { getattr search }; +allow httpd_sys_script_t mdadm_t:dir { getattr search }; +allow httpd_sys_script_t policykit_t:dir { getattr search }; +allow httpd_sys_script_t postfix_master_t:dir { getattr search }; +allow httpd_sys_script_t postfix_pickup_t:dir { getattr search }; +allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search }; +allow httpd_sys_script_t sshd_t:dir { getattr search }; +allow httpd_sys_script_t syslogd_t:dir { getattr search }; +allow httpd_sys_script_t system_dbusd_t:dir { getattr search }; +allow httpd_sys_script_t systemd_logind_t:dir { getattr search }; +allow httpd_sys_script_t tuned_t:dir { getattr search }; +allow httpd_sys_script_t udev_t:dir { getattr search }; +allow httpd_sys_script_t unconfined_t:dir { getattr search }; + +#============= httpd_sys_script_t (class: file) ============== +allow httpd_sys_script_t NetworkManager_t:file { read open }; +allow httpd_sys_script_t auditd_t:file { read open }; +allow httpd_sys_script_t avahi_t:file { read open }; +allow httpd_sys_script_t crond_t:file { read open }; +allow httpd_sys_script_t dnsmasq_t:file { read open }; +allow httpd_sys_script_t getty_t:file { read open }; +allow httpd_sys_script_t httpd_t:file { read open }; +allow httpd_sys_script_t init_t:file { read open }; +allow httpd_sys_script_t irqbalance_t:file { read open }; +allow httpd_sys_script_t kernel_t:file { read open }; +allow httpd_sys_script_t lvm_t:file { read open }; +allow httpd_sys_script_t mdadm_t:file { read open }; +allow httpd_sys_script_t policykit_t:file { read open }; +allow httpd_sys_script_t postfix_master_t:file { read open }; +allow httpd_sys_script_t postfix_pickup_t:file { read open }; +allow httpd_sys_script_t postfix_qmgr_t:file { read open }; +allow httpd_sys_script_t sshd_t:file { read open }; +allow httpd_sys_script_t syslogd_t:file { read open }; +allow httpd_sys_script_t system_dbusd_t:file { read open }; +allow httpd_sys_script_t systemd_logind_t:file { read open }; +allow httpd_sys_script_t tuned_t:file { read open }; +allow httpd_sys_script_t udev_t:file { read open }; +allow httpd_sys_script_t unconfined_t:file { read open }; diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 699f68ee..bd6722ee 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -36,16 +36,6 @@ columns=$(tput cols) r=$(( rows / 2 )) c=$(( columns / 2 )) - -# Find IP used to route to outside world - -IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') -IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}') -IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}') - -availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1) -dhcpcdFile=/etc/dhcpcd.conf - ######## FIRST CHECK ######## # Must be root to install echo ":::" @@ -55,7 +45,7 @@ else echo "::: sudo will be used for the install." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: sudo is needed for the Web interface to run pihole commands. Please run this script as root and it will be automatically installed." @@ -63,6 +53,47 @@ else fi fi +# Compatability +if [ -x "$(command -v rpm)" ];then + # Fedora Family + if [ -x "$(command -v dnf)" ];then + PKG_MANAGER="dnf" + else + PKG_MANAGER="yum" + fi + PKG_CACHE="/var/cache/$PKG_MANAGER" + UPDATE_PKG_CACHE="$PKG_MANAGER check-update -q" + PKG_UPDATE="$PKG_MANAGER update -y" + PKG_INSTALL="$PKG_MANAGER install -y" + PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" + INSTALLER_DEPS=( iproute net-tools procps-ng newt ) + PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo netcat ) + LIGHTTPD_USER="lighttpd" + LIGHTTPD_GROUP="lighttpd" + LIGHTTPD_CFG="lighttpd.conf.fedora" + package_check() { + rpm -qa | grep ^$1- > /dev/null + } +elif [ -x "$(command -v apt-get)" ];then + # Debian Family + PKG_MANAGER="apt-get" + PKG_CACHE="/var/cache/apt" + UPDATE_PKG_CACHE="$PKG_MANAGER -qq update" + PKG_UPDATE="$PKG_MANAGER upgrade" + PKG_INSTALL="$PKG_MANAGER --yes --quiet install" + PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" + INSTALLER_DEPS=( apt-utils