diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..e5626a07 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,38 @@ +# EditorConfig is awesome: http://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true +indent_style = space +indent_size = tab +tab_width = 2 +charset = utf-8 +trim_trailing_whitespace = true + +# Matches multiple files with brace expansion notation +# Set default charset +[*.{js,py}] +charset = utf-8 + +# 4 space indentation +[*.py] +indent_style = space +indent_size = 4 + +# Tab indentation (no size specified) +[Makefile] +indent_style = tab + +# Indentation override for all JS under lib directory +[scripts/**.js] +indent_style = space +indent_size = 2 + +# Matches the exact files either package.json or .travis.yml +[{package.json,.travis.yml}] +indent_style = space +indent_size = 2 diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index c985b972..3014625b 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -2,7 +2,7 @@ - [] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [] The issue I am reporting can be *replicated* -- [] The issue I'm reporting isn't a duplicate (see [FAQs](https://github.com/pi-hole/pi-hole/wiki/FAQs), [closed issues](https://github.com/pi-hole/pi-hole/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), and [open issues](https://github.com/pi-hole/pi-hole/issues)). +- [] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pi-hole/pi-hole/wiki/FAQs), [closed issues](https://github.com/pi-hole/pi-hole/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), and [open issues](https://github.com/pi-hole/pi-hole/issues)). **How familiar are you with the codebase?:** diff --git a/.gitignore b/.gitignore index c4b497a0..91014dcd 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,3 @@ __pycache__ .cache .pullapprove.yml - diff --git a/.pullapprove.yml b/.pullapprove.yml index ff970b29..39566b34 100644 --- a/.pullapprove.yml +++ b/.pullapprove.yml @@ -1,7 +1,7 @@ version: 2 always_pending: - title_regex: '(WIP|wip)' + title_regex: '(WIP|wip)' labels: - wip explanation: 'This PR is a work in progress...' @@ -22,11 +22,11 @@ groups: enabled: true conditions: branches: - - development + - development required: 2 teams: - approvers - + master: approve_by_comment: enabled: true diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d342a8b5..8cb7ccb9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -35,4 +35,5 @@ When requesting or submitting new features, first consider whether it might be u - Before Submitting your Pull Request, merge `development` with your new branch and fix any conflicts. (Make sure you don't break anything in development!) - Please use the [Google Style Guide for Shell](https://google.github.io/styleguide/shell.xml) for your code submission styles. - Commit Unix line endings. +- Please use the Pi-hole brand: **Pi-hole** (Take a special look at the capitalized 'P' and a low 'h' with a hyphen) - (Optional fun) keep to the theme of Star Trek/black holes/gravity. diff --git a/README.md b/README.md index 0a5f7f4c..75c548e5 100644 --- a/README.md +++ b/README.md @@ -5,12 +5,12 @@
## The multi-platform, network-wide ad blocker -Block ads for **all** your devices _without_ the need to install client-side software. The Pi-hole blocks ads at the DNS-level, so all your devices are protected. +Block ads for **all** your devices _without_ the need to install client-side software. The Pi-hole™ blocks ads at the DNS-level, so all your devices are protected. - Web Browsers - Cell Phones @@ -53,9 +53,9 @@ wget -O basic-install.sh https://install.pi-hole.net bash basic-install.sh ``` -Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to use Pi-hole as their DNS