diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 00000000..04303614 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,7 @@ +##### Expected Behaviour: + + +##### Actual Behaviour: + + +##### Steps to reproduce this issue: diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..071fdf89 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +Fixes #[issue number] . + +Changes proposed in this pull request: + +- + +- + +- + +@pihole/gravity diff --git a/README.md b/README.md index a0bf4cc3..9dc189e4 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,18 @@ -# Automated Install -##### Designed For Raspberry Pi B, B+, 2, and Zero (with an Ethernet adapter) +# Automated Install +##### Designed For Raspberry Pi A+, B, B+, 2, Zero (with an Ethernet adapter), and also works on most Debian based distros! -1. Install Raspbian +1. Install Raspbian on Raspberry Pi variants or a Debian based distribution on other hardware or virtual machines 2. Run the command below ### ```curl -L install.pi-hole.net | bash``` +#### Alternative Semi-Automated install #### +``` +wget -O basic-install.sh install.pi-hole.net +chmod +x basic-install.sh +./basic-install.sh +``` + Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](http://pi-hole.net/faq/can-i-set-the-pi-hole-to-be-the-dns-server-at-my-router-so-i-dont-have-to-change-settings-for-my-devices/) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/). ## Pi-hole Is Free, But Powered By Your Donations @@ -17,6 +24,7 @@ Once installed, [configure your router to have **DHCP clients use the Pi as thei [![Pi-hole exlplained](http://i.imgur.com/qNybJDX.png)](https://vimeo.com/135965232) ## Pi-hole Projects +- [x86 Docker container that runs Pi-hole](https://hub.docker.com/r/diginc/pi-hole/) - [Pi-hole Chrome extension](https://chrome.google.com/webstore/detail/pi-hole-list-editor/hlnoeoejkllgkjbnnnhfolapllcnaglh) ([open source](https://github.com/packtloss/pihole-extension)) - [Go Bananas for CHiP-hole ad blocking](https://www.hackster.io/jacobsalmela/chip-hole-network-wide-ad-blocker-98e037) - [Sky-Hole](http://dlaa.me/blog/post/skyhole) diff --git a/adlists.default b/adlists.default index dd391357..4a8c82db 100644 --- a/adlists.default +++ b/adlists.default @@ -1,8 +1,49 @@ -https://adaway.org/hosts.txt +## Pi-hole ad-list default sources. Updated 21/02/2016 ######################### +# # +# To make changes to this file: # +# 1. run `cp /etc/pihole/adlists.default /etc/pihole/adlists.list` # +# 2. run `nano /etc/pihole/adlists.list` # +# 3. Uncomment or comment any of the below lists # +# # +# Know of any other lists? Feel free to let us know about them, or add them # +# to this file! # +################################################################################ + +# The below list amalgamates several lists we used previously. +# See `https://github.com/StevenBlack/hosts` for details +https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts + +# Other lists we consider safe: http://adblock.gjtech.net/?format=unix-hosts -http://hosts-file.net/ad_servers.txt -http://www.malwaredomainlist.com/hostslist/hosts.txt -http://pgl.yoyo.org/adservers/serverlist.php? -http://someonewhocares.org/hosts/hosts -http://winhelp2002.mvps.org/hosts.txt http://mirror1.malwaredomains.com/files/justdomains +http://sysctl.org/cameleon/hosts +https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist +https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt +https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt + +# hosts-file.net list. Updated frequently, but has been known to block legitimate sites. +http://hosts-file.net/ad_servers.txt + +# Mahakala list. Has been known to block legitimage domains including the entire .com range. +#http://adblock.mahakala.is/ + +# ADZHOSTS list. Has been known to block legitimate domains +#http://optimate.dl.sourceforge.net/project/adzhosts/HOSTS.txt + +# Windows 10 telemetry list +#https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/hostsBlockWindowsSpy.txt + +# Securemecca.com list - Also blocks "adult" sites (pornography/gambling etc) +#http://securemecca.com/Downloads/hosts.txt + +# Quidsup's tracker list +https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt + +# Block the BBC News website Breaking News banner +#https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts + + +# Untested Lists: +#https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt +#http://spam404bl.com/spam404scamlist.txt +#http://malwaredomains.lehigh.edu/files/domains.txt diff --git a/advanced/Scripts/blacklist.sh