whiptail dhcpcd5) + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo netcat ) + LIGHTTPD_USER="www-data" + LIGHTTPD_GROUP="www-data" + LIGHTTPD_CFG="lighttpd.conf.debian" + package_check() { + dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" + } +else + echo "OS distribution not supported" + exit +fi ####### FUNCTIONS ########## spinner() @@ -80,6 +111,14 @@ spinner() printf " \b\b\b\b" } +findIPRoute() { + # Find IP used to route to outside world + IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') + IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}') + IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}') + availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1) +} + backupLegacyPihole() { # This function detects and backups the pi-hole v1 files. It will not do anything to the current version files. if [[ -f /etc/dnsmasq.d/adList.conf ]];then @@ -236,7 +275,7 @@ getStaticIPv4Settings() { If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want. It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." $r $c #piholeIP is saved to a permanent file so gravity.sh can use it when updating - echo "${IPv4addr%/*}" > /etc/pihole/piholeIP + $SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP # Nothing else to do since the variables are already set above else # Otherwise, we need to ask the user to input their desired settings. @@ -258,8 +297,8 @@ It is also possible to use a DHCP reservation, but if you are going to do that, Gateway: $IPv4gw" $r $c)then # If the settings are correct, then we need to set the piholeIP # Saving it to a temporary file us to retrieve it later when we run the gravity.sh script. piholeIP is saved to a permanent file so gravity.sh can use it when updating - echo "${IPv4addr%/*}" > /etc/pihole/piholeIP - echo "$piholeInterface" > /tmp/piholeINT + $SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP + $SUDO echo "$piholeInterface" > /tmp/piholeINT # After that's done, the loop ends and we move on ipSettingsCorrect=True else @@ -288,20 +327,52 @@ setDHCPCD() { echo "::: interface $piholeInterface static ip_address=$IPv4addr static routers=$IPv4gw - static domain_name_servers=$IPv4gw" | $SUDO tee -a $dhcpcdFile >/dev/null + static domain_name_servers=$IPv4gw" | $SUDO tee -a /etc/dhcpcd.conf >/dev/null } setStaticIPv4() { - # Tries to set the IPv4 address - if grep -q "$IPv4addr" $dhcpcdFile; then - # address already set, noop - : + if [[ -f /etc/dhcpcd.conf ]];then + # Debian Family + if grep -q "$IPv4addr" /etc/dhcpcd.conf; then + echo "::: Static IP already configured" + else + setDHCPCD + $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" + echo ":::" + echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." + echo ":::" + fi + elif [[ -f /etc/sysconfig/network-scripts/ifcfg-$piholeInterface ]];then + # Fedora Family + IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$piholeInterface + if grep -q "$IPv4addr" $IFCFG_FILE; then + echo "::: Static IP already configured" + else + IPADDR=$(echo $IPv4addr | cut -f1 -d/) + CIDR=$(echo $IPv4addr | cut -f2 -d/) + # Backup existing interface configuration: + cp $IFCFG_FILE $IFCFG_FILE.backup-$(date +%Y-%m-%d-%H%M%S) + # Build Interface configuration file: + $SUDO echo "# Configured via Pi-Hole installer" > $IFCFG_FILE + $SUDO echo "DEVICE=$piholeInterface" >> $IFCFG_FILE + $SUDO echo "BOOTPROTO=none" >> $IFCFG_FILE + $SUDO echo "ONBOOT=yes" >> $IFCFG_FILE + $SUDO echo "IPADDR=$IPADDR" >> $IFCFG_FILE + $SUDO echo "PREFIX=$CIDR" >> $IFCFG_FILE + $SUDO echo "USERCTL=no" >> $IFCFG_FILE + $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" + if [ -x "$(command -v nmcli)" ];then + # Tell NetworkManager to read our new sysconfig file + $SUDO nmcli con load $IFCFG_FILE > /dev/null + fi + echo ":::" + echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." + echo ":::" + + fi else - setDHCPCD - $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" - echo ":::" - echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." - echo ":::" + echo "::: Warning: Unable to locate configuration file to set static IPv4 address!" + exit 1 fi } @@ -455,6 +526,7 @@ versionCheckDNSmasq(){ else $SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation fi + $SUDO sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' $dnsFile1 } installScripts() { @@ -502,7 +574,11 @@ installConfigs() { $SUDO chown "$USER":root /etc/lighttpd $SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig fi - $SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf + $SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf + $SUDO mkdir -p /var/run/lighttpd + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/run/lighttpd + $SUDO mkdir -p /var/cache/lighttpd/compress + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/cache/lighttpd/compress } stopServices() { @@ -510,50 +586,52 @@ stopServices() { $SUDO echo ":::" $SUDO echo -n "::: Stopping services..." #$SUDO service dnsmasq stop & spinner $! || true - $SUDO service lighttpd stop & spinner $! || true + if [ -x "$(command -v systemctl)" ]; then + $SUDO systemctl stop lighttpd & spinner $! || true + else + $SUDO service lighttpd stop & spinner $! || true + fi $SUDO echo " done." } -checkForDependencies() { +installerDependencies() { #Running apt-get update/upgrade with minimal output can cause some issues with #requiring user input (e.g password for phpmyadmin see #218) #We'll change the logic up here, to check to see if there are any updates availible and # if so, advise the user to run apt-get update/upgrade at their own discretion #Check to see if apt-get update has already been run today # it needs to have been run at least once on new installs! - - timestamp=$(stat -c %Y /var/cache/apt/) + timestamp=$(stat -c %Y $PKG_CACHE) timestampAsDate=$(date -d @"$timestamp" "+%b %e") today=$(date "+%b %e") if [ ! "$today" == "$timestampAsDate" ]; then #update package lists echo ":::" - echo -n "::: apt-get update has not been run today. Running now..." - $SUDO apt-get -qq update & spinner $! + echo -n "::: $PKG_MANAGER update has not been run today. Running now..." + $SUDO $UPDATE_PKG_CACHE > /dev/null 2>&1 echo " done!" fi echo ":::" - echo -n "::: Checking apt-get for upgraded packages...." - updatesToInstall=$($SUDO apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst) - echo " done!" - echo ":::" - if [[ $updatesToInstall -eq "0" ]]; then + echo -n "::: Checking $PKG_MANAGER for upgraded packages...." + updatesToInstall=$(eval "$SUDO $PKG_COUNT") + echo " done!" + echo ":::" + if [[ $updatesToInstall -eq "0" ]]; then echo "::: Your pi is up to date! Continuing with pi-hole installation..." - else + else echo "::: There are $updatesToInstall updates availible for your pi!" - echo "::: We recommend you run 'sudo apt-get upgrade' after installing Pi-Hole! " + echo "::: We recommend you run '$PKG_UPDATE' after installing Pi-Hole! " echo ":::" - fi - echo ":::" - echo "::: Checking dependencies:" - - dependencies=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo) - for i in "${dependencies[@]}"; do + fi + echo ":::" + echo "::: Checking installer dependencies..." + for i in "${INSTALLER_DEPS[@]}"; do echo -n "::: Checking for $i..." - if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then + package_check $i > /dev/null + if ! [ $? -eq 0 ]; then echo -n " Not found! Installing...." - $SUDO apt-get -y -qq install "$i" > /dev/null & spinner $! + $SUDO $PKG_INSTALL "$i" > /dev/null 2>&1 echo " done!" else echo " already installed!" @@ -561,6 +639,23 @@ checkForDependencies() { done } +checkForDependencies() { + # Install dependencies for Pi-Hole + echo "::: Checking Pi-Hole dependencies:" + + for i in "${PIHOLE_DEPS[@]}"; do + echo -n "::: Checking for $i..." + package_check $i > /dev/null + if ! [ $? -eq 0 ]; then + echo -n " Not found! Installing...." + $SUDO $PKG_INSTALL "$i" > /dev/null & spinner $! + echo " done!" + else + echo " already installed!" + fi + done +} + getGitFiles() { # Setup git repos for base files and web admin echo ":::" @@ -677,6 +772,27 @@ setUser(){ fi } +configureFirewall() { + # Allow HTTP and DNS traffic + if [ -x "$(command -v firewall-cmd)" ]; then + $SUDO firewall-cmd --state > /dev/null + if [[ $? -eq 0 ]]; then + $SUDO echo "::: Configuring firewalld for httpd and dnsmasq.." + $SUDO firewall-cmd --permanent --add-port=80/tcp + $SUDO firewall-cmd --permanent --add-port=53/tcp + $SUDO firewall-cmd --permanent --add-port=53/udp + $SUDO firewall-cmd --reload + fi + elif [ -x "$(command -v iptables)" ]; then + $SUDO echo "::: Configuring iptables for httpd and dnsmasq.." + $SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT + $SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT + $SUDO iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT + else + $SUDO echo "::: No firewall detected.. skipping firewall configuration." + fi +} + installPihole() { # Install base files and web interface checkForDependencies # done @@ -686,18 +802,55 @@ installPihole() { if [ ! -d "/var/www/html" ]; then $SUDO mkdir -p /var/www/html fi - $SUDO chown www-data:www-data /var/www/html + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/www/html $SUDO chmod 775 /var/www/html - $SUDO usermod -a -G www-data pihole - $SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null + $SUDO usermod -a -G $LIGHTTPD_GROUP pihole + if [ -x "$(command -v lighty-enable-mod)" ]; then + $SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null + else + printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n" + fi getGitFiles installScripts installConfigs CreateLogFile + configureSelinux installPiholeWeb installCron runGravity + configureFirewall +} + +configureSelinux() { + if [ -x "$(command -v getenforce)" ]; then + printf "\n::: SELinux Detected\n" + printf ":::\tChecking for SELinux policy development packages..." + package_check "selinux-policy-devel" > /dev/null + if ! [ $? -eq 0 ]; then + echo -n " Not found! Installing...." + $SUDO $PKG_INSTALL "selinux-policy-devel" > /dev/null & spinner $! + echo " done!" + else + echo " already installed!" + fi + printf "::: Enabling httpd server side includes (SSI).. " + $SUDO setsebool -P httpd_ssi_exec on + if [ $? -eq 0 ]; then + echo -n "Success\n" + fi + printf ":::\tCompiling Pi-Hole SELinux policy..\n" + $SUDO checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te + $SUDO semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod + $SUDO semodule -i /etc/pihole/pihole.pp + $SUDO rm -f /etc/pihole/pihole.mod + $SUDO semodule -l | grep pihole > /dev/null + if [ $? -eq 0 ]; then + printf "::: Successfully installed Pi-Hole SELinux policy\n" + else + printf "::: Warning: Pi-Hole SELinux policy did not install correctly!\n" + fi + fi } displayFinalMessage() { @@ -716,6 +869,10 @@ View the web interface at http://pi.hole/admin or http://${IPv4addr%/*}/admin" $ ######## SCRIPT ############ # Start the installer $SUDO mkdir -p /etc/pihole/ + +# Install packages used by this installation script +installerDependencies + welcomeDialogs # Verify there is enough disk space for the install @@ -723,6 +880,8 @@ verifyFreeDiskSpace # Just back up the original Pi-hole right away since it won't take long and it gets it out of the way backupLegacyPihole +# Find IP used to route to outside world +findIPRoute # Find interfaces and let the user choose one chooseInterface # Let the user decide if they want to block ads over IPv4 and/or IPv6 @@ -741,8 +900,16 @@ displayFinalMessage echo -n "::: Restarting services..." # Start services -$SUDO service dnsmasq restart -$SUDO service lighttpd start +if [ -x "$(command -v systemctl)" ]; then + $SUDO systemctl enable dnsmasq + $SUDO systemctl restart dnsmasq + $SUDO systemctl enable lighttpd + $SUDO systemctl start lighttpd +else + $SUDO service dnsmasq restart + $SUDO service lighttpd start +fi + echo " done." echo ":::" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 83168d6a..5730c531 