Merge pull request #1021 from pi-hole/development

[RELEASE] Pi-Hole Core 2.10.1
This commit is contained in:
Adam Warner 2016-12-23 21:57:02 +00:00 committed by GitHub
commit bfe5506cc1
11 changed files with 126 additions and 159 deletions

View file

@ -6,16 +6,7 @@
**How familiar are you with the codebase?:** **How familiar are you with the codebase?:**
- [] 1 (very unfamiliar) _{replace this text with a number from 1 to 10, with 1 being not familiar, and 10 being very familiar}_
- [] 2
- [] 3
- [] 4
- [] 5
- [] 6
- [] 7
- [] 8
- [] 9
- [] 10 (very familiar)
--- ---
**[FEATURE REQUEST | QUESTION | OTHER]:** **[FEATURE REQUEST | QUESTION | OTHER]:**

View file

@ -10,16 +10,7 @@
**How familiar are you with the codebase?:** **How familiar are you with the codebase?:**
- [] 1 (very unfamiliar) _{replace this text with a number from 1 to 10, with 1 being not familiar, and 10 being very familiar}_
- [] 2
- [] 3
- [] 4
- [] 5
- [] 6
- [] 7
- [] 8
- [] 9
- [] 10 (very familiar)
--- ---
_{replace this line with your pull request content}_ _{replace this line with your pull request content}_