server. +Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to use Pi-hole™ as their DNS server. -## What is Pi-hole and how do I install it? +## What is Pi-hole™ and how do I install it? @@ -73,7 +73,7 @@ Once installed, [configure your router to have **DHCP clients use the Pi as thei ## Technical Details -The Pi-hole is an **advertising-aware DNS/Web server**. If an ad domain is queried, a small Web page or GIF is delivered in place of the advertisement. +The Pi-hole™ is an **advertising-aware DNS/Web server**. If an ad domain is queried, a small Web page or GIF is delivered in place of the advertisement. ### Gravity @@ -83,7 +83,7 @@ The [gravity.sh](https://github.com/pi-hole/pi-hole/blob/master/gravity.sh) does #### Other Operating Systems -The automated install is only for a clean install of a Debian family or Fedora based system, such as the Raspberry Pi. However, this script will work for most UNIX-like systems, some with some slight **modifications** that we can help you work through. If you can install `dnsmasq` and a Webserver, it should work OK. If there are other platforms you'd like supported, let us know. +The automated install is only for a clean install of a Debian family or Fedora based system, such as the Raspberry Pi. However, this script will work for most UNIX-like systems, some with some slight **modifications** that we can help you work through. If you can install `dnsmasq` and a web server, it should work OK. If there are other platforms you'd like supported, let us know. ### Web Interface @@ -102,7 +102,7 @@ Domains can be whitelisted and blacklisted using either the web interface or the ### Settings -The settings page lets you control and configure your Pi-hole. You can do things like: +The settings page lets you control and configure your Pi-hole™. You can do things like: - enable Pi-hole's built-in DHCP server - exclude domains from the graphs @@ -113,7 +113,7 @@ The settings page lets you control and configure your Pi-hole. You can do thing #### Built-in DHCP Server -Pi-hole ships with a built-in DHCP server. This allows you to let your network devices use Pi-hole as their DNS server if your router does not let you adjust the DHCP options. +Pi-hole™ ships with a built-in DHCP server. This allows you to let your network devices use Pi-hole™ as their DNS server if your router does not let you adjust the DHCP options. @@ -137,14 +137,14 @@ The same output can be achieved on the CLI by running `chronometer.sh -j` You can view [real-time stats](https://discourse.pi-hole.net/t/how-do-i-view-my-pi-holes-stats-over-ssh-or-on-an-lcd-using-chronometer/240) via `ssh` or on an [2.8" LCD screen](http://amzn.to/1P0q1Fj). This is accomplished via [`chronometer.sh`](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/chronometer.sh). ![Pi-hole LCD](http://i.imgur.com/nBEqycp.jpg) -## Pi-hole Projects +## Pi-hole™ Projects - [An ad blocking Magic Mirror](https://zonksec.com/blog/magic-mirror-dns-filtering/#dnssoftware) - [Pi-hole stats in your Mac's menu bar](https://getbitbar.com/plugins/Network/pi-hole.1m.py) - [Get LED alerts for each blocked ad](http://thetimmy.silvernight.org/pages/endisbutton/) - [Pi-hole on Ubuntu 14.04 on VirtualBox](http://hbalagtas.blogspot.com/2016/02/adblocking-with-pi-hole-and-ubuntu-1404.html) - [Docker Pi-hole container (x86 and ARM)](https://hub.docker.com/r/diginc/pi-hole/) -- [Splunk: Pi-hole Visualizser](https://splunkbase.splunk.com/app/3023/) +- [Splunk: Pi-hole Visualiser](https://splunkbase.splunk.com/app/3023/) - [Pi-hole Chrome extension](https://chrome.google.com/webstore/detail/pi-hole-list-editor/hlnoeoejkllgkjbnnnhfolapllcnaglh) ([open source](https://github.com/packtloss/pihole-extension)) - [Go