b/advanced/Scripts/blacklist.sh index 70b8131a..0eab679d 100644 --- a/advanced/Scripts/blacklist.sh +++ b/advanced/Scripts/blacklist.sh @@ -51,13 +51,13 @@ if [[ -f $piholeIPv6file ]];then fi -function HandleOther(){ +function HandleOther(){ #check validity of domain validDomain=$(echo $1 | perl -ne'print if /\b((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}\b/') - + if [ -z "$validDomain" ]; then echo $1 is not a valid argument or domain name - else + else domList=("${domList[@]}" $validDomain) fi } @@ -66,9 +66,9 @@ function PopBlacklistFile(){ #check blacklist file exists, and if not, create it if [[ ! -f $blacklist ]];then touch $blacklist - fi + fi for dom in "${domList[@]}" - do + do if $addmode; then AddDomain $dom else @@ -97,7 +97,7 @@ function AddDomain(){ } function RemoveDomain(){ - + bool=false grep -Ex -q "$1" $blacklist || bool=true if $bool; then @@ -110,42 +110,42 @@ function RemoveDomain(){ if $versbose; then echo "::: Un-blacklisting $dom..." fi - domToRemoveList=("${domToRemoveList[@]}" $1) - modifyHost=true - fi + domToRemoveList=("${domToRemoveList[@]}" $1) + modifyHost=true + fi } -function ModifyHostFile(){ +function ModifyHostFile(){ if $addmode; then #add domains to the hosts file if [[ -r $blacklist ]];then numberOf=$(cat $blacklist | sed '/^\s*$/d' | wc -l) plural=; [[ "$numberOf" != "1" ]] && plural=s echo ":::" - echo -n "::: Modifying HOSTS file to blacklist $numberOf domain${plural}..." - if [[ -n $piholeIPv6 ]];then + echo -n "::: Modifying HOSTS file to blacklist $numberOf domain${plural}..." + if [[ -n $piholeIPv6 ]];then cat $blacklist | awk -v ipv4addr="$piholeIP" -v ipv6addr="$piholeIPv6" '{sub(/\r$/,""); print ipv4addr" "$0"\n"ipv6addr" "$0}' >> $adList - else + else cat $blacklist | awk -v ipv4addr="$piholeIP" '{sub(/\r$/,""); print ipv4addr" "$0}' >>$adList - fi - + fi + fi else - + echo ":::" for dom in "${domToRemoveList[@]}" - do - #we need to remove the domains from the blacklist file and the host file + do + #we need to remove the domains from the blacklist file and the host file echo "::: $dom" echo -n "::: removing from HOSTS file..." - echo $dom | sed 's/\./\\./g' | xargs -I {} perl -i -ne'print unless /[^.]'{}'(?!.)/;' $adList + echo $dom | sed 's/\./\\./g' | xargs -I {} perl -i -ne'print unless /[^.]'{}'(?!.)/;' $adList echo " done!" echo -n "::: removing from blackist.txt..." echo $dom | sed 's/\./\\./g' | xargs -I {} perl -i -ne'print unless /'{}'(?!.)/;' $blacklist echo " done!" - done + done fi - + } function Reload() { @@ -170,17 +170,17 @@ function Reload() { for var in "$@" do case "$var" in - "-nr"| "--noreload" ) reload=false;; + "-nr"| "--noreload" ) reload=false;; "-d" | "--delmode" ) addmode=false;; "-f" | "--force" ) force=true;; - "-q" | "--quiet" ) versbose=false;; + "-q" | "--quiet" ) versbose=false;; * ) HandleOther $var;; esac done PopBlacklistFile -if $modifyHost || $force; then +if $modifyHost || $force; then ModifyHostFile else if $versbose; then diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 2fe00498..8cd9f042 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -51,9 +51,13 @@ function CalcblockedToday(){ function CalcPercentBlockedToday(){ if [ "$queriesToday" != "Err." ] && [ "$blockedToday" != "Err." ]; then - #scale 2 rounds the number down, so we'll do scale 4 and then trim the last 2 zeros - percentBlockedToday=$(echo "scale=4; $blockedToday/$queriesToday*100" | bc) - percentBlockedToday=$(sed 's/.\{2\}$//' <<< "$percentBlockedToday") + if [ "$queriesToday" != 0 ]; then #Fixes divide by zero error :) + #scale 2 rounds the number down, so we'll do scale 4 and then trim the last 2 zeros + percentBlockedToday=$(echo "scale=4; $blockedToday/$queriesToday*100" | bc) + percentBlockedToday=$(sed 's/.\{2\}$//' <<< "$percentBlockedToday") + else + percentBlockedToday=0 + fi fi } @@ -69,9 +73,9 @@ function outputJSON(){ CalcQueriesToday CalcblockedToday CalcPercentBlockedToday - + CalcBlockedDomains - + printf '{"domains_being_blocked":"%s","dns_queries_today":"%s","ads_blocked_today":"%s","ads_percentage_today":"%s"}\n' "$blockedDomainsTotal" "$queriesToday" "$blockedToday" "$percentBlockedToday" } @@ -84,29 +88,31 @@ function normalChrono(){ echo " $(ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -d':' -f2)" echo "" uptime | cut -d' ' -f11- + #uptime -p #Doesn't work on all versions of uptime + uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/) {d=$6;h=$8;m=$9} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes."