mirror of
https://github.com/pi-hole/pi-hole.git
synced 2024-12-23 21:30:17 +00:00
commit
995ee41d6b
11 changed files with 137 additions and 54 deletions
|
@ -46,3 +46,8 @@ log-facility=/var/log/pihole.log
|
|||
local-ttl=2
|
||||
|
||||
log-async
|
||||
|
||||
# If a DHCP client claims that its name is "wpad", ignore that.
|
||||
# This fixes a security hole. see CERT Vulnerability VU#598349
|
||||
dhcp-name-match=set:wpad-ignore,wpad
|
||||
dhcp-ignore-names=tag:wpad-ignore
|
||||
|
|
|
@ -167,7 +167,7 @@ checkout() {
|
|||
echo " ${TICK} Branch ${2} exists"
|
||||
echo "${2}" > /etc/pihole/ftlbranch
|
||||
FTLinstall "${binary}"
|
||||
start_service pihole-FTL
|
||||
restart_service pihole-FTL
|
||||
enable_service pihole-FTL
|
||||
else
|
||||
echo " ${CROSS} Requested branch \"${2}\" is not available"
|
||||
|
|
|
@ -76,6 +76,7 @@ WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd"
|
|||
HTML_DIRECTORY="/var/www/html"
|
||||
WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
|
||||
#BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole"
|
||||
SHM_DIRECTORY="/dev/shm"
|
||||
|
||||
# Files required by Pi-hole
|
||||
# https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684
|
||||
|
@ -976,6 +977,9 @@ list_files_in_dir() {
|
|||
[[ "${dir_to_parse}/${each_file}" == "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" ]] || \
|
||||
[[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then
|
||||
:
|
||||
elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then
|
||||
# SHM file - we do not want to see the content, but we want to see the files and their sizes
|
||||
log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")"
|
||||
else
|
||||
# Then, parse the file's content into an array so each line can be analyzed if need be
|
||||
for i in "${!REQUIRED_FILES[@]}"; do
|
||||
|
@ -1019,6 +1023,7 @@ show_content_of_pihole_files() {
|
|||
show_content_of_files_in_dir "${CRON_D_DIRECTORY}"
|
||||
show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}"
|
||||
show_content_of_files_in_dir "${LOG_DIRECTORY}"
|
||||
show_content_of_files_in_dir "${SHM_DIRECTORY}"
|
||||
}
|
||||
|
||||
head_tail_log() {
|
||||
|
|
|
@ -136,8 +136,16 @@ errorOutput() {
|
|||
}
|
||||
|
||||
defaultOutput() {
|
||||
# Source the setupvars config file
|
||||
# shellcheck disable=SC1091
|
||||
source /etc/pihole/setupVars.conf
|
||||
|
||||
versionOutput "pi-hole" "$@"
|
||||
versionOutput "AdminLTE" "$@"
|
||||
|
||||
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
|
||||
versionOutput "AdminLTE" "$@"
|
||||
fi
|
||||
|
||||
versionOutput "FTL" "$@"
|
||||
}
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ Options:
|
|||
-e, email Set an administrative contact address for the Block Page
|
||||
-h, --help Show this help dialog
|
||||
-i, interface Specify dnsmasq's interface listening behavior
|
||||
-l, privacylevel Set privacy level (0 = lowest, 3 = highest)"
|
||||
-l, privacylevel Set privacy level (0 = lowest, 4 = highest)"
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
@ -327,6 +327,12 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
|
|||
echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
|
||||
fi
|
||||
|
||||
# Sourced from setupVars
|
||||
# shellcheck disable=SC2154
|
||||
if [[ "${DHCP_rapid_commit}" == "true" ]]; then
|
||||
echo "dhcp-rapid-commit" >> "${dhcpconfig}"
|
||||
fi
|
||||
|
||||
if [[ "${DHCP_IPv6}" == "true" ]]; then
|
||||
echo "#quiet-dhcp6
|
||||
#enable-ra
|
||||
|
@ -351,6 +357,7 @@ EnableDHCP() {
|
|||