Bananas for CHiP-hole ad blocking](https://www.hackster.io/jacobsalmela/chip-hole-network-wide-ad-blocker-98e037) - [Sky-Hole](http://dlaa.me/blog/post/skyhole) @@ -154,7 +154,7 @@ You can view [real-time stats](https://discourse.pi-hole.net/t/how-do-i-view-my- - [Minibian Pi-hole](http://munkjensen.net/wiki/index.php/See_my_Pi-Hole#Minibian_Pi-hole) - [Windows Tray Stat Application](https://github.com/goldbattle/copernicus) - [Let your blink1 device blink when Pi-hole filters ads](https://gist.github.com/elpatron68/ec0b4c582e5abf604885ac1e068d233f) -- [Pi-Hole Prometheus exporter](https://github.com/nlamirault/pihole_exporter) : a [Prometheus](https://prometheus.io/) exporter for Pi-Hole +- [Pi-hole Prometheus exporter](https://github.com/nlamirault/pihole_exporter): a [Prometheus](https://prometheus.io/) exporter for Pi-hole - [Pi-hole Droid - open source Android client](https://github.com/friimaind/pi-hole-droid) ## Coverage diff --git a/adlists.default b/adlists.default index 4a5bca3c..cbc1bfb3 100644 --- a/adlists.default +++ b/adlists.default @@ -1,53 +1,23 @@ -## Pi-hole ad-list default sources. Updated 29/10/2016 ######################### -# # -# To make changes to this file: # -# 1. run `cp /etc/pihole/adlists.default /etc/pihole/adlists.list` # -# 2. run `nano /etc/pihole/adlists.list` # -# 3. Uncomment or comment any of the below lists # -# # -# Know of any other lists? Feel free to let us know about them, or add them # -# to this file! # -################################################################################ - # The below list amalgamates several lists we used previously. # See `https://github.com/StevenBlack/hosts` for details +##StevenBlack's list https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -# Other lists we consider safe: +##MalwareDomains https://mirror1.malwaredomains.com/files/justdomains + +##Cameleon http://sysctl.org/cameleon/hosts + +##Zeustracker https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist + +##Disconnect.me Tracking https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt + +##Disconnect.me Ads https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt -# hosts-file.net list. Updated frequently, but has been known to block legitimate sites. +##Hosts-file.net https://hosts-file.net/ad_servers.txt -# Mahakala list. Has been known to block legitimate domains including the entire .com range. -# Warning: Due to the sheer size of this list, the web admin console will be unresponsive. -#https://adblock.mahakala.is/ - -# ADZHOSTS list. Has been known to block legitimate domains -#http://pilotfiber.dl.sourceforge.net/project/adzhosts/HOSTS.txt - -# Windows 10 telemetry list -#https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt - -# Securemecca.com list - Also blocks "adult" sites (pornography/gambling etc) -#http://securemecca.com/Downloads/hosts.txt - -# Quidsup's tracker list -#https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt - -# Block the BBC News website Breaking News banner -#https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts - -# Untested Lists: -#https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt -#https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt -#http://malwaredomains.lehigh.edu/files/domains.txt -# Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/) -#https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt -#https://raw.github.com/notracking/hosts-blocklists/master/domains.txt -# Combination of several host files on the internet (warning some facebook domains are also blocked but you can go to facebook.com). See https://github.com/mat1th/Dns-add-block for more information. -#https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 