From b79ff05e29a7a007a6d607ccdd0f679a9706a5a3 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 27 Jul 2018 15:21:25 -0700 Subject: [PATCH 01/22] Move template files to own subdir. Include pihole-FTL.conf in templates. Signed-off-by: Dan Schaper --- advanced/{ => Templates}/logrotate | 0 advanced/Templates/pihole-FTL.conf | 78 +++++++++++++++++++++ advanced/{ => Templates}/pihole-FTL.service | 0 advanced/{ => Templates}/pihole.cron | 0 advanced/{ => Templates}/pihole.sudo | 0 automated install/basic-install.sh | 13 ++-- 6 files changed, 87 insertions(+), 4 deletions(-) rename advanced/{ => Templates}/logrotate (100%) create mode 100644 advanced/Templates/pihole-FTL.conf rename advanced/{ => Templates}/pihole-FTL.service (100%) rename advanced/{ => Templates}/pihole.cron (100%) rename advanced/{ => Templates}/pihole.sudo (100%) diff --git a/advanced/logrotate b/advanced/Templates/logrotate similarity index 100% rename from advanced/logrotate rename to advanced/Templates/logrotate diff --git a/advanced/Templates/pihole-FTL.conf b/advanced/Templates/pihole-FTL.conf new file mode 100644 index 00000000..f855cf19 --- /dev/null +++ b/advanced/Templates/pihole-FTL.conf @@ -0,0 +1,78 @@ +## Listen only for local socket connections or permit all connections +## Options: localonly, all + +#SOCKET_LISTENING=localonly + +## Display all queries? Set to no to hide query display +## Options: yes, no + +#QUERY_DISPLAY=yes + +## Allow FTL to analyze AAAA queries from pihole.log? +## Options: yes, no + +#AAAA_QUERY_ANALYSIS=yes + +## Should FTL try to resolve IPv6 addresses to host names? +## Options: yes, no + +#RESOLVE_IPV6=yes + +## Should FTL try to resolve IPv4 addresses to host names? +## Options: yes, no + +#RESOLVE_IPV4=yes + +## How long should queries be stored in the database [days]? +## Setting this to 0 disables the database +## See: https://docs.pi-hole.net/ftldns/database/ +## Options: number of days + +#MAXDBDAYS=365 + +## How often do we store queries in FTL's database [minutes]? +## See: https://docs.pi-hole.net/ftldns/database/ +## Options: number of minutes + +#DBINTERVAL=1.0 + +## Specify path and filename of FTL's SQLite3 long-term database. +## Setting this to DBFILE= disables the database altogether +## See: https://docs.pi-hole.net/ftldns/database/ +## Option: path to db file + +#DBFILE=/etc/pihole/pihole-FTL.db + +## Up to how many hours of queries should be imported from the database and logs [hours]? +## Maximum is 744 (31 days) +## Options: number of days + +#MAXLOGAGE=24.0 + +## On which port should FTL be listening? +## Options: tcp port + +#FTLPORT=4711 + +## Which privacy level is used? +## See: https://docs.pi-hole.net/ftldns/privacylevels/ +## Options: 0, 1, 2, 3 + +#PRIVACYLEVEL=0 + +## Should FTL ignore queries coming from the local machine? +## Options: yes, no + +#IGNORE_LOCALHOST=no + +## How should FTL reply to blocked queries? +## See: https://docs.pi-hole.net/ftldns/blockingmode/ +## Options: NULL, IP-AAAA-NODATA, IP, NXDOMAIN + +#BLOCKINGMODE=NULL + +## Controls if FTLDNS should print extended details about regex matching into pihole-FTL.log. +## See: https://docs.pi-hole.net/ftldns/regex/overview/ +## Options: true, false + +#REGEX_DEBUGMODE=false diff --git a/advanced/pihole-FTL.service b/advanced/Templates/pihole-FTL.service similarity index 100% rename from advanced/pihole-FTL.service rename to advanced/Templates/pihole-FTL.service diff --git a/advanced/pihole.cron b/advanced/Templates/pihole.cron similarity index 100% rename from advanced/pihole.cron rename to advanced/Templates/pihole.cron diff --git a/advanced/pihole.sudo b/advanced/Templates/pihole.sudo similarity index 100% rename from advanced/pihole.sudo rename to advanced/Templates/pihole.sudo diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 79e8e1ae..45954693 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1553,7 +1553,7 @@ installPiholeWeb() { # Make the .d directory if it doesn't exist mkdir -p /etc/sudoers.d/ # and copy in the pihole sudoers file - cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.sudo /etc/sudoers.d/pihole + cp ${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole.sudo /etc/sudoers.d/pihole # Add lighttpd user (OS dependent) to sudoers file echo "${LIGHTTPD_USER} ALL=NOPASSWD: /usr/local/bin/pihole" >> /etc/sudoers.d/pihole @@ -1575,7 +1575,7 @@ installCron() { echo "" echo -ne " ${INFO} ${str}..." # Copy the cron file over from the local repo - cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.cron /etc/cron.d/pihole + cp ${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole.cron /etc/cron.d/pihole # Randomize gravity update time sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /etc/cron.d/pihole # Randomize update checker time @@ -1699,7 +1699,7 @@ installLogrotate() { echo "" echo -ne " ${INFO} ${str}..." # Copy the file over from the local repo - cp ${PI_HOLE_LOCAL_REPO}/advanced/logrotate /etc/pihole/logrotate + cp ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate /etc/pihole/logrotate # Different operating systems have different user / group # settings for logrotate that makes it impossible to create # a static logrotate file that will work with e.g. @@ -2023,7 +2023,12 @@ FTLinstall() { pushd "$(mktemp -d)" > /dev/null || { echo "Unable to make temporary directory for FTL binary download"; return 1; } # Always replace pihole-FTL.service - install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" + install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.service" "/etc/init.d/pihole-FTL" + + # Install template if it does not exist + if [[ ! -f /etc/pihole/pihole-FTL.conf ]]; then + install -o "${USER}" -Dm644 -t "${PI_HOLE_INSTALL_DIR}/advanced/Templates/pihole-FTL.conf" "/etc/pihole/pihole-FTL.conf" + fi local ftlBranch local url From ad20d5ac1c696a9a54a22ccd0c1992f30e4043ac Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 27 Jul 2018 15:39:37 -0700 Subject: [PATCH 02/22] Remove -t SOURCE and DIRECTORY reversal flag on install. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 45954693..85703e4d 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2026,8 +2026,8 @@ FTLinstall() { install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.service" "/etc/init.d/pihole-FTL" # Install template if it does not exist - if [[ ! -f /etc/pihole/pihole-FTL.conf ]]; then - install -o "${USER}" -Dm644 -t "${PI_HOLE_INSTALL_DIR}/advanced/Templates/pihole-FTL.conf" "/etc/pihole/pihole-FTL.conf" + if [[ ! -f "/etc/pihole/pihole-FTL.conf" ]]; then + install -o "${USER}" -Dm644 "${PI_HOLE_INSTALL_DIR}/advanced/Templates/pihole-FTL.conf" "/etc/pihole/pihole-FTL.conf" fi local ftlBranch From 512d2dd5f8dda7070c5d0db0b3bf30549f56422a Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 27 Jul 2018 15:47:20 -0700 Subject: [PATCH 03/22] Source git repo and not /opt location. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 85703e4d..d4955de8 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2027,7 +2027,7 @@ FTLinstall() { # Install template if it does not exist if [[ ! -f "/etc/pihole/pihole-FTL.conf" ]]; then - install -o "${USER}" -Dm644 "${PI_HOLE_INSTALL_DIR}/advanced/Templates/pihole-FTL.conf" "/etc/pihole/pihole-FTL.conf" + install -o "${USER}" -Dm644 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.conf" "/etc/pihole/pihole-FTL.conf" fi local ftlBranch From 47b56d612310a2bf364e9049e9c134730873d97b Mon Sep 17 00:00:00 2001 From: Mark Drobnak Date: Fri, 27 Jul 2018 23:20:59 -0400 Subject: [PATCH 04/22] Fix wrong git command flag I could not find documentation on a `--head` flag, but there is a `--heads` flag which does the same thing. Signed-off-by: Mcat12 --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 79e8e1ae..c7158435 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1918,7 +1918,7 @@ get_available_branches() { cd "${directory}" || return 1 # Get reachable remote branches, but store STDERR as STDOUT variable - output=$( { git ls-remote --head --quiet | cut -d'/' -f3- -; } 2>&1 ) + output=$( { git ls-remote --heads --quiet | cut -d'/' -f3- -; } 2>&1 ) echo "$output" return } From f2c675cff64a99bd66f913fbeff4bec5d816a21d Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sat, 28 Jul 2018 16:16:16 -0700 Subject: [PATCH 05/22] Formatted pihole-FTL.conf for readability. Signed-off-by: Dan Schaper --- advanced/Templates/pihole-FTL.conf | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/advanced/Templates/pihole-FTL.conf b/advanced/Templates/pihole-FTL.conf index f855cf19..a884f242 100644 --- a/advanced/Templates/pihole-FTL.conf +++ b/advanced/Templates/pihole-FTL.conf @@ -1,78 +1,78 @@ +## Socket Listening ## Listen only for local socket connections or permit all connections ## Options: localonly, all - #SOCKET_LISTENING=localonly +## Query Display ## Display all queries? Set to no to hide query display ## Options: yes, no - #QUERY_DISPLAY=yes +## AAA Query Analysis ## Allow FTL to analyze AAAA queries from pihole.log? ## Options: yes, no - #AAAA_QUERY_ANALYSIS=yes +## Resolve IPv6 ## Should FTL try to resolve IPv6 addresses to host names? ## Options: yes, no - #RESOLVE_IPV6=yes +## Resolve IPv4 ## Should FTL try to resolve IPv4 addresses to host names? ## Options: yes, no - #RESOLVE_IPV4=yes +## Max Database Days ## How long should queries be stored in the database [days]? ## Setting this to 0 disables the database ## See: https://docs.pi-hole.net/ftldns/database/ ## Options: number of days - #MAXDBDAYS=365 +## Database Interval ## How often do we store queries in FTL's database [minutes]? ## See: https://docs.pi-hole.net/ftldns/database/ ## Options: number of minutes - #DBINTERVAL=1.0 +## Database File ## Specify path and filename of FTL's SQLite3 long-term database. ## Setting this to DBFILE= disables the database altogether ## See: https://docs.pi-hole.net/ftldns/database/ ## Option: path to db file - #DBFILE=/etc/pihole/pihole-FTL.db +## Max Log Age ## Up to how many hours of queries should be imported from the database and logs [hours]? ## Maximum is 744 (31 days) ## Options: number of days - #MAXLOGAGE=24.0 +## FTL Port ## On which port should FTL be listening? ## Options: tcp port - #FTLPORT=4711 +## Privacy Level ## Which privacy level is used? ## See: https://docs.pi-hole.net/ftldns/privacylevels/ ## Options: 0, 1, 2, 3 - #PRIVACYLEVEL=0 +## Ignore Localhost ## Should FTL ignore queries coming from the local machine? ## Options: yes, no - #IGNORE_LOCALHOST=no +## Blocking Mode ## How should FTL reply to blocked queries? ## See: https://docs.pi-hole.net/ftldns/blockingmode/ ## Options: NULL, IP-AAAA-NODATA, IP, NXDOMAIN - #BLOCKINGMODE=NULL +## Regex Debug Mode ## Controls if FTLDNS should print extended details about regex matching into pihole-FTL.log. ## See: https://docs.pi-hole.net/ftldns/regex/overview/ ## Options: true, false - #REGEX_DEBUGMODE=false From 96681887b8cd24f0293bcd7245c077515071f9b2 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 28 Jul 2018 20:35:15 -0400 Subject: [PATCH 06/22] Fix wildcard/regex usage formatting Fix whitespace issue and missing backslashes in the regex example. Signed-off-by: Mcat12 --- manpages/pihole.8 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manpages/pihole.8 b/manpages/pihole.8 index c30570df..a6ad8068 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -282,10 +282,10 @@ Some usage examples .br \fBpihole -b -d noads.example.com\fR Remove "noads.example.com" from blacklist .br - \fBpihole --wild example.com\fR Add example.com as a wildcard - would + \fBpihole --wild example.com\fR Add example.com as a wildcard - would block all subdomains of example.com, including example.com itself. .br - \fBpihole --regex "ad.*\.example\.com$"\fR Add "ad.*\.example\.com$" to the regex + \fBpihole --regex "ad.*\\.example\\.com$"\fR Add "ad.*\\.example\\.com$" to the regex blacklist - would block all subdomains of example.com which start with "ad" .br From 3d87398721b83e7d765e9f2a5b3284b77fb06544 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 28 Jul 2018 20:50:04 -0400 Subject: [PATCH 07/22] Fix `check_service_active` leaking error output Signed-off-by: Mcat12 --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c7158435..84e0a14f 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1370,11 +1370,11 @@ check_service_active() { # If systemctl exists, if command -v systemctl &> /dev/null; then # use that to check the status of the service - systemctl is-enabled "${1}" > /dev/null + systemctl is-enabled "${1}" &> /dev/null # Otherwise, else # fall back to service command - service "${1}" status > /dev/null + service "${1}" status &> /dev/null fi } From c73b5456ebe07e2b497f79c03a4f156718fa7443 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 28 Jul 2018 21:12:05 -0400 Subject: [PATCH 08/22] Fix "which" error leaking Signed-off-by: Mcat12 --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 84e0a14f..539e3e92 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2058,7 +2058,7 @@ FTLinstall() { # Install the FTL service echo -e "${OVER} ${TICK} ${str}" # dnsmasq can now be stopped and disabled if it