change_setting "DHCP_LEASETIME" "${args[5]}"
|
||||
change_setting "PIHOLE_DOMAIN" "${args[6]}"
|
||||
change_setting "DHCP_IPv6" "${args[7]}"
|
||||
change_setting "DHCP_rapid_commit" "${args[8]}"
|
||||
|
||||
# Remove possible old setting from file
|
||||
delete_dnsmasq_setting "dhcp-"
|
||||
|
|
|
@ -56,7 +56,7 @@ _pihole() {
|
|||
;;
|
||||
"privacylevel")
|
||||
if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then
|
||||
opts_privacy="0 1 2 3"
|
||||
opts_privacy="0 1 2 3 4"
|
||||
COMPREPLY=( $(compgen -W "${opts_privacy}" -- ${cur}) )
|
||||
else
|
||||
return 1
|
||||
|
|
|
@ -115,6 +115,9 @@ else
|
|||
OVER="\\r\\033[K"
|
||||
fi
|
||||
|
||||
# Define global binary variable
|
||||
binary="tbd"
|
||||
|
||||
# A simple function that just echoes out our logo in ASCII format
|
||||
# This lets users know that it is a Pi-hole, LLC product
|
||||
show_ascii_berry() {
|
||||
|
@ -165,6 +168,20 @@ if is_command apt-get ; then
|
|||
# grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE
|
||||
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
|
||||
# Some distros vary slightly so these fixes for dependencies may apply
|
||||
# on Ubuntu 18.04.1 LTS we need to add the universe repository to gain access to dialog and dhcpcd5
|
||||
APT_SOURCES="/etc/apt/sources.list"
|
||||
if awk 'BEGIN{a=1;b=0}/bionic main/{a=0}/bionic.*universe/{b=1}END{exit a + b}' ${APT_SOURCES}; then
|
||||
if ! whiptail --defaultno --title "Dependencies Require Update to Allowed Repositories" --yesno "Would you like to enable 'universe' repository?\\n\\nThis repository is required by the following packages:\\n\\n- dhcpcd5\\n- dialog" ${r} ${c}; then
|
||||
printf " %b Aborting installation: dependencies could not be installed.\\n" "${CROSS}"
|
||||
exit # exit the installer
|
||||
else
|
||||
printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}"
|
||||
cp ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list
|
||||
printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup"
|
||||
add-apt-repository universe
|
||||
printf " %b Enabled %s\\n" "${TICK}" "'universe' repository"
|
||||
fi
|
||||
fi
|
||||
# Debian 7 doesn't have iproute2 so if the dry run install is successful,
|
||||
if ${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1; then
|
||||
# we can install it
|
||||
|
@ -207,7 +224,7 @@ if is_command apt-get ; then
|
|||
# These programs are stored in an array so they can be looped through later
|
||||
INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail)
|
||||
# Pi-hole itself has several dependencies that also need to be installed
|
||||
PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf)
|
||||
PIHOLE_DEPS=(cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf libcap2)
|
||||
# The Web dashboard has some that also need to be installed
|
||||
# It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
|
||||
PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite})
|
||||
|
@ -249,7 +266,7 @@ elif is_command rpm ; then
|
|||
PKG_INSTALL=(${PKG_MANAGER} install -y)
|
||||
PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
|
||||
INSTALLER_DEPS=(dialog git iproute newt procps-ng which)
|
||||
PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite)
|
||||
PIHOLE_DEPS=(bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc sqlite libcap)
|
||||
PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo)
|
||||
LIGHTTPD_USER="lighttpd"
|
||||
LIGHTTPD_GROUP="lighttpd"
|
||||
|
@ -1420,9 +1437,9 @@ stop_service() {
|
|||
}
|
||||
|
||||
# Start/Restart service passed in as argument
|