}' echo "-------------------------------" # Uncomment to continually read the log file and display the current domain being blocked #tail -f /var/log/pihole.log | awk '/\/etc\/pihole\/gravity.list/ {if ($7 != "address" && $7 != "name" && $7 != "/etc/pihole/gravity.list") print $7; else;}' - + #uncomment next 4 lines to use original query count calculation #today=$(date "+%b %e") #todaysQueryCount=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ {print $7}' | wc -l) #todaysQueryCountV4=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ && /\[A\]/ {print $7}' | wc -l) #todaysQueryCountV6=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ && /\[AAAA\]/ {print $7}' | wc -l) - - + + CalcQueriesToday CalcblockedToday CalcPercentBlockedToday - + CalcBlockedDomains - + echo "Blocking: $blockedDomainsTotal" #below commented line does not add up to todaysQueryCount #echo "Queries: $todaysQueryCountV4 / $todaysQueryCountV6" echo "Queries: $queriesToday" #same total calculation as dashboard echo "Pi-holed: $blockedToday ($percentBlockedToday%)" - + sleep 5 done } @@ -120,7 +126,7 @@ function displayHelp(){ echo "Options:" echo " -j, --json output stats as JSON formatted string" echo " -h, --help display this help text" - + exit 1 } @@ -132,7 +138,7 @@ for var in "$@" do case "$var" in "-j" | "--json" ) outputJSON;; - "-h" | "--help" ) displayHelp;; + "-h" | "--help" ) displayHelp;; * ) exit 1;; esac done diff --git a/advanced/Scripts/setupLCD.sh b/advanced/Scripts/setupLCD.sh new file mode 100644 index 00000000..df2be704 --- /dev/null +++ b/advanced/Scripts/setupLCD.sh @@ -0,0 +1,89 @@ +#!/usr/bin/env bash +# Pi-hole: A black hole for Internet advertisements +# (c) 2015 by Jacob Salmela +# Network-wide ad blocking via your Raspberry Pi +# http://pi-hole.net +# Automatically configures the Pi to use the 2.8 LCD screen to display stats on it (also works over ssh) +# +# Pi-hole is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. + +############ FUNCTIONS ########### +# Run this script as root or under sudo +echo ":::" +if [[ $EUID -eq 0 ]];then + echo "::: You are root." +else + echo "::: sudo will be used." + # Check if it is actually installed + # If it isn't, exit because the install cannot complete + if [[ $(dpkg-query -s sudo) ]];then + export SUDO="sudo" + else + echo "::: Please install sudo or run this script as root." + exit 1 + fi +fi + +# Borrowed from adafruit-pitft-helper < borrowed from raspi-config +# https://github.com/adafruit/Adafruit-PiTFT-Helper/blob/master/adafruit-pitft-helper#L324-L334 +getInitSys() { + if command -v systemctl > /dev/null && systemctl | grep -q '\-\.mount'; then + SYSTEMD=1 + elif [ -f /etc/init.d/cron ] && [ ! -h /etc/init.d/cron ]; then + SYSTEMD=0 + else + echo "Unrecognised init system" + return 1 + fi +} + +# Borrowed from adafruit-pitft-helper: +# https://github.com/adafruit/Adafruit-PiTFT-Helper/blob/master/adafruit-pitft-helper#L274-L285 +autoLoginPiToConsole() { + if [ -e /etc/init.d/lightdm ]; then + if [ $SYSTEMD -eq 1 ]; then + $SUDO systemctl set-default multi-user.target + $SUDO ln -fs /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service + else + $SUDO update-rc.d lightdm disable 2 + $SUDO sed /etc/inittab -i -e "s/1:2345:respawn:\/sbin\/getty --noclear 38400 tty1/1:2345:respawn:\/bin\/login -f pi tty1 <\/dev\/tty1 >\/dev\/tty1 2>&1/" + fi + fi +} + +######### SCRIPT ########### +# Set pi to log in automatically +getInitSys +autoLoginPiToConsole + +# Set chronomter to run automatically when pi logs in +echo /usr/local/bin/chronometer.sh >> /home/pi/.bashrc +# OR +#$SUDO echo /usr/local/bin/chronometer.sh >> /etc/profile + +# Set up the LCD screen based on Adafruits instuctions: +# https://learn.adafruit.com/adafruit-pitft-28-inch-resistive-touchscreen-display-raspberry-pi/easy-install +curl -SLs https://apt.adafruit.com/add-pin | $SUDO bash +$SUDO apt-get -y install raspberrypi-bootloader +$SUDO apt-get -y install adafruit-pitft-helper +$SUDO adafruit-pitft-helper -t 28r + +# Download the cmdline.txt file that prevents the screen from going blank after a period of time +$SUDO mv /boot/cmdline.txt /boot/cmdline.orig +$SUDO curl -o /boot/cmdline.txt https://raw.githubusercontent.com/pi-hole/pi-hole/master/advanced/cmdline.txt + +# Back up the original file and download the new one +$SUDO mv /etc/default/console-setup /etc/default/console-setup.orig +$SUDO curl -o /etc/default/console-setup https://raw.githubusercontent.com/pi-hole/pi-hole/master/advanced/console-setup + +# Instantly apply the font change to the LCD screen +$SUDO setupcon + +$SUDO reboot + +# Start showing