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -17,7 +17,7 @@ else echo "::: Sudo will be used for the uninstall." # Check if it is actually installed # If it isn't, exit because the unnstall cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this as root." @@ -25,6 +25,39 @@ else fi fi +# Compatability +if [ -x "$(command -v rpm)" ];then + # Fedora Family + if [ -x "$(command -v dnf)" ];then + PKG_MANAGER="dnf" + else + PKG_MANAGER="yum" + fi + PKG_REMOVE="$PKG_MANAGER remove -y" + PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common git curl unzip wget findutils ) + package_check() { + rpm -qa | grep ^$1- > /dev/null + } + package_cleanup() { + $SUDO $PKG_MANAGER -y autoremove + } +elif [ -x "$(command -v apt-get)" ];then + # Debian Family + PKG_MANAGER="apt-get" + PKG_REMOVE="$PKG_MANAGER -y remove --purge" + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget ) + package_check() { + dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" + } + package_cleanup() { + $SUDO $PKG_MANAGER -y autoremove + $SUDO $PKG_MANAGER -y autoclean + } +else + echo "OS distribution not supported" + exit +fi + spinner() { local pid=$1 @@ -43,14 +76,13 @@ spinner() function removeAndPurge { # Purge dependencies echo ":::" - # Nate 3/28/2016 - Removed `php5-cgi` and `php5` as they are removed with php5-common - dependencies=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget ) - for i in "${dependencies[@]}"; do - if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then + for i in "${PIHOLE_DEPS[@]}"; do + package_check $i > /dev/null + if [ $? -eq 0 ]; then while true; do read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn case $yn in - [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; break;; + [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO $PKG_REMOVE "$i" &> /dev/null & spinner $!; printf "done!\n"; break;; [Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;; * ) printf "::: You must answer yes or no!\n";; esac @@ -65,10 +97,8 @@ echo ":::" $SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null # Take care of any additional package cleaning - printf "::: Auto removing remaining dependencies..." - $SUDO apt-get -y autoremove &> /dev/null & spinner $!; printf "done!\n"; - printf "::: Auto cleaning remaining dependencies..." - $SUDO apt-get -y autoclean &> /dev/null & spinner $!; printf "done!\n"; + printf "::: Auto removing & cleaning remaining dependencies..." + package_cleanup &> /dev/null & spinner $!; printf "done!\n"; # Call removeNoPurge to remove PiHole specific files removeNoPurge @@ -107,7 +137,8 @@ function removeNoPurge { fi echo "::: Removing config files and scripts..." - if [ ! "$(dpkg-query -W --showformat='${Status}\n' lighttpd 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then + package_check $i > /dev/null + if [ $? -eq 1 ]; then $SUDO rm -rf /etc/lighttpd/ &> /dev/null else if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then @@ -143,5 +174,3 @@ while true; do [Nn]* ) removeNoPurge; break;; esac done - - @@ -19,7 +19,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." @@ -152,7 +152,7 @@ function gravity_transport() { fi # Silently curl url - curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer + curl -s -L $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer # Check for list updates gravity_patternCheck "$patternBuffer" # Cleanup @@ -181,7 +181,7 @@ function gravity_spinup() { # to complete properly and reset the user agent when required case "$domain" in "adblock.mahakala.is") - agent='Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0' + agent='Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' cmd_ext="-e http://forum.xda-developers.com/" ;; @@ -17,7 +17,7 @@ if [[ ! $EUID -eq 0 ]];then #echo "::: Sudo will be used for this tool." # Check if it is actually installed # If it isn't, exit because the pihole cannot be invoked without privileges. - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this as root." |