exists - if which dnsmasq > /dev/null; then + if which dnsmasq &> /dev/null; then if check_service_active "dnsmasq";then echo " ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately" stop_service dnsmasq @@ -2187,7 +2187,7 @@ FTLcheckUpdate() { local localSha1 # if dnsmasq exists and is running at this point, force reinstall of FTL Binary - if which dnsmasq > /dev/null; then + if which dnsmasq &> /dev/null; then if check_service_active "dnsmasq";then return 0 fi From f90c412b35d646c8639f2352d8b1bbf67d89fc87 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sat, 28 Jul 2018 18:28:25 -0700 Subject: [PATCH 09/22] nroff checked pihole.8 for formatting. `nroff -man pihole.8` Signed-off-by: Dan Schaper --- manpages/pihole.8 | 85 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 58 insertions(+), 27 deletions(-) diff --git a/manpages/pihole.8 b/manpages/pihole.8 index a6ad8068..e0845387 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -125,13 +125,16 @@ Available commands and options: .br -k, kelvin Set Kelvin as preferred temperature unit .br - -r, hostrecord Add a name to the DNS associated to an IPv4/IPv6 address + -r, hostrecord Add a name to the DNS associated to an + IPv4/IPv6 address .br - -e, email Set an administrative contact address for the Block Page + -e, email Set an administrative contact address for the + Block Page .br -i, interface Specify dnsmasq's interface listening behavior .br - -l, privacylevel Set privacy level (0 = lowest, 3 = highest) + -l, privacylevel Set privacy level + (0 = lowest, 3 = highest) .br \fB-c, chronometer\fR [options] @@ -181,7 +184,8 @@ Available commands and options: .br on Enable the Pi-hole log at /var/log/pihole.log .br - off Disable and flush the Pi-hole log at /var/log/pihole.log + off Disable and flush the Pi-hole log at + /var/log/pihole.log .br off noflush Disable the Pi-hole log at /var/log/pihole.log .br @@ -204,7 +208,8 @@ Available commands and options: .br -p, --pihole Only retrieve info regarding Pi-hole repository .br - -a, --admin Only retrieve info regarding AdminLTE repository + -a, --admin Only retrieve info regarding AdminLTE + repository .br -f, --ftl Only retrieve info regarding FTL repository .br @@ -214,7 +219,8 @@ Available commands and options: .br -l, --latest Return the latest version .br - --hash Return the Github hash from your local repositories + --hash Return the Github hash from your local + repositories .br \fBuninstall\fR @@ -266,7 +272,8 @@ Available commands and options: .br master Update subsystems to the latest stable release .br - dev Update subsystems to the latest development release + dev Update subsystems to the latest development + release .br branchname Update subsystems to the specified branchname .br @@ -275,50 +282,74 @@ Available commands and options: Some usage examples .br - Whitelist/blacklist manipulation +Whitelist/blacklist manipulation .br - \fBpihole -w iloveads.example.com\fR Add "iloveads.example.com" to whitelist +\fBpihole -w iloveads.example.com\fR .br - \fBpihole -b -d noads.example.com\fR Remove "noads.example.com" from blacklist -.br - \fBpihole --wild example.com\fR Add example.com as a wildcard - would - block all subdomains of example.com, including example.com itself. -.br - \fBpihole --regex "ad.*\\.example\\.com$"\fR Add "ad.*\\.example\\.com$" to the regex - blacklist - would block all subdomains of example.com which start with "ad" + Adds "iloveads.example.com" to whitelist .br - Changing the Web Interface password +\fBpihole -b -d noads.example.com\fR +.br + Removes "noads.example.com" from blacklist .br - \fBpihole -a -p ExamplePassword\fR Change the password to "ExamplePassword" +\fBpihole --wild example.com\fR +.br + Adds example.com as a wildcard - would block all subdomains of + example.com, including example.com itself. .br - Updating lists from internet sources +\fBpihole --regex "ad.*\\.example\\.com$"\fR +.br + Adds "ad.