the stats on the screen by running the command on another tty: +# http://unix.stackexchange.com/questions/170063/start-a-process-on-a-different-tty +#setsid sh -c 'exec /usr/local/bin/chronometer.sh <> /dev/tty1 >&0 2>&1' diff --git a/advanced/Scripts/updateDashboard.sh b/advanced/Scripts/updateDashboard.sh index edf04896..6955683d 100644 --- a/advanced/Scripts/updateDashboard.sh +++ b/advanced/Scripts/updateDashboard.sh @@ -63,7 +63,7 @@ make_repo() { update_repo() { # pull the latest commits cd "$WEB_INTERFACE_DIR" - git pull + git pull } main diff --git a/advanced/Scripts/whitelist.sh b/advanced/Scripts/whitelist.sh index 853c3b79..79f71a71 100755 --- a/advanced/Scripts/whitelist.sh +++ b/advanced/Scripts/whitelist.sh @@ -50,13 +50,13 @@ if [[ -f $piholeIPv6file ]];then fi -function HandleOther(){ +function HandleOther(){ #check validity of domain validDomain=$(echo $1 | perl -ne'print if /\b((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}\b/') - + if [ -z "$validDomain" ]; then echo "::: $1 is not a valid argument or domain name" - else + else domList=("${domList[@]}" $validDomain) fi } @@ -65,9 +65,9 @@ function PopWhitelistFile(){ #check whitelist file exists, and if not, create it if [[ ! -f $whitelist ]];then touch $whitelist - fi + fi for dom in "${domList[@]}" - do + do if $addmode; then AddDomain $dom else @@ -79,7 +79,7 @@ function PopWhitelistFile(){ function AddDomain(){ #| sed 's/\./\\./g' bool=false - + grep -Ex -q "$1" $whitelist || bool=true if $bool; then #domain not found in the whitelist file, add it! @@ -99,7 +99,7 @@ function AddDomain(){ } function RemoveDomain(){ - + bool=false grep -Ex -q "$1" $whitelist || bool=true if $bool; then @@ -113,11 +113,11 @@ function RemoveDomain(){ #echo "::: Un-whitelisting $dom..." #fi domToRemoveList=("${domToRemoveList[@]}" $1) - modifyHost=true - fi + modifyHost=true + fi } -function ModifyHostFile(){ +function ModifyHostFile(){ if $addmode; then #remove domains in from hosts file if [[ -r $whitelist ]];then @@ -129,19 +129,19 @@ function ModifyHostFile(){ awk -F':' '{print $1}' $whitelist | while read line; do echo "$piholeIP $line"; done > /etc/pihole/whitelist.tmp awk -F':' '{print $1}' $whitelist | while read line; do echo "$piholeIPv6 $line"; done >> /etc/pihole/whitelist.tmp echo "l" >> /etc/pihole/whitelist.tmp - grep -F -x -v -f /etc/pihole/whitelist.tmp /etc/pihole/gravity.list > /etc/pihole/gravity.tmp + grep -F -x -v -f /etc/pihole/whitelist.tmp /etc/pihole/gravity.list > /etc/pihole/gravity.tmp rm /etc/pihole/gravity.list mv /etc/pihole/gravity.tmp /etc/pihole/gravity.list rm /etc/pihole/whitelist.tmp echo " done!" - + fi else #we need to add the removed domains to the hosts file echo ":::" echo "::: Modifying HOSTS file to un-whitelist domains..." for rdom in "${domToRemoveList[@]}" - do + do if [[ -n $piholeIPv6 ]];then echo -n "::: Un-whitelisting $rdom on IPv4 and IPv6..." echo $rdom | awk -v ipv4addr="$piholeIP" -v ipv6addr="$piholeIPv6" '{sub(/\r$/,""); print ipv4addr" "$0"\n"ipv6addr" "$0}' >> $adList @@ -155,7 +155,7 @@ function ModifyHostFile(){ echo $rdom| sed 's/\./\\./g' | xargs -I {} perl -i -ne'print unless /'{}'(?!.)/;' $whitelist echo " done!" done - fi + fi } function Reload() { @@ -179,10 +179,10 @@ function Reload() { for var in "$@" do case "$var" in - "-nr"| "--noreload" ) reload=false;; + "-nr"| "--noreload" ) reload=false;; "-d" | "--delmode" ) addmode=false;; "-f" | "--force" ) force=true;; - "-q" | "--quiet" ) versbose=false;; + "-q" | "--quiet" ) versbose=false;; * ) HandleOther $var;; esac done diff --git a/advanced/cmdline.txt b/advanced/cmdline.txt new file mode 100644 index 00000000..84d52b79 --- /dev/null +++ b/advanced/cmdline.txt @@ -0,0 +1 @@ +dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fbcon=map:10 fbcon=font:VGA8x8 consoleblank=0 diff --git a/advanced/console-setup b/advanced/console-setup new file mode 100644 index 00000000..f12be6eb --- /dev/null +++ b/advanced/console-setup @@ -0,0 +1,17 @@ +# CONFIGURATION FILE FOR SETUPCON + +# Consult the console-setup(5) manual page. + +ACTIVE_CONSOLES="/dev/tty[1-6]" + +CHARMAP="UTF-8" + +# For best results with the Adafruit 2.8 LCD and Pi-hole's chronometer +CODESET="guess" +FONTFACE="Terminus" +FONTSIZE="10x20" + +VIDEOMODE= + +# The following is an example how to use a braille font +# FONT='lat9w-08.psf.gz brl-8x8.psf' diff --git a/advanced/dnsmasq.conf.original b/advanced/dnsmasq.conf.original index 598d6390..9e4cc92e 100644 --- a/advanced/dnsmasq.conf.original +++ b/advanced/dnsmasq.conf.original @@ -27,8 +27,8 @@ # Replies which are not DNSSEC signed may be legitimate, because the domain # is unsigned, or may be forgeries. Setting this option tells dnsmasq to -# check that an unsigned reply is OK, by finding a secure proof that a DS -# record somewhere between the root and the domain does not exist. +# check that an unsigned reply is OK, by finding a secure proof that a DS +# record somewhere between the root and the domain does not exist. # The cost of setting this is that even queries in unsigned domains will need # one or more extra DNS queries to verify. #dnssec-check-unsigned @@ -183,11 +183,11 @@ #dhcp-range=1234::2, 1234::500, 64, 12h # Do Router Advertisements, BUT NOT DHCP for this subnet. -#dhcp-range=1234::, ra-only +#dhcp-range=1234::, ra-only # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and -# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack -# hosts. Use the DHCPv4 lease to derive the name, network segment and +# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack +# hosts. Use the DHCPv4 lease to derive the name, network segment and # MAC address and assume that the host will also have an # IPv6 address calculated using the SLAAC alogrithm. #dhcp-range=1234::, ra-names @@ -210,9 +210,9 @@ #dhcp-range=1234::, ra-stateless, ra-names # Do router advertisements for all subnets where we're doing DHCPv6 -# Unless overriden by ra-stateless, ra-names, et al, the router +# Unless overriden by ra-stateless, ra-names, et al, the router # advertisements will have the M and O bits set, so that the clients -# get addresses and configuration from DHCPv6, and the A bit reset, so the +# get addresses and configuration from DHCPv6, and the A bit reset, so the # clients don't use SLAAC addresses. #enable-ra @@ -278,11 +278,11 @@ # any machine with Ethernet address starting 11:22:33: #dhcp-host=11:22:33:*:*:*,set:red -# Give a fixed IPv6 address and name to client with +# Give a fixed IPv6 address and name to client with # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. # Note also the they [] around the IPv6 address are obilgatory. -#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] +#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] # Ignore any clients which are not specified in dhcp-host lines # or /etc/ethers. Equivalent to ISC "deny unknown-clients". @@ -338,7 +338,7 @@ # Send DHCPv6 option. Note [] around IPv6 addresses. #dhcp-option=option6:dns-server,[1234::77],[1234::88] -# Send DHCPv6 option for namservers as the machine running +# Send DHCPv6 option for namservers as the machine running # dnsmasq and another. #dhcp-option=option6:dns-server,[::],[1234::88] @@ -645,4 +645,4 @@ #conf-dir=/etc/dnsmasq.d,.bak # Include all files in a directory which end in .conf -#conf-dir=/etc/dnsmasq.d/*.conf +#conf-dir=/etc/dnsmasq.d/*.conf diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b54be6d7..4e6c74fa 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -111,10 +111,29 @@ welcomeDialogs() { whiptail --msgbox --backtitle "Plea" --title "Free and open source" "The Pi-hole is free, but powered by your donations: http://pi-hole.net/donate" $r $c # Explain the need for a static address - whiptail --msgbox --backtitle "Initating network interface" --title "Static IP Needed" "The Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly. + whiptail --msgbox --backtitle "Initating network interface" --title "Static IP Needed" "The Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly. In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c } + +verifyFreeDiskSpace() { + # 25MB is the minimum space needed (20MB install + 5MB one day of logs.) + requiredFreeBytes=51200 + + existingFreeBytes=`df -lk / 2>&1 | awk '{print $4}' | head -2 | tail -1` + if ! [[ "$existingFreeBytes" =~ ^([0-9])+$ ]]; then + existingFreeBytes=`df -lk /dev 2>&1 | awk '{print $4}' | head -2 | tail -1` + fi + + if [[ $existingFreeBytes -lt $requiredFreeBytes ]]; then + whiptail --msgbox --backtitle "Insufficient Disk Space" --title "Insufficient Disk Space" "\nYour system appears to be low on disk space. pi-hole recomends a minimum of $requiredFreeBytes Bytes.\nYou only have $existingFreeBytes Free.\n\nIf this is a new install you may need to expand your disk.\n\nTry running:\n 'sudo raspi-config'\nChoose the 'expand file system option'\n\nAfter rebooting, run this installation again.