7bb50745..67ff495b 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -8,34 +8,55 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. - - - #Functions############################################################################################################## piLog="/var/log/pihole.log" gravity="/etc/pihole/gravity.list" . /etc/pihole/setupVars.conf -# Borrowed/modified from https://gist.github.com/cjus/1047794 -function GetJSONValue { - retVal=$(echo $1 | sed 's/\\\\\//\//g' | \ - sed 's/[{}]//g' | \ - awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | \ - sed 's/\"\:/\|/g' | \ - sed 's/[\,]/ /g' | \ - sed 's/\"//g' | \ - grep -w $2) - echo ${retVal##*|} +function GetFTLData { + # Open connection to FTL + exec 3<>/dev/tcp/localhost/"$(cat /var/run/pihole-FTL.port)" + + # Test if connection is open + if { >&3; } 2> /dev/null; then + # Send command to FTL + echo -e ">$1" >&3 + + # Read input + read -r -t 1 LINE <&3 + until [ ! $? ] || [[ "$LINE" == *"EOM"* ]]; do + echo "$LINE" >&1 + read -r -t 1 LINE <&3 + done + + # Close connection + exec 3>&- + exec 3<&- + fi } outputJSON() { - json=$(curl -s -X GET http://127.0.0.1/admin/api.php?summaryRaw) - echo ${json} + get_summary_data + echo "{\"domains_being_blocked\":${domains_being_blocked_raw},\"dns_queries_today\":${dns_queries_today_raw},\"ads_blocked_today\":${ads_blocked_today_raw},\"ads_percentage_today\":${ads_percentage_today_raw}}" +} + +get_summary_data() { + local summary=$(GetFTLData "stats") + domains_being_blocked_raw=$(grep "domains_being_blocked" <<< "${summary}" | grep -Eo "[0-9]+$") + domains_being_blocked=$(printf "%'.f" ${domains_being_blocked_raw}) + dns_queries_today_raw=$(grep "dns_queries_today" <<< "$summary" | grep -Eo "[0-9]+$") + dns_queries_today=$(printf "%'.f" ${dns_queries_today_raw}) + ads_blocked_today_raw=$(grep "ads_blocked_today" <<< "$summary" | grep -Eo "[0-9]+$") + ads_blocked_today=$(printf "%'.f" ${ads_blocked_today_raw}) + ads_percentage_today_raw=$(grep "ads_percentage_today" <<< "$summary" | grep -Eo "[0-9.]+$") + LC_NUMERIC=C ads_percentage_today=$(printf "%'.f" ${ads_percentage_today_raw}) } normalChrono() { for (( ; ; )); do + get_summary_data + domain=$(GetFTLData recentBlocked) clear # Displays a colorful Pi-hole logo echo " [0;1;35;95m_[0;1;31;91m__[0m [0;1;33;93m_[0m [0;1;34;94m_[0m [0;1;36;96m_[0m" @@ -49,20 +70,12 @@ normalChrono() { #uptime -p #Doesn't work on all versions of uptime uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/) {d=$6;h=$8;m=$9} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes."}' echo "-------------------------------" - # Uncomment to continually read the log file and display the current domain being blocked - #tail -f /var/log/pihole.log | awk '/\/etc\/pihole\/gravity.list/ {if ($7 != "address" && $7 != "name" && $7 != "/etc/pihole/gravity.list") print $7; else;}' + echo "Recently blocked:" + echo " $domain" - json=$(curl -s -X GET http://127.0.0.1/admin/api.php?summaryRaw) - - domains=$(printf "%'.f" $(GetJSONValue ${json} "domains_being_blocked")) #add commas in - queries=$(printf "%'.f" $(GetJSONValue ${json} "dns_queries_today")) - blocked=$(printf "%'.f" $(GetJSONValue ${json} "ads_blocked_today")) - LC_NUMERIC=C percentage=$(printf "%0.2f\n" $(GetJSONValue ${json} "ads_percentage_today")) #2 decimal places - - echo "Blocking: ${domains}" - echo "Queries: ${queries}" - - echo "Pi-holed: ${blocked} (${percentage}%)" + echo "Blocking: ${domains_being_blocked}" + echo "Queries: ${dns_queries_today}" + echo "Pi-holed: ${ads_blocked_today} (${ads_percentage_today}%)" sleep 5 done diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 3b7abbef..09f20d6b 100644 