View file

@ -10,7 +10,7 @@
## The multi-platform, network-wide ad blocker ## The multi-platform, network-wide ad blocker
Block ads for **all** your devices _without_ the need to install client-side software. The Pi-hole blocks ads the DNS-level, so all your devices are protected. Block ads for **all** your devices _without_ the need to install client-side software. The Pi-hole blocks ads at the DNS-level, so all your devices are protected.
- Web Browsers - Web Browsers
- Cell Phones - Cell Phones
@ -53,7 +53,7 @@ wget -O basic-install.sh https://install.pi-hole.net
bash basic-install.sh bash basic-install.sh
``` ```
Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](http://pi-hole.net/faq/can-i-set-the-pi-hole-to-be-the-dns-server-at-my-router-so-i-dont-have-to-change-settings-for-my-devices/) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/). Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/).
## Installing the Pi-hole (Click to Watch!) ## Installing the Pi-hole (Click to Watch!)
<p align="center"> <p align="center">

View file

@ -15,8 +15,6 @@
piLog="/var/log/pihole.log" piLog="/var/log/pihole.log"
gravity="/etc/pihole/gravity.list" gravity="/etc/pihole/gravity.list"
today=$(date "+%b %e")
. /etc/pihole/setupVars.conf . /etc/pihole/setupVars.conf
CalcBlockedDomains() { CalcBlockedDomains() {
@ -35,7 +33,7 @@ CalcBlockedDomains() {
CalcQueriesToday() { CalcQueriesToday() {
if [ -e "${piLog}" ]; then if [ -e "${piLog}" ]; then
queriesToday=$(cat "${piLog}" | grep "${today}" | awk '/query/ {print $6}' | wc -l) queriesToday=$(awk '/query\[/ {print $6}' < "${piLog}" | wc -l)
else else
queriesToday="Err." queriesToday="Err."
fi fi
@ -43,7 +41,7 @@ CalcQueriesToday() {
CalcblockedToday() { CalcblockedToday() {
if [ -e "${piLog}" ] && [ -e "${gravity}" ];then if [ -e "${piLog}" ] && [ -e "${gravity}" ];then
blockedToday=$(cat ${piLog} | awk '/\/etc\/pihole\/gravity.list/ && !/address/ {print $6}' | wc -l) blockedToday=$(awk '/\/etc\/pihole\/gravity.list/ && !/address/ {print $6}' < "${piLog}" | wc -l)
else else
blockedToday="Err." blockedToday="Err."
fi fi

View file

@ -69,7 +69,7 @@ SetWebPassword(){
SetDNSServers(){ SetDNSServers(){
# Remove setting from file (create backup setupVars.conf.bak) # Remove setting from file (create backup setupVars.conf.bak)
sed -i.bak '/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/DNS_FQDN_REQUIRED/d;' /etc/pihole/setupVars.conf sed -i.bak '/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/DNS_FQDN_REQUIRED/d;/DNS_BOGUS_PRIV/d;' /etc/pihole/setupVars.conf
# Save setting to file # Save setting to file
echo "PIHOLE_DNS_1=${args[2]}" >> /etc/pihole/setupVars.conf echo "PIHOLE_DNS_1=${args[2]}" >> /etc/pihole/setupVars.conf
if [[ "${args[3]}" != "none" ]]; then if [[ "${args[3]}" != "none" ]]; then
@ -215,6 +215,20 @@ SetDNSDomainName(){
} }
ResolutionSettings() {
typ=${args[2]}
state=${args[3]}
if [[ "${typ}" == "forward" ]]; then
sed -i.bak '/API_GET_UPSTREAM_DNS_HOSTNAME/d;' /etc/pihole/setupVars.conf
echo "API_GET_UPSTREAM_DNS_HOSTNAME=${state}" >> /etc/pihole/setupVars.conf
elif [[ "${typ}" == "clients" ]]; then
sed -i.bak '/API_GET_CLIENT_HOSTNAME/d;' /etc/pihole/setupVars.conf
echo "API_GET_CLIENT_HOSTNAME=${state}" >> /etc/pihole/setupVars.conf
fi
}
case "${args[1]}" in case "${args[1]}" in
"-p" | "password" ) SetWebPassword;; "-p" | "password" ) SetWebPassword;;
"-c" | "celsius" ) unit="C"; SetTemperatureUnit;; "-c" | "celsius" ) unit="C"; SetTemperatureUnit;;
@ -231,6 +245,7 @@ case "${args[1]}" in
"layout" ) SetWebUILayout;; "layout" ) SetWebUILayout;;
"-h" | "--help" ) helpFunc;; "-h" | "--help" ) helpFunc;;
"domainname" ) SetDNSDomainName;; "domainname" ) SetDNSDomainName;;
"resolve" ) ResolutionSettings;;
* ) helpFunc;; * ) helpFunc;;
esac esac

View file

@ -13,14 +13,15 @@
# scripts, any changes made to this file will be overwritten when the softare # scripts, any changes made to this file will be overwritten when the softare
# is updated or re-installed. Please make any changes to the appropriate crontab # is updated or re-installed. Please make any changes to the appropriate crontab
# or other cron file snippets. # or other cron file snippets.
PATH="$PATH:/usr/local/bin/"
# Pi-hole: Update the ad sources once a week on Sunday at 01:59 # Pi-hole: Update the ad sources once a week on Sunday at 01:59
# Download any updates from the adlists # Download any updates from the adlists
59 1 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updateGravity 59 1 * * 7 root pihole updateGravity
# Pi-hole: Update Pi-hole! Uncomment to enable auto update # Pi-hole: Update Pi-hole! Uncomment to enable auto update
#30 2 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updatePihole #30 2 * * 7 root pihole updatePihole
# Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control # Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control
# Stats will be viewable in the Web interface thanks to the cron job above # Stats will be viewable in the Web interface thanks to the cron job above
00 00 * * * root PATH="$PATH:/usr/local/bin/" pihole flush 00 00 * * * root pihole flush

View file

@ -9,4 +9,3 @@
# the Free Software Foundation, either version 2 of the License, or # the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version. # (at your option) any later version.
www-data ALL=NOPASSWD: /usr/local/bin/pihole

View file

@ -1,87 +0,0 @@
module pihole 1.0;
require {
type var_log_t;
type unconfined_t;
type init_t;
type auditd_t;
type syslogd_t;
type NetworkManager_t;
type mdadm_t;
type tuned_t;
type avahi_t;