\n\ncurl -L install.pi-hole.net | bash\n" $r $c + echo "$existingFreeBytes is less than $requiredFreeBytes" + echo "Insufficient free space, exiting..." + exit 1 + fi +} + + chooseInterface() { # Turn the available interfaces into an array so it can be used with a whiptail dialog interfacesArray=() @@ -145,9 +164,15 @@ chooseInterface() { echo "::: Cancel selected, exiting...." exit 1 fi - + } +cleanupIPv6() { + # Removes IPv6 indicator file if we are not using IPv6 + if [ -f "/etc/pihole/.useIPv6" ] && [ ! $useIPv6 ]; then + rm /etc/pihole/.useIPv6 + fi +} use4andor6() { # Let use select IPv4 and/or IPv6 @@ -163,7 +188,7 @@ use4andor6() { IPv6 ) useIPv6=true;; esac done - + if [ $useIPv4 ] && [ ! $useIPv6 ]; then getStaticIPv4Settings setStaticIPv4 @@ -187,6 +212,7 @@ use4andor6() { echo "::: Exiting" exit 1 fi + cleanupIPv6 else echo "::: Cancel selected. Exiting..." exit 1 @@ -278,10 +304,31 @@ setStaticIPv4() { fi } +function valid_ip() +{ + local ip=$1 + local stat=1 + + if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + OIFS=$IFS + IFS='.' + ip=($ip) + IFS=$OIFS + [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \ + && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]] + stat=$? + fi + return $stat +} + setDNS(){ - DNSChoseCmd=(whiptail --separate-output --radiolist "Select Upstream DNS Provider" $r $c 2) + DNSChoseCmd=(whiptail --separate-output --radiolist "Select Upstream DNS Provider. To use your own, select Custom." $r $c 6) DNSChooseOptions=(Google "" on - OpenDNS "" off) + OpenDNS "" off + Level3 "" off + Norton "" off + Comodo "" off + Custom "" off) DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) if [[ $? = 0 ]];then case $DNSchoices in @@ -295,6 +342,79 @@ setDNS(){ piholeDNS1="208.67.222.222" piholeDNS2="208.67.220.220" ;; + Level3) + echo "::: Using Level3 servers." + piholeDNS1="4.2.2.1" + piholeDNS2="4.2.2.2" + ;; + Norton) + echo "::: Using Norton ConnectSafe servers." + piholeDNS1="199.85.126.10" + piholeDNS2="199.85.127.10" + ;; + Comodo) + echo "::: Using Comodo Secure servers." + piholeDNS1="8.26.56.26" + piholeDNS2="8.20.247.20" + ;; + Custom) + until [[ $DNSSettingsCorrect = True ]] + do + + strInvalid="Invalid" + + if [ ! $piholeDNS1 ]; then + if [ ! $piholeDNS2 ]; then + prePopulate="" + else + prePopulate=", $piholeDNS2" + fi + elif [ $piholeDNS1 ] && [ ! $piholeDNS2 ]; then + prePopulate="$piholeDNS1" + elif [ $piholeDNS1 ] && [ $piholeDNS2 ]; then + prePopulate="$piholeDNS1, $piholeDNS2" + fi + + piholeDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)" --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" $r $c "$prePopulate" 3>&1 1>&2 2>&3) + if [[ $? = 0 ]];then + piholeDNS1=$(echo $piholeDNS | sed 's/[, \t]\+/,/g' | awk -F, '{print$1}') + piholeDNS2=$(echo $piholeDNS | sed 's/[, \t]\+/,/g' | awk -F, '{print$2}') + + if ! valid_ip $piholeDNS1 || [ ! $piholeDNS1 ]; then + piholeDNS1=$strInvalid + fi + + if ! valid_ip $piholeDNS2 && [ $piholeDNS2 ]; then + piholeDNS2=$strInvalid + fi + + else + echo "::: Cancel selected, exiting...." + exit 1 + fi + + if [[ $piholeDNS1 == $strInvalid ]] || [[ $piholeDNS2 == $strInvalid ]]; then + whiptail --msgbox --backtitle "Invalid IP" --title "Invalid IP" "One or both entered IP addresses were invalid. Please try again.\n\n DNS Server 1: $piholeDNS1\n DNS Server 2: $piholeDNS2" $r $c + + if [[ $piholeDNS1 == $strInvalid ]]; then + piholeDNS1="" + fi + + if [[ $piholeDNS2 == $strInvalid ]]; then + piholeDNS2="" + fi + + DNSSettingsCorrect=False + else + if (whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\n DNS Server 1: $piholeDNS1\n DNS Server 2: $piholeDNS2" $r $c) then + DNSSettingsCorrect=True + else + # If the settings are wrong, the loop continues + DNSSettingsCorrect=False + fi + fi + done + ;; esac else echo "::: Cancel selected. Exiting..." @@ -307,11 +427,11 @@ versionCheckDNSmasq(){ dnsFile1="/etc/dnsmasq.conf" dnsFile2="/etc/dnsmasq.conf.orig" dnsSearch="addn-hosts=/etc/pihole/gravity.list" - + defaultFile="/etc/.pihole/advanced/dnsmasq.conf.original" newFileToInstall="/etc/.pihole/advanced/01-pihole.conf" newFileFinalLocation="/etc/dnsmasq.d/01-pihole.conf" - + if [ -f $dnsFile1 ]; then echo -n "::: Existing dnsmasq.conf found..." if grep -q $dnsSearch $dnsFile1; then @@ -323,20 +443,28 @@ versionCheckDNSmasq(){ $SUDO cp $defaultFile $dnsFile1 echo " done." else - echo " it is not a pi-hole file, leaving alone!" + echo " it is not a pi-hole file, leaving alone!" fi else echo -n "::: No dnsmasq.conf found.. restoring default dnsmasq.conf..." $SUDO cp $defaultFile $dnsFile1 echo " done." fi - - echo "::: Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." + + echo -n "::: Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." $SUDO cp $newFileToInstall $newFileFinalLocation echo " done." $SUDO sed -i "s/@INT@/$piholeInterface/" $newFileFinalLocation - $SUDO sed -i "s/@DNS1@/$piholeDNS1/" $newFileFinalLocation - $SUDO sed -i "s/@DNS2@/$piholeDNS2/" $newFileFinalLocation + if [[ "$piholeDNS1" != "" ]]; then + $SUDO sed -i "s/@DNS1@/$piholeDNS1/" $newFileFinalLocation + else + $SUDO sed -i '/^server=@DNS1@/d' $newFileFinalLocation + fi + if [[ "$piholeDNS2" != "" ]]; then + $SUDO sed -i "s/@DNS2@/$piholeDNS2/" $newFileFinalLocation + else + $SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation + fi } installScripts() { @@ -366,7 +494,7 @@ stopServices() { # Stop dnsmasq and lighttpd $SUDO echo ":::" $SUDO echo -n "::: Stopping services..." - $SUDO service dnsmasq stop & spinner $! || true + #$SUDO service dnsmasq stop & spinner $! || true $SUDO service lighttpd stop & spinner $! || true $SUDO echo " done." } @@ -393,7 +521,7 @@ checkForDependencies() { fi echo ":::" echo -n "::: Checking apt-get for upgraded packages...." - updatesToInstall=$(sudo apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst) + updatesToInstall=$($SUDO apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst) echo " done!" echo ":::" if [[ $updatesToInstall -eq "0" ]]; then @@ -507,9 +635,9 @@ installCron() { runGravity() { # Rub gravity.sh to build blacklists $SUDO echo ":::" - $SUDO echo "::: Preparing to run gravity.sh to refresh hosts..." + $SUDO echo "::: Preparing to run gravity.sh to refresh hosts..." if ls /etc/pihole/list* 1> /dev/null 2>&1; then - echo "::: Cleaning up previous install (preserving whitelist/blacklist)" + echo "::: Cleaning up previous install (preserving whitelist/blacklist)" $SUDO rm /etc/pihole/list.* fi #Don't run as SUDO, this was causing issues @@ -519,21 +647,44 @@ runGravity() { /usr/local/bin/gravity.sh } +setUser(){ + # Check if user pihole exists and create if not + echo "::: Checking if user 'pihole' exists..." + if id -u pihole > /dev/null 2>&1; then + echo "::: User 'pihole' already exists" + else + echo "::: User 'pihole' doesn't exist. Creating..." + $SUDO useradd -r -s /usr/sbin/nologin pihole + fi +} + +setPassword() { + # Password needed to authorize changes to lists from admin page + pass=$(whiptail --passwordbox "Please enter a password to secure your Pi-hole web interface." 10 50 3>&1 1>&2 2>&3) + + if [ $? = 0 ]; then + # Entered password + echo $pass > /etc/pihole/password.txt + else + echo "::: Cancel selected, exiting...." + exit 1 + fi +} installPihole() { # Install base files and web interface checkForDependencies # done stopServices + setUser $SUDO mkdir -p /etc/pihole/ $SUDO chown www-data:www-data /var/www/html $SUDO chmod 775 /var/www/html - $SUDO usermod -a -G www-data pi + $SUDO usermod -a -G www-data pihole $SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null getGitFiles installScripts installConfigs - #installWebAdmin CreateLogFile installPiholeWeb installCron @@ -557,6 +708,9 @@ The install log is in /etc/pihole." $r $c $SUDO mkdir -p /etc/pihole/ welcomeDialogs +# Verify there is enough disk space for the install +verifyFreeDiskSpace + # Just back up the original Pi-hole right away since it won't take long and it gets it out of the way backupLegacyPihole # Find interfaces and let the user choose one @@ -567,6 +721,9 @@ use4andor6 # Decide what upstream DNS Servers to use setDNS +# Set the admin page password +setPassword + # Install and log everything to a file installPihole | tee $tmpLog @@ -577,7 +734,7 @@ displayFinalMessage echo -n "::: Restarting services..." # Start services -$SUDO service dnsmasq start +$SUDO service dnsmasq restart $SUDO service lighttpd start echo " done." diff --git a/block hulu ads/lighttpd.conf b/block hulu ads/lighttpd.conf index 9e8d1f80..636fd07d 100644 --- a/block hulu ads/lighttpd.conf +++ b/block hulu ads/lighttpd.conf @@ -38,6 +38,6 @@ include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/include-conf-enabled.pl" -$HTTP["host"] =~ "ads.hulu.com|ads-v-darwin.hulu.com" { +$HTTP["host"] =~ "ads.hulu.com|ads-v-darwin.hulu.com|ads-e-darwin.hulu.com" { url.redirect = ( ".