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -104,7 +104,7 @@ checkout() #This is unlikely if ! is_repo "${PI_HOLE_FILES_DIR}" ; then - echo "::: Critical Error: Core Pi-Hole repo is missing from system!" + echo "::: Critical Error: Core Pi-hole repo is missing from system!" echo "::: Please re-run install script from https://github.com/pi-hole/pi-hole" exit 1; fi diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 0b8a2571..945cd81c 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -43,16 +43,11 @@ cat << EOM ::: Please read and note any issues, and follow any directions advised during this process. EOM -# Ensure the file exists, create if not, clear if exists. -truncate --size=0 "${DEBUG_LOG}" -chmod 644 ${DEBUG_LOG} -chown "$USER":pihole ${DEBUG_LOG} - source ${VARSFILE} ### Private functions exist here ### log_write() { - echo "${1}" >> "${DEBUG_LOG}" + echo "${@}" >&3 } log_echo() { @@ -77,14 +72,14 @@ log_echo() { header_write() { log_echo "" - log_echo "${1}" + log_echo "---= ${1}" log_write "" } file_parse() { while read -r line; do if [ ! -z "${line}" ]; then - [[ "${line}" =~ ^#.*$ || ! "${line}" ]] && continue + [[ "${line}" =~ ^#.*$ || ! "${line}" || "${line}" == "WEBPASSWORD="* ]] && continue log_write "${line}" fi done < "${1}" @@ -231,6 +226,7 @@ ipv6_check() { ip_check() { local protocol=${1} local gravity=${2} + header_write "Checking IPv${protocol} Stack" local ip_addr_list="$(ip -${protocol} addr show dev ${PIHOLE_INTERFACE} | awk -F ' ' '{ for(i=1;i<=NF;i++) if ($i ~ '/^inet/') print $(i+1) }')" if [[ -n ${ip_addr_list} ]]; then @@ -305,62 +301,78 @@ daemon_check() { } testResolver() { - header_write "Resolver Functions Check" + local protocol="${1}" + header_write "Resolver Functions Check (IPv${protocol})" + local IP="${2}" + local g_addr + local l_addr + local url + local testurl + local localdig + local piholedig + local remotedig + + if [[ ${protocol} == "6" ]]; then + g_addr="2001:4860:4860::8888" + l_addr="::1" + r_type="AAAA" + else + g_addr="8.8.8.8" + l_addr="127.0.0.1" + r_type="A" + fi # Find a blocked url that has not been whitelisted. - TESTURL="doubleclick.com" - if [ -s "${WHITELISTMATCHES}" ]; then - while read -r line; do - CUTURL=${line#*" "} - if [ "${CUTURL}" != "Pi-Hole.IsWorking.OK" ]; then - while read -r line2; do - CUTURL2=${line2#*" "} - if [ "${CUTURL}" != "${CUTURL2}" ]; then - TESTURL="${CUTURL}" - break 2 - fi - done < "${WHITELISTMATCHES}" - fi - done < "${GRAVITYFILE}" - fi + url=$(shuf -n 1 "${GRAVITYFILE}" | awk -F ' ' '{ print $2 }') - log_write "Resolution of ${TESTURL} from Pi-hole:" - LOCALDIG=$(dig "${TESTURL}" @127.0.0.1) - if [[ $? = 0 ]]; then - log_write "${LOCALDIG}" + testurl="${url:-doubleclick.com}" + + + log_write "Resolution of ${testurl} from Pi-hole (${l_addr}):" + if localdig=$(dig -"${protocol}" "${testurl}" @${l_addr} +short "${r_type}"); then + log_write "${localdig}" else - log_write "Failed to resolve ${TESTURL} on Pi-hole" + log_write "Failed to resolve ${testurl} on Pi-hole (${l_addr})" + fi + log_write "" + + log_write "Resolution of ${testurl} from Pi-hole (${IP}):" + if piholedig=$(dig -"${protocol}" "${testurl}" @"${IP}" +short "${r_type}"); then + log_write "${piholedig}" + else + log_write "Failed to resolve ${testurl} on Pi-hole (${IP})" fi log_write "" - log_write "Resolution of ${TESTURL} from 8.8.8.8:" - REMOTEDIG=$(dig "${TESTURL}" @8.8.8.8) - if [[ $? = 0 ]]; then - log_write "${REMOTEDIG}" + log_write "Resolution of ${testurl} from ${g_addr}:" + if remotedig=$(dig -"${protocol}" "${testurl}" @${g_addr} +short "${r_type}"); then + log_write "${remotedig:-NXDOMAIN}" else - log_write "Failed to resolve ${TESTURL} on 8.8.8.8" + log_write "Failed to resolve ${testurl} on