*\\.example\\.com$" to the regex blacklist. + Would block all subdomains of example.com which start with "ad" .br - \fBpihole -g\fR Update the list of ad-serving domains +Changing the Web Interface password .br - Displaying version information +\fBpihole -a -p ExamplePassword\fR +.br + Change the password to "ExamplePassword" .br - \fBpihole -v -a -c\fR Display the current version of AdminLTE +Updating lists from internet sources .br - Temporarily disabling Pi-hole +\fBpihole -g\fR +.br + Update the list of ad-serving domains .br - \fBpihole disable 5m\fR Disable Pi-hole functionality for five minutes +Displaying version information .br - Switching Pi-hole subsystem branches +\fBpihole -v -a -c\fR +.br + Display the current version of AdminLTE .br - \fBpihole checkout master\fR Switch to master branch +Temporarily disabling Pi-hole .br - \fBpihole checkout core dev\fR Switch to core development branch + +\fBpihole disable 5m\fR +.br + Disable Pi-hole functionality for five minutes +.br + +Switching Pi-hole subsystem branches +.br + +\fBpihole checkout master\fR +.br + Switch to master branch +.br + +\fBpihole checkout core dev\fR +.br + Switch to core development branch .br .SH "SEE ALSO" From 1a8d5fb4a90cacae4a4378513a35cfc059cb37b2 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 28 Jul 2018 21:56:18 -0400 Subject: [PATCH 10/22] Allow PHP to edit the regex file if installed Fixes permissions error on the web interface when modifying the regex. Signed-off-by: Mcat12 --- automated install/basic-install.sh | 9 +++++++++ gravity.sh | 5 ----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c7158435..1bbebde9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -50,6 +50,7 @@ PI_HOLE_INSTALL_DIR="/opt/pihole" useUpdateVars=false adlistFile="/etc/pihole/adlists.list" +regexFile="/etc/pihole/regex.list" # Pi-hole needs an IP address; to begin, these variables are empty since we don't know what the IP is until # this script can run IPV4_ADDRESS="" @@ -1235,6 +1236,11 @@ installConfigs() { # Make sure Pi-hole's config files are in place version_check_dnsmasq + # Install an empty regex file + touch "${regexFile}" + chown pihole:pihole "${regexFile}" + chmod 664 "${regexFile}" + # If the user chose to install the dashboard, if [[ "${INSTALL_WEB_SERVER}" == true ]]; then # and if the Web server conf directory does not exist, @@ -1261,6 +1267,9 @@ installConfigs() { chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress mkdir -p /var/cache/lighttpd/uploads chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads + + # Let PHP edit the regex file + chown pihole:${LIGHTTPD_GROUP} "${regexFile}" fi } diff --git a/gravity.sh b/gravity.sh index b018e2ea..50c37784 100755 --- a/gravity.sh +++ b/gravity.sh @@ -643,11 +643,6 @@ if [[ "${skipDownload}" == false ]] || [[ "${listType}" == "whitelist" ]]; then gravity_Whitelist fi -# Set proper permissions on the regex file -touch "${regexFile}" -chown pihole:www-data "${regexFile}" -chmod 664 "${regexFile}" - convert_wildcard_to_regex gravity_ShowBlockCount From 94b7c8eb597a7d6c8ed1fb0c27a5b6bc8755691d Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sat, 28 Jul 2018 19:58:23 -0700 Subject: [PATCH 11/22] Added header for file. Not using standard Pi-hole copyright header. Signed-off-by: Dan Schaper --- advanced/Templates/pihole-FTL.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/advanced/Templates/pihole-FTL.conf b/advanced/Templates/pihole-FTL.conf index a884f242..e4b9fae9 100644 --- a/advanced/Templates/pihole-FTL.conf +++ b/advanced/Templates/pihole-FTL.conf @@ -1,3 +1,9 @@ +### This file contains parameters for FTL behavior. +### At install, all parameters are commented out. The user can select desired options. +### Options shown are the default configuration. No modification is needed for most +### installations. +### Visit https://docs.pi-hole.net/ftldns/configfile/ for more detailed parameter explanations + ## Socket Listening ## Listen only for local socket connections or permit all connections ## Options: localonly, all From a55cc5533853264fb2768eb1fc48a67dd55a804f Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sat, 28 Jul 2018 23:07:35 -0400 Subject: [PATCH 12/22] Only `touch` the regex file if it doesn't already exist The other permission calls will always be run so that the file is in the expected state after install and repair. Signed-off-by: Mcat12 --- automated install/basic-install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 1bbebde9..9d04bd85 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1237,7 +1237,9 @@ installConfigs() { version_check_dnsmasq # Install an empty regex file - touch "${regexFile}" + if [[ ! -f "${regexFile}" ]]; then + touch "${regexFile}" + fi chown pihole:pihole "${regexFile}" chmod 664 "${regexFile}" From af2ec619655015a25b497b877782dba388ea03b5 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 29 Jul 2018 08:17:57 -0700 Subject: [PATCH 13/22] Convert [] to () Signed-off-by: Dan Schaper --- advanced/Templates/pihole-FTL.