*" => "http://192.168.1.101:8200/MediaItems/19.mov") } diff --git a/gravity.sh b/gravity.sh index 3004b8a2..33f5d6d5 100755 --- a/gravity.sh +++ b/gravity.sh @@ -31,6 +31,8 @@ piholeIPv6file=/etc/pihole/.useIPv6 adListFile=/etc/pihole/adlists.list adListDefault=/etc/pihole/adlists.default +whitelistScript=/usr/local/bin/whitelist.sh +blacklistScript=/usr/local/bin/blacklist.sh if [[ -f $piholeIPfile ]];then # If the file exists, it means it was exported from the installation script and we should use that value instead of detecting it in this script @@ -98,18 +100,28 @@ function gravity_collapse() { echo -n "::: Custom adList file detected. Reading..." sources=() while read -a line; do - sources+=($line) + #Do not read commented out or blank lines + if [[ $line = \#* ]] || [[ ! $line ]]; then + echo "" > /dev/null + else + sources+=($line) + fi done < $adListFile - echo " done!" + echo " done!" else #no custom file found, use defaults! echo -n "::: No custom adlist file detected, reading from default file..." sources=() while read -a line; do - sources+=($line) + #Do not read commented out or blank lines + if [[ $line = \#* ]] || [[ ! $line ]]; then + echo "" > /dev/null + else + sources+=($line) + fi done < $adListDefault - echo " done!" - fi + echo " done!" + fi # Create the pihole resource directory if it doesn't exist. Future files will be stored here if [[ -d $piholeDir ]];then @@ -157,9 +169,9 @@ function gravity_transport() { fi # Silently curl url - curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer + curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer # Check for list updates - gravity_patternCheck $patternBuffer + gravity_patternCheck $patternBuffer # Cleanup rm -f $patternBuffer @@ -198,7 +210,7 @@ function gravity_spinup() { # Default is a simple request *) cmd_ext="" esac - gravity_transport $url $cmd_ext $agent + gravity_transport "$url" "$cmd_ext" "$agent" done } @@ -207,26 +219,26 @@ function gravity_Schwarzchild() { echo "::: " # Find all active domains and compile them into one file and remove CRs echo -n "::: Aggregating list of domains..." - truncate -s 0 $piholeDir/$matterandlight & spinner $! + truncate -s 0 $piholeDir/$matterandlight & spinner $! for i in "${activeDomains[@]}" do cat $i |tr -d '\r' >> $piholeDir/$matterandlight done echo " done!" - + } function gravity_Blacklist(){ # Append blacklist entries if they exist echo -n "::: Running blacklist script to update HOSTS file...." - blacklist.sh -f -nr -q > /dev/null & spinner $! - + $blacklistScript -f -nr -q > /dev/null & spinner $! + numBlacklisted=$(wc -l < "/etc/pihole/blacklist.txt") plural=; [[ "$numBlacklisted" != "1" ]] && plural=s echo " $numBlacklisted domain${plural} blacklisted!" - - + + } @@ -235,7 +247,7 @@ function gravity_Whitelist() { # Prevent our sources from being pulled into the hole plural=; [[ "${sources[@]}" != "1" ]] && plural=s echo -n "::: Adding ${#sources[@]} ad list source${plural} to the whitelist..." - + urls=() for url in ${sources[@]} do @@ -243,16 +255,16 @@ function gravity_Whitelist() { urls=("${urls[@]}" $tmp) done echo " done!" - + echo -n "::: Running whitelist script to update HOSTS file...." - whitelist.sh -f -nr -q ${urls[@]} > /dev/null & spinner $! - + $whitelistScript -f -nr -q ${urls[@]} > /dev/null & spinner $! + numWhitelisted=$(wc -l < "/etc/pihole/whitelist.txt") plural=; [[ "$numWhitelisted" != "1" ]] && plural=s echo " $numWhitelisted domain${plural} whitelisted!" - - - + + + } function gravity_unique() { @@ -272,7 +284,7 @@ function gravity_hostFormat() { #Add dummy domain Pi-Hole.IsWorking.OK to the top of gravity.list to make ping result return a friendlier looking domain! echo -e "$piholeIP Pi-Hole.IsWorking.OK \n$piholeIPv6 Pi-Hole.IsWorking.OK" > $piholeDir/$accretionDisc cat $piholeDir/$eventHorizon | awk -v ipv4addr="$piholeIP" -v ipv6addr="$piholeIPv6" '{sub(/\r$/,""); print ipv4addr" "$0"\n"ipv6addr" "$0}' >> $piholeDir/$accretionDisc - + else # Otherwise, just create gravity.list as normal using IPv4 #Add dummy domain Pi-Hole.IsWorking.OK to the top of gravity.list to make ping result return a friendlier looking domain! @@ -307,20 +319,28 @@ function gravity_advanced() { echo -n "::: Formatting list of domains to remove comments...." awk '($1 !~ /^#/) { if (NF>1) {print $2} else {print $1}}' $piholeDir/$matterandlight | sed -nr -e 's/\.{2,}/./g' -e '/\./p' > $piholeDir/$supernova & spinner $! echo " done!" - + numberOf=$(wc -l < $piholeDir/$supernova) echo "::: $numberOf domains being pulled in by gravity..." - + gravity_unique - + } function gravity_reload() { + #Clear no longer needed files... + echo ":::" + echo -n "::: Cleaning up un-needed files..." + $SUDO rm /etc/pihole/pihole.* + echo " done!" + # Reload hosts file echo ":::" echo -n "::: Refresh lists in dnsmasq..." dnsmasqPid=$(pidof dnsmasq) + find "$piholeDir" -type f -exec $SUDO chmod 666 {} \; & spinner $! + if [[ $dnsmasqPid ]]; then # service already running - reload config $SUDO kill -HUP $dnsmasqPid & spinner $!