||||
start_service() {
|
||||
restart_service() {
|
||||
# Local, named variables
|
||||
local str="Starting ${1} service"
|
||||
local str="Restarting ${1} service"
|
||||
printf " %b %s..." "${INFO}" "${str}"
|
||||
# If systemctl exists,
|
||||
if is_command systemctl ; then
|
||||
|
@ -1892,8 +1909,9 @@ installPihole() {
|
|||
installCron
|
||||
# Install the logrotate file
|
||||
installLogrotate
|
||||
# Check if FTL is installed
|
||||
FTLdetect || printf " %b FTL Engine not installed\\n" "${CROSS}"
|
||||
# Check if dnsmasq is present. If so, disable it and back up any possible
|
||||
# config file
|
||||
disable_dnsmasq
|
||||
# Configure the firewall
|
||||
if [[ "${useUpdateVars}" == false ]]; then
|
||||
configureFirewall
|
||||
|
@ -2116,7 +2134,6 @@ clone_or_update_repos() {
|
|||
# Download FTL binary to random temp directory and install FTL binary
|
||||
FTLinstall() {
|
||||
# Local, named variables
|
||||
local binary="${1}"
|
||||
local latesttag
|
||||
local str="Downloading and Installing FTL"
|
||||
printf " %b %s..." "${INFO}" "${str}"
|
||||
|
@ -2160,33 +2177,18 @@ FTLinstall() {
|
|||
# If we downloaded binary file (as opposed to text),
|
||||
if sha1sum --status --quiet -c "${binary}".sha1; then
|
||||
printf "transferred... "
|
||||
# Stop FTL
|
||||
|
||||
# Stop pihole-FTL service if available
|
||||
stop_service pihole-FTL &> /dev/null
|
||||
|
||||
# Install the new version with the correct permissions
|
||||
install -T -m 0755 "${binary}" /usr/bin/pihole-FTL
|
||||
|
||||
# Move back into the original directory the user was in
|
||||
popd > /dev/null || { printf "Unable to return to original directory after FTL binary download.\\n"; return 1; }
|
||||
# Install the FTL service
|
||||
|
||||
# Installed the FTL service
|
||||
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
|
||||
# dnsmasq can now be stopped and disabled if it exists
|
||||
if which dnsmasq &> /dev/null; then
|
||||
if check_service_active "dnsmasq";then
|
||||
printf " %b FTL can now resolve DNS Queries without dnsmasq running separately\\n" "${INFO}"
|
||||
stop_service dnsmasq
|
||||
disable_service dnsmasq
|
||||
fi
|
||||
fi
|
||||
|
||||
# Backup existing /etc/dnsmasq.conf if present and ensure that
|
||||
# /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d"
|
||||
local conffile="/etc/dnsmasq.conf"
|
||||
if [[ -f "${conffile}" ]]; then
|
||||
printf " %b Backing up %s to %s.old\\n" "${INFO}" "${conffile}" "${conffile}"
|
||||
mv "${conffile}" "${conffile}.old"
|
||||
fi
|
||||
# Create /etc/dnsmasq.conf
|
||||
echo "conf-dir=/etc/dnsmasq.d" > "${conffile}"
|
||||
|
||||
return 0
|
||||
# Otherwise,
|
||||
else
|
||||
|
@ -2206,6 +2208,27 @@ FTLinstall() {
|
|||
fi
|
||||
}
|
||||
|
||||
disable_dnsmasq() {
|
||||
# dnsmasq can now be stopped and disabled if it exists
|
||||
if which dnsmasq &> /dev/null; then
|
||||
if check_service_active "dnsmasq";then
|
||||
printf " %b FTL can now resolve DNS Queries without dnsmasq running separately\\n" "${INFO}"
|
||||
stop_service dnsmasq
|
||||
disable_service dnsmasq
|
||||
fi
|
||||
fi
|
||||
|
||||
# Backup existing /etc/dnsmasq.conf if present and ensure that
|
||||
# /etc/dnsmasq.conf contains only "conf-dir=/etc/dnsmasq.d"
|
||||
local conffile="/etc/dnsmasq.conf"
|
||||
if [[ -f "${conffile}" ]]; then
|
||||
printf " %b Backing up %s to %s.old\\n" "${INFO}" "${conffile}" "${conffile}"
|
||||
mv "${conffile}" "${conffile}.old"
|
||||
fi
|
||||
# Create /etc/dnsmasq.conf
|
||||
echo "conf-dir=/etc/dnsmasq.d" > "${conffile}"