upstream server ${g_addr}" fi log_write "" - - log_write "Pi-hole dnsmasq specific records lookups" - log_write "Cache Size:" - dig +short chaos txt cachesize.bind >> ${DEBUG_LOG} - log_write "Upstream Servers:" - dig +short chaos txt servers.bind >> ${DEBUG_LOG} - log_write "" } +testChaos(){ + # Check Pi-hole specific records + + log_write "Pi-hole dnsmasq specific records lookups" + log_write "Cache Size:" + log_write $(dig +short chaos txt cachesize.bind) + log_write "Upstream Servers:" + log_write $(dig +short chaos txt servers.bind) + log_write "" + +} checkProcesses() { header_write "Processes Check" - echo "::: Logging status of lighttpd and dnsmasq..." - PROCESSES=( lighttpd dnsmasq ) + echo "::: Logging status of lighttpd, dnsmasq and pihole-FTL..." + PROCESSES=( lighttpd dnsmasq pihole-FTL ) for i in "${PROCESSES[@]}"; do - log_write "" - log_write "${i}" - log_write " processes status:" - systemctl -l status "${i}" >> "${DEBUG_LOG}" + log_write "Status for ${i} daemon:" + log_write $(systemctl is-active "${i}") done log_write "" } @@ -388,49 +400,6 @@ countdown() { tuvix=$(( tuvix - 5 )) done } -### END FUNCTIONS ### - -# Gather version of required packages / repositories -version_check || echo "REQUIRED FILES MISSING" -# Check for newer setupVars storage file -source_file "/etc/pihole/setupVars.conf" -# Gather information about the running distribution -distro_check || echo "Distro Check soft fail" -# Gather processor type -processor_check || echo "Processor Check soft fail" - -ip_check 6 ${IPV6_ADDRESS} -ip_check 4 ${IPV4_ADDRESS} - -daemon_check lighttpd http -daemon_check dnsmasq domain -checkProcesses -testResolver -debugLighttpd - -files_check "${DNSMASQFILE}" -dir_check "${DNSMASQCONFDIR}" -files_check "${WHITELISTFILE}" -files_check "${BLACKLISTFILE}" -files_check "${ADLISTFILE}" - - -header_write "Analyzing gravity.list" - - gravity_length=$(grep -c ^ "${GRAVITYFILE}") \ - && log_write "${GRAVITYFILE} is ${gravity_length} lines long." \ - || log_echo "Warning: No gravity.list file found!" - -header_write "Analyzing pihole.log" - - pihole_length=$(grep -c ^ "${PIHOLELOG}") \ - && log_write "${PIHOLELOG} is ${pihole_length} lines long." \ - || log_echo "Warning: No pihole.log file found!" - - pihole_size=$(du -h "${PIHOLELOG}" | awk '{ print $1 }') \ - && log_write "${PIHOLELOG} is ${pihole_size}." \ - || log_echo "Warning: No pihole.log file found!" - # Continuously append the pihole.log file to the pihole_debug.log file dumpPiHoleLog() { @@ -442,7 +411,7 @@ dumpPiHoleLog() { if [ -e "${PIHOLELOG}" ]; then # Dummy process to use for flagging down tail to terminate countdown & - tail -n0 -f --pid=$! "${PIHOLELOG}" >> ${DEBUG_LOG} + tail -n0 -f --pid=$! "${PIHOLELOG}" >&4 else log_write "No pihole.log file found!" printf ":::\tNo pihole.log file found!\n" @@ -453,6 +422,16 @@ dumpPiHoleLog() { finalWork() { local tricorder echo "::: Finshed debugging!" + + # Ensure the file exists, create if not, clear if exists. + truncate --size=0 "${DEBUG_LOG}" + chmod 644 ${DEBUG_LOG} + chown "$USER":pihole ${DEBUG_LOG} + # copy working temp file to final log location + cat /proc/$$/fd/3 >> "${DEBUG_LOG}" + # Straight dump of tailing the logs, can sanitize later if needed. + cat /proc/$$/fd/4 >> "${DEBUG_LOG}" + echo "::: The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only." if [[ "${AUTOMATED}" ]]; then echo "::: Debug script running in automated mode, uploading log to tricorder..." @@ -480,6 +459,70 @@ finalWork() { echo "::: A local copy of the Debug log can be found at : /var/log/pihole_debug.log" } +### END FUNCTIONS ### +# Create temporary file for log +TEMPLOG=$(mktemp /tmp/pihole_temp.XXXXXX) +# Open handle 3 for templog +exec 3>"$TEMPLOG" +# Delete templog, but allow for addressing via file handle. +rm "$TEMPLOG" + +# Create temporary file for logdump using file handle 4 +DUMPLOG=$(mktemp /tmp/pihole_temp.XXXXXX) +exec 4>"$DUMPLOG" +rm "$DUMPLOG" + +# Gather version of required packages / repositories +version_check || echo "REQUIRED FILES MISSING" +# Check for newer setupVars storage file +source_file "/etc/pihole/setupVars.conf" +# Gather information about the running distribution +distro_check || echo "Distro Check soft fail" +# Gather processor type +processor_check || echo "Processor Check soft fail" + +ip_check 6 ${IPV6_ADDRESS} +ip_check 4 ${IPV4_ADDRESS} + +daemon_check lighttpd http +daemon_check dnsmasq domain +daemon_check pihole-FTL 4711 +checkProcesses + +# Check local/IP/Google for IPv4 Resolution +testResolver 4 "${IPV4_ADDRESS%/*}" +# If IPv6 enabled, check resolution +if [[ "${IPV6_ADDRESS}" ]]; then + testResolver 6 "${IPV6_ADDRESS%/*}" +fi +# Poll dnsmasq Pi-hole specific queries +testChaos + +debugLighttpd + +files_check "${DNSMASQFILE}" +dir_check "${DNSMASQCONFDIR}" +files_check "${WHITELISTFILE}" +files_check "${BLACKLISTFILE}" +files_check "${ADLISTFILE}" + + +header_write "Analyzing gravity.list" + + gravity_length=$(grep -c ^ "${GRAVITYFILE}") \ + && log_write "${GRAVITYFILE} is ${gravity_length} lines long." \ + || log_echo "Warning: No gravity.list file found!" + +header_write "Analyzing pihole.log" + + pihole_length=$(grep -c ^ "${PIHOLELOG}") \ + && log_write "${PIHOLELOG} is ${pihole_length} lines long." \ + || log_echo "Warning: No pihole.log file found!" + + pihole_size=$(du -h "${PIHOLELOG}" | awk '{ print $1 }') \ + && log_write "${PIHOLELOG} is ${pihole_size}." \ + || log_echo "Warning: No pihole.log file found!" + trap finalWork EXIT ### Method calls for additional logging ### diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 63754db2..fd66b255 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -3,18 +3,22 @@ # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. # -# Flushes /var/log/pihole.log +# Flushes Pi-hole's log file # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. - - echo -n "::: Flushing /var/log/pihole.log ..." # Test if logrotate is available on this system if command -v /usr/sbin/logrotate &> /dev/null; then + # Flush twice to move all data out of sight of FTL + /usr/sbin/logrotate --force /etc/pihole/logrotate /usr/sbin/logrotate --force /etc/pihole/logrotate else + # Flush both pihole.log and pihole.log.1 (if existing) echo " " > /var/log/pihole.log + if [ -f /var/log/pihole.log.1 ]; then + echo " " > /var/log/pihole.log.1 + fi fi echo "... done!" diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 9ac12940..4fceb931 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -75,13 +75,26 @@ GitCheckUpdateAvail() { fi } +FTLcheckUpdate() { + + local FTLversion=$(/usr/bin/pihole-FTL tag) + local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n') + + if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then + return 0 + else + return 1 + fi +} + main() { local pihole_version_current local web_version_current + source "${setupVars}" #This is unlikely if ! is_repo "${PI_HOLE_FILES_DIR}" ; then - echo "::: Critical Error: Core Pi-Hole repo is missing from system!" + echo "::: Critical Error: Core Pi-hole repo is missing from system!" echo "::: Please re-run install script from https://github.com/pi-hole/pi-hole" exit 1; fi @@ -96,6 +109,21 @@ main() { echo "::: Pi-hole Core: up to date" fi + if FTLcheckUpdate ; then + FTL_update=true + echo "::: FTL: update available" + else + FTL_update=false + echo "::: FTL: up to date" + fi + + if ${FTL_update}; then + echo ":::" + echo "::: FTL out of