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/Templates/pihole-FTL.conf b/advanced/Templates/pihole-FTL.conf index e4b9fae9..03f42932 100644 --- a/advanced/Templates/pihole-FTL.conf +++ b/advanced/Templates/pihole-FTL.conf @@ -30,14 +30,14 @@ #RESOLVE_IPV4=yes ## Max Database Days -## How long should queries be stored in the database [days]? +## How long should queries be stored in the database (days)? ## Setting this to 0 disables the database ## See: https://docs.pi-hole.net/ftldns/database/ ## Options: number of days #MAXDBDAYS=365 ## Database Interval -## How often do we store queries in FTL's database [minutes]? +## How often do we store queries in FTL's database (minutes)? ## See: https://docs.pi-hole.net/ftldns/database/ ## Options: number of minutes #DBINTERVAL=1.0 @@ -50,7 +50,7 @@ #DBFILE=/etc/pihole/pihole-FTL.db ## Max Log Age -## Up to how many hours of queries should be imported from the database and logs [hours]? +## Up to how many hours of queries should be imported from the database and logs (hours)? ## Maximum is 744 (31 days) ## Options: number of days #MAXLOGAGE=24.0 From af13ceac24807aa24601a758a416c509802dd0dc Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 29 Jul 2018 08:42:59 -0700 Subject: [PATCH 14/22] Touch file as ${USER} instead of copying template. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2f1248e9..6ccbbb5c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2027,7 +2027,10 @@ FTLinstall() { # Install template if it does not exist if [[ ! -f "/etc/pihole/pihole-FTL.conf" ]]; then - install -o "${USER}" -Dm644 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.conf" "/etc/pihole/pihole-FTL.conf" + if ! sudo -u ${USER} touch "/etc/pihole/pihole-FTL.conf" 2&>1 /dev/null; then + echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file /etc/pihole/pihole-FTL.conf" + return 1 + fi fi local ftlBranch From 17c1e64f7e3417b592d677e9ffdacf05ab833c28 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 29 Jul 2018 09:06:51 -0700 Subject: [PATCH 15/22] Moved FTL configuration copy in to scripts copy function. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6ccbbb5c..86e66ca0 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1219,12 +1219,19 @@ installScripts() { install -o "${USER}" -Dm755 -t /usr/local/bin/ pihole install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole echo -e "${OVER} ${TICK} ${str}" + # Install template if it does not exist + if [[ ! -f "/etc/pihole/pihole-FTL.conf" ]]; then + if ! sudo -u ${USER} touch "${PI_HOLE_INSTALL_DIR}/pihole-FTL.conf" 2&>1 /dev/null; then + echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file /etc/pihole/pihole-FTL.conf" + return 1 + fi + fi # Otherwise, else # Show an error and exit echo -e "${OVER} ${CROSS} ${str} ${COL_LIGHT_RED}Error: Local repo ${PI_HOLE_LOCAL_REPO} not found, exiting installer${COL_NC}" - exit 1 + return 1 fi } @@ -1770,7 +1777,10 @@ installPihole() { accountForRefactor fi # Install base files and web interface - installScripts + if ! installScripts; then + echo -e " {CROSS} Failure in dependent script copy function." + exit 1 + fi # Install config files installConfigs # If the user wants to install the dashboard, @@ -2025,14 +2035,6 @@ FTLinstall() { # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.service" "/etc/init.d/pihole-FTL" - # Install template if it does not exist - if [[ ! -f "/etc/pihole/pihole-FTL.conf" ]]; then - if ! sudo -u ${USER} touch "/etc/pihole/pihole-FTL.conf" 2&>1 /dev/null; then - echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file /etc/pihole/pihole-FTL.conf" - return 1 - fi - fi - local ftlBranch local url From 57af0ba0a49044968fd472025cd50ae3b3f3f0fa Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Sun, 29 Jul 2018 18:26:00 -0400 Subject: [PATCH 16/22] Use `install` to make the regex file Signed-off-by: Mcat12 --- automated install/basic-install.