|
||||
}
|
||||
|
||||
get_binary_name() {
|
||||
# This gives the machine architecture which may be different from the OS architecture...
|
||||
local machine
|
||||
|
@ -2363,7 +2386,7 @@ FTLdetect() {
|
|||
printf "\\n %b FTL Checks...\\n\\n" "${INFO}"
|
||||
|
||||
if FTLcheckUpdate ; then
|
||||
FTLinstall "${binary}" || return 1
|
||||
FTLinstall || return 1
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -2446,7 +2469,7 @@ main() {
|
|||
# Start the installer
|
||||
# Verify there is enough disk space for the install
|
||||
if [[ "${skipSpaceCheck}" == true ]]; then
|
||||
printf" %b Skipping free disk space verification\\n" "${INFO}"
|
||||
printf " %b Skipping free disk space verification\\n" "${INFO}"
|
||||
else
|
||||
verifyFreeDiskSpace
|
||||
fi
|
||||
|
@ -2523,6 +2546,11 @@ main() {
|
|||
else
|
||||
LIGHTTPD_ENABLED=false
|
||||
fi
|
||||
# Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole
|
||||
if ! FTLdetect; then
|
||||
printf " %b FTL Engine not installed\\n" "${CROSS}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Install and log everything to a file
|
||||
installPihole | tee -a /proc/$$/fd/3
|
||||
|
@ -2553,7 +2581,7 @@ main() {
|
|||
if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
|
||||
|
||||
if [[ "${LIGHTTPD_ENABLED}" == true ]]; then
|
||||
start_service lighttpd
|
||||
restart_service lighttpd
|
||||
enable_service lighttpd
|
||||
else
|
||||
printf " %b Lighttpd is disabled, skipping service restart\\n" "${INFO}"
|
||||
|
@ -2568,7 +2596,7 @@ main() {
|
|||
# Fixes a problem reported on Ubuntu 18.04 where trying to start
|
||||
# the service before enabling causes installer to exit
|
||||
enable_service pihole-FTL
|
||||
start_service pihole-FTL
|
||||
restart_service pihole-FTL
|
||||
|
||||
# Download and compile the aggregated block list
|
||||
runGravity
|
||||
|
|
|
@ -64,7 +64,7 @@ pihole-FTL.conf - FTL's config file
|
|||
On which port should FTL be listening?
|
||||
.br
|
||||
|
||||
\fBPRIVACYLEVEL=0|1|2|3\fR
|
||||
\fBPRIVACYLEVEL=0|1|2|3|4\fR
|
||||
.br
|
||||
Which privacy level is used?
|
||||
.br
|
||||
|
@ -74,7 +74,9 @@ pihole-FTL.conf - FTL's config file
|
|||
.br
|
||||
2 - hide domains and clients
|
||||
.br
|
||||
3 - paranoia mode (hide everything)
|
||||
3 - anonymous mode (hide everything)
|
||||
.br
|
||||
4 - disable all statistics
|
||||
.br
|
||||
|
||||
\fBIGNORE_LOCALHOST=no|yes\fR
|
||||
|
|
|
@ -134,7 +134,7 @@ Available commands and options:
|
|||
-i, interface Specify dnsmasq's interface listening behavior
|
||||
.br
|
||||
-l, privacylevel <level> Set privacy level
|
||||
(0 = lowest, 3 = highest)
|
||||
(0 = lowest, 4 = highest)
|
||||
.br
|
||||
|
||||
\fB-c, chronometer\fR [options]
|
||||
|
|
34
pihole
34
pihole
|
@ -23,17 +23,6 @@ source "${colfile}"
|
|||
|
||||
resolver="pihole-FTL"
|
||||
|
||||
# Must be root to use this tool
|
||||
if [[ ! $EUID -eq 0 ]];then
|
||||
if [[ -x "$(command -v sudo)" ]]; then
|
||||
exec sudo bash "$0" "$@"
|
||||
exit $?