date" + FTLdetect + echo ":::" + fi + if [[ ${INSTALL_WEB} == true ]]; then if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then echo "::: Critical Error: Web Admin repo is missing from system!" @@ -122,9 +150,11 @@ main() { # pull pihole repo run install --unattended if ! ${core_update} && ! ${web_update} ; then - echo ":::" - echo "::: Everything is up to date!" - exit 0 + if ! ${FTL_update} ; then + echo ":::" + echo "::: Everything is up to date!" + exit 0 + fi elif ! ${core_update} && ${web_update} ; then echo ":::" @@ -139,7 +169,7 @@ main() { elif ${core_update} && ${web_update} ; then echo ":::" - echo "::: Updating Everything" + echo "::: Updating Pi-hole core and web admin files" getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1 else @@ -148,9 +178,11 @@ main() { fi else # Web Admin not installed, so only verify if core is up to date if ! ${core_update}; then - echo ":::" - echo "::: Everything is up to date!" - exit 0 + if ! ${FTL_update} ; then + echo ":::" + echo "::: Everything is up to date!" + exit 0 + fi else echo ":::" echo "::: Pi-hole core files out of date" @@ -173,6 +205,15 @@ main() { echo "::: If you had made any changes in '/etc/.pihole/', they have been stashed using 'git stash'" fi + if [[ ${FTL_update} == true ]]; then + FTL_version_current="$(/usr/bin/pihole-FTL tag)" + echo ":::" + echo "::: FTL version is now at ${FTL_version_current}" + start_service pihole-FTL + enable_service pihole-FTL + fi + + echo "" exit 0 diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 5f032ed1..7804fc8f 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -81,19 +81,28 @@ SetWebPassword(){ exit 1 fi - # Set password only if there is one to be set - if (( ${#args[2]} > 0 )) ; then + read -s -p "Enter New Password (Blank for no password): " PASSWORD + echo "" + + if [ "${PASSWORD}" == "" ]; then + change_setting "WEBPASSWORD" "" + echo "Password Removed" + exit 0 + fi + + read -s -p "Confirm Password: " CONFIRM + echo "" + if [ "${PASSWORD}" == "${CONFIRM}" ] ; then # Compute password hash twice to avoid rainbow table vulnerability - hash=$(echo -n ${args[2]} | sha256sum | sed 's/\s.*$//') + hash=$(echo -n ${PASSWORD} | sha256sum | sed 's/\s.*$//') hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//') # Save hash to file change_setting "WEBPASSWORD" "${hash}" echo "New password set" else - change_setting "WEBPASSWORD" "" - echo "Password removed" + echo "Passwords don't match. Your password has not been changed" + exit 1 fi - } ProcessDNSSettings() { @@ -319,6 +328,25 @@ SetWebUILayout(){ } +CustomizeAdLists() { + + list="/etc/pihole/adlists.list" + + if [[ "${args[2]}" == "enable" ]] ; then + sed -i "\\@${args[3]}@s/^#http/http/g" "${list}" + elif [[ "${args[2]}" == "disable" ]] ; then + sed -i "\\@${args[3]}@s/^http/#http/g" "${list}" + elif [[ "${args[2]}" == "add" ]] ; then + echo "${args[3]}" >> ${list} + elif [[ "${args[2]}" == "del" ]] ; then + var=$(echo "${args[3]}" | sed 's/\//\\\//g') + sed -i "/${var}/Id" "${list}" + else + echo "Not permitted" + return 1 + fi +} + SetPrivacyMode(){ if [[ "${args[2]}" == "true" ]] ; then @@ -410,6 +438,12 @@ SetListeningMode(){ } +Teleporter() +{ + local datetimestamp=$(date "+%Y-%m-%d_%H-%M-%S") + php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.zip" +} + main() { args=("$@") @@ -435,6 +469,8 @@ main() { "removestaticdhcp" ) RemoveDHCPStaticAddress;; "hostrecord" ) SetHostRecord;; "-i" | "interface" ) SetListeningMode;; + "-t" | "teleporter" ) Teleporter;; + "adlist" ) CustomizeAdLists;; * ) helpFunc;; esac diff --git a/advanced/index.php b/advanced/index.php index c076f92d..bfc44a1d 100644 --- a/advanced/index.php +++ b/advanced/index.php @@ -1,15 +1,55 @@ +