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 9d04bd85..6ea66554 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1238,10 +1238,9 @@ installConfigs() { # Install an empty regex file if [[ ! -f "${regexFile}" ]]; then - touch "${regexFile}" + # Let PHP edit the regex file, if installed + install -o pihole -g "${LIGHTTPD_GROUP:-pihole}" -m 644 /dev/null "${regexFile}" fi - chown pihole:pihole "${regexFile}" - chmod 664 "${regexFile}" # If the user chose to install the dashboard, if [[ "${INSTALL_WEB_SERVER}" == true ]]; then @@ -1269,9 +1268,6 @@ installConfigs() { chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress mkdir -p /var/cache/lighttpd/uploads chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads - - # Let PHP edit the regex file - chown pihole:${LIGHTTPD_GROUP} "${regexFile}" fi } From fb2810557a2e5d42d18d01d6595ac77f693aacb0 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Sun, 29 Jul 2018 16:09:03 -0700 Subject: [PATCH 17/22] Allow web user group to access regex.list Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 6ea66554..7b38df31 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1239,7 +1239,7 @@ installConfigs() { # Install an empty regex file if [[ ! -f "${regexFile}" ]]; then # Let PHP edit the regex file, if installed - install -o pihole -g "${LIGHTTPD_GROUP:-pihole}" -m 644 /dev/null "${regexFile}" + install -o pihole -g "${LIGHTTPD_GROUP:-pihole}" -m 664 /dev/null "${regexFile}" fi # If the user chose to install the dashboard, From d0d030bafc7ba85b13eb7323500ea80599dca270 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 30 Jul 2018 14:02:18 -0700 Subject: [PATCH 18/22] Moved file creation to proper function. Included bash variables for file location. Set to pihole:pihole ownership with 644 permissions. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 86e66ca0..0c257e96 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1219,13 +1219,7 @@ installScripts() { install -o "${USER}" -Dm755 -t /usr/local/bin/ pihole install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole echo -e "${OVER} ${TICK} ${str}" - # Install template if it does not exist - if [[ ! -f "/etc/pihole/pihole-FTL.conf" ]]; then - if ! sudo -u ${USER} touch "${PI_HOLE_INSTALL_DIR}/pihole-FTL.conf" 2&>1 /dev/null; then - echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file /etc/pihole/pihole-FTL.conf" - return 1 - fi - fi + # Otherwise, else # Show an error and exit @@ -1241,7 +1235,13 @@ installConfigs() { echo -e " ${INFO} Installing configs from ${PI_HOLE_LOCAL_REPO}..." # Make sure Pi-hole's config files are in place version_check_dnsmasq - + # Install template if it does not exist + if [[ ! -f "${PI_HOLE_INSTALL_DIR}/pihole-FTL.conf" ]]; then + if ! install -o pihole -g pihole -m 664 /dev/null "${PI_HOLE_INSTALL_DIR}/pihole-FTL.conf" &>/dev/nul; then + echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file ${PI_HOLE_INSTALL_DIR}/pihole-FTL.conf" + return 1 + fi + fi # If the user chose to install the dashboard, if [[ "${INSTALL_WEB_SERVER}" == true ]]; then # and if the Web server conf directory does not exist, @@ -1782,7 +1782,10 @@ installPihole() { exit 1 fi # Install config files - installConfigs + if ! installConfigs; then + echo -e " {CROSS} Failure in dependent config copy function." + exit 1 + fi # If the user wants to install the dashboard, if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then # do so From 448fc7231c55314585053e658b3f5e148ed447bf Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 30 Jul 2018 14:26:07 -0700 Subject: [PATCH 19/22] Installed to `/etc/pihole` as PI_HOLE_CONFIG_DIR variable. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 0c257e96..178673a4 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -47,6 +47,7 @@ PI_HOLE_LOCAL_REPO="/etc/.pihole" PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage) # This folder is where the Pi-hole scripts will be installed PI_HOLE_INSTALL_DIR="/opt/pihole" +PI_HOLE_CONFIG_DIR="/etc/pihole" useUpdateVars=false adlistFile="/etc/pihole/adlists.list" @@ -1236,9 +1237,9 @@ installConfigs() { # Make sure Pi-hole's config files are in place version_check_dnsmasq # Install template if it does not exist - if [[ ! -f "${PI_HOLE_INSTALL_DIR}/pihole-FTL.conf" ]]; then - if ! install -o pihole -g pihole -m 664 /dev/null "${PI_HOLE_INSTALL_DIR}/pihole-FTL.conf" &>/dev/nul; then - echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file ${PI_HOLE_INSTALL_DIR}/pihole-FTL.conf" + if [[ ! -f "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" ]]; then + if ! install -o pihole -g pihole -m 664 /dev/null "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" &>/dev/nul; then + echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file ${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" return 1 fi fi From 993beab3b7bd2dab01dffd4f84f3b0f6a5c3a190 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Tue, 31 Jul 2018 11:14:26 -0700 Subject: [PATCH 20/22] Changed wording. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 958c36c7..10e43b6c 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1237,7 +1237,7 @@ installConfigs() { echo -e " ${INFO} Installing configs from ${PI_HOLE_LOCAL_REPO}..." # Make sure Pi-hole's config files are in place version_check_dnsmasq - # Install template if it does not exist + # Install empty file if it does not exist if [[ ! -f "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" ]]; then if ! install -o pihole -g pihole -m 664 /dev/null "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" &>/dev/nul; then echo -e " ${COL_LIGHT_RED}Error: Unable to initialize configuration file ${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" From 7086a400e8a60f70f2e6ea577087b5e38d5cadd5 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Tue, 31 Jul 2018 21:36:29 -0400 Subject: [PATCH 21/22] Use simpler regex format for wildcards Use `\.?domain\.com$` instead of `((^)|(\.))domain\.com$` Signed-off-by: Mcat12 --- advanced/Scripts/list.sh | 4 ++-- advanced/Scripts/wildcard_regex_converter.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 095e1274..4c0c0b8e 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -141,7 +141,7 @@ AddDomain() { bool=true domain="${1}" - [[ "${wildcard}" == true ]] && domain="((^)|(\\.))${domain//\./\\.}$" + [[ "${wildcard}" == true ]] && domain="\\.?${domain//\./\\.}$" # Is the domain in the list? # Search only for exactly matching lines @@ -189,7 +189,7 @@ RemoveDomain() { [[ -z "${type}" ]] && type="--wildcard-only" domain="${1}" - [[ "${wildcard}" == true ]] && domain="((^)|(\\.))${domain//\./\\.}$" + [[ "${wildcard}" == true ]] && domain="\\.?${domain//\./\\.}$" bool=true # Is it in the list? diff --git a/advanced/Scripts/wildcard_regex_converter.sh b/advanced/Scripts/wildcard_regex_converter.sh index 2db4d671..43d4a532 100644 --- a/advanced/Scripts/wildcard_regex_converter.sh +++ b/advanced/Scripts/wildcard_regex_converter.sh @@ -24,5 +24,5 @@ convert_wildcard_to_regex() { # Remove repeated domains (may have been inserted two times due to A and AAAA blocking) uniquedomains="$(uniq <<< "${domains}")" # Automatically generate regex filters and remove old wildcards file - awk '{print "((^)|(\\.))"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}" + awk '{print "\\.?"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}" } From e4e22fb58ef13c4101210ab9cb17e9dbf02d4d81 Mon Sep 17 00:00:00 2001 From: Mcat12 Date: Tue, 31 Jul 2018 22:16:40 -0400 Subject: [PATCH 22/22] Fix permissive regex The `\.?` is too permissive, letting in anything that ends in the domain Signed-off-by: Mcat12 --- advanced/Scripts/list.sh | 4 ++-- advanced/Scripts/wildcard_regex_converter.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 4c0c0b8e..87e4ab44 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -141,7 +141,7 @@ AddDomain() { bool=true domain="${1}" - [[ "${wildcard}" == true ]] && domain="\\.?${domain//\./\\.}$" + [[ "${wildcard}" == true ]] && domain="(^|\\.)${domain//\./\\.}$" # Is the domain in the list? # Search only for exactly matching lines @@ -189,7 +189,7 @@ RemoveDomain() { [[ -z "${type}" ]] && type="--wildcard-only" domain="${1}" - [[ "${wildcard}" == true ]] && domain="\\.?${domain//\./\\.}$" + [[ "${wildcard}" == true ]] && domain="(^|\\.)${domain//\./\\.}$" bool=true # Is it in the list? diff --git a/advanced/Scripts/wildcard_regex_converter.sh b/advanced/Scripts/wildcard_regex_converter.sh index 43d4a532..8c9578a3 100644 --- a/advanced/Scripts/wildcard_regex_converter.sh +++ b/advanced/Scripts/wildcard_regex_converter.sh @@ -24,5 +24,5 @@ convert_wildcard_to_regex() { # Remove repeated domains (may have been inserted two times due to A and AAAA blocking) uniquedomains="$(uniq <<< "${domains}")" # Automatically generate regex filters and remove old wildcards file - awk '{print "\\.?"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}" + awk '{print "(^|\\.)"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}" }