|
||||
else
|
||||
echo -e " ${CROSS} sudo is needed to run pihole commands. Please run this script as root or install sudo."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
webpageFunc() {
|
||||
source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
|
||||
main "$@"
|
||||
|
@ -155,6 +144,10 @@ Time:
|
|||
|
||||
elif [[ "${1}" == "0" ]]; then
|
||||
# Disable Pi-hole
|
||||
if grep -cq "BLOCKING_ENABLED=false" "${setupVars}"; then
|
||||
echo -e " ${INFO} Blocking already disabled, nothing to do"
|
||||
exit 0
|
||||
fi
|
||||
if [[ -e "${gravitylist}" ]]; then
|
||||
mv "${gravitylist}" "${gravitylist}.bck"
|
||||
echo "" > "${gravitylist}"
|
||||
|
@ -204,6 +197,10 @@ Time:
|
|||
fi
|
||||
else
|
||||
# Enable Pi-hole
|
||||
if grep -cq "BLOCKING_ENABLED=true" "${setupVars}"; then
|
||||
echo -e " ${INFO} Blocking already enabled, nothing to do"
|
||||
exit 0
|
||||
fi
|
||||
echo -e " ${INFO} Enabling blocking"
|
||||
local str="Pi-hole Enabled"
|
||||
|
||||
|
@ -430,6 +427,21 @@ if [[ $# = 0 ]]; then
|
|||
helpFunc
|
||||
fi
|
||||
|
||||
case "${1}" in
|
||||
"-h" | "help" | "--help" ) helpFunc;;
|
||||
esac
|
||||
|
||||
# Must be root to use this tool
|
||||
if [[ ! $EUID -eq 0 ]];then
|
||||
if [[ -x "$(command -v sudo)" ]]; then
|
||||
exec sudo bash "$0" "$@"
|
||||
exit $?
|
||||
else
|
||||
echo -e " ${CROSS} sudo is needed to run pihole commands. Please run this script as root or install sudo."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Handle redirecting to specific functions based on arguments
|
||||
case "${1}" in
|
||||
"-w" | "whitelist" ) listFunc "$@";;
|
||||
|
|
|
@ -481,10 +481,10 @@ def test_FTL_download_aarch64_no_errors(Pihole):
|
|||
'''
|
||||
confirms only aarch64 package is downloaded for FTL engine
|
||||
'''
|
||||
# mock uname to return generic platform
|
||||
download_binary = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
FTLinstall pihole-FTL-aarch64-linux-gnu
|
||||
binary="pihole-FTL-aarch64-linux-gnu"
|
||||
FTLinstall
|
||||
''')
|
||||
expected_stdout = tick_box + ' Downloading and Installing FTL'
|
||||
assert expected_stdout in download_binary.stdout
|
||||
|
@ -495,10 +495,26 @@ def test_FTL_download_unknown_fails_no_errors(Pihole):
|
|||
'''
|
||||
confirms unknown binary is not downloaded for FTL engine
|
||||
'''
|
||||
# mock uname to return generic platform
|
||||
download_binary = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
FTLinstall pihole-FTL-mips
|
||||
binary="pihole-FTL-mips"
|
||||
FTLinstall
|
||||
''')
|
||||
expected_stdout = cross_box + ' Downloading and Installing FTL'
|
||||
assert expected_stdout in download_binary.stdout
|
||||
error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/'
|
||||
assert error1 in download_binary.stdout
|
||||
error2 = 'not found'
|
||||
assert error2 in download_binary.stdout
|
||||
|
||||
|
||||
def test_FTL_download_binary_unset_no_errors(Pihole):
|
||||
'''
|
||||
confirms unset binary variable does not download FTL engine
|
||||
'''
|
||||
download_binary = Pihole.run('''
|
||||
source /opt/pihole/basic-install.sh
|
||||
FTLinstall
|
||||
''')
|
||||
expected_stdout = cross_box + ' Downloading and Installing FTL'
|
||||
assert expected_stdout in download_binary.stdout
|
||||
|
|
Loading…
Reference in a new issue