type irqbalance_t;
type system_dbusd_t;
type kernel_t;
type httpd_sys_script_t;
type systemd_logind_t;
type httpd_t;
type policykit_t;
type dnsmasq_t;
type udev_t;
type postfix_pickup_t;
type sshd_t;
type crond_t;
type getty_t;
type lvm_t;
type postfix_qmgr_t;
type postfix_master_t;
class dir { getattr search };
class file { read open setattr };
}
#============= dnsmasq_t ==============
allow dnsmasq_t var_log_t:file { open setattr };
#============= httpd_t ==============
allow httpd_t var_log_t:file { read open };
#============= httpd_sys_script_t (class: dir) ==============
allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
allow httpd_sys_script_t auditd_t:dir { getattr search };
allow httpd_sys_script_t avahi_t:dir { getattr search };
allow httpd_sys_script_t crond_t:dir { getattr search };
allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
allow httpd_sys_script_t getty_t:dir { getattr search };
allow httpd_sys_script_t httpd_t:dir { getattr search };
allow httpd_sys_script_t init_t:dir { getattr search };
allow httpd_sys_script_t irqbalance_t:dir { getattr search };
allow httpd_sys_script_t kernel_t:dir { getattr search };
allow httpd_sys_script_t lvm_t:dir { getattr search };
allow httpd_sys_script_t mdadm_t:dir { getattr search };
allow httpd_sys_script_t policykit_t:dir { getattr search };
allow httpd_sys_script_t postfix_master_t:dir { getattr search };
allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
allow httpd_sys_script_t sshd_t:dir { getattr search };
allow httpd_sys_script_t syslogd_t:dir { getattr search };
allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
allow httpd_sys_script_t tuned_t:dir { getattr search };
allow httpd_sys_script_t udev_t:dir { getattr search };
allow httpd_sys_script_t unconfined_t:dir { getattr search };
#============= httpd_sys_script_t (class: file) ==============
allow httpd_sys_script_t NetworkManager_t:file { read open };
allow httpd_sys_script_t auditd_t:file { read open };
allow httpd_sys_script_t avahi_t:file { read open };
allow httpd_sys_script_t crond_t:file { read open };
allow httpd_sys_script_t dnsmasq_t:file { read open };
allow httpd_sys_script_t getty_t:file { read open };
allow httpd_sys_script_t httpd_t:file { read open };
allow httpd_sys_script_t init_t:file { read open };
allow httpd_sys_script_t irqbalance_t:file { read open };
allow httpd_sys_script_t kernel_t:file { read open };
allow httpd_sys_script_t lvm_t:file { read open };
allow httpd_sys_script_t mdadm_t:file { read open };
allow httpd_sys_script_t policykit_t:file { read open };
allow httpd_sys_script_t postfix_master_t:file { read open };
allow httpd_sys_script_t postfix_pickup_t:file { read open };
allow httpd_sys_script_t postfix_qmgr_t:file { read open };
allow httpd_sys_script_t sshd_t:file { read open };
allow httpd_sys_script_t syslogd_t:file { read open };
allow httpd_sys_script_t system_dbusd_t:file { read open };
allow httpd_sys_script_t systemd_logind_t:file { read open };
allow httpd_sys_script_t tuned_t:file { read open };
allow httpd_sys_script_t udev_t:file { read open };
allow httpd_sys_script_t unconfined_t:file { read open };

View file

@ -135,8 +135,14 @@ fi
is_repo() { is_repo() {
# Use git to check if directory is currently under VCS, return the value # Use git to check if directory is currently under VCS, return the value
local directory="${1}" local directory="${1}"
git -C "${directory}" status --short &> /dev/null if [ -d $directory ]; then
return # git -C is not used here to support git versions older than 1.8.4
curdir=$PWD; cd $directory; git status --short &> /dev/null; rc=$?; cd $curdir
return $rc
else
# non-zero return code if directory does not exist OR is not a valid git repository
return 1
fi
} }
make_repo() { make_repo() {
@ -628,6 +634,7 @@ installScripts() {
# Install files from local core repository # Install files from local core repository
if is_repo "${PI_HOLE_LOCAL_REPO}"; then if is_repo "${PI_HOLE_LOCAL_REPO}"; then
cd "${PI_HOLE_LOCAL_REPO}" cd "${PI_HOLE_LOCAL_REPO}"
install -o "${USER}" -Dm755 -d /opt/pihole
install -o "${USER}" -Dm755 -t /opt/pihole/ gravity.sh install -o "${USER}" -Dm755 -t /opt/pihole/ gravity.sh
install -o "${USER}" -Dm755 -t /opt/pihole/ ./advanced/Scripts/*.sh install -o "${USER}" -Dm755 -t /opt/pihole/ ./advanced/Scripts/*.sh
install -o "${USER}" -Dm755 -t /opt/pihole/ ./automated\ install/uninstall.sh install -o "${USER}" -Dm755 -t /opt/pihole/ ./automated\ install/uninstall.sh
@ -800,6 +807,15 @@ installPiholeWeb() {
echo -n "::: Installing sudoer file..." echo -n "::: Installing sudoer file..."
mkdir -p /etc/sudoers.d/ mkdir -p /etc/sudoers.d/
cp /etc/.pihole/advanced/pihole.sudo /etc/sudoers.d/pihole cp /etc/.pihole/advanced/pihole.sudo /etc/sudoers.d/pihole
# Add lighttpd user (OS dependent) to sudoers file
echo "${LIGHTTPD_USER} ALL=NOPASSWD: /usr/local/bin/pihole" >> /etc/sudoers.d/pihole
if [[ "$LIGHTTPD_USER" == "lighttpd" ]]; then
# Allow executing pihole via sudo with Fedora
# Usually /usr/local/bin is not permitted as directory for sudoable programms
echo "Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin" >> /etc/sudoers.d/pihole
fi
chmod 0440 /etc/sudoers.d/pihole chmod 0440 /etc/sudoers.d/pihole
echo " done!" echo " done!"
} }
@ -820,8 +836,12 @@ runGravity() {
echo "::: Cleaning up previous install (preserving whitelist/blacklist)" echo "::: Cleaning up previous install (preserving whitelist/blacklist)"
rm /etc/pihole/list.* rm /etc/pihole/list.*
fi fi
# Test if /etc/pihole/adlists.default exists
if [[ ! -e /etc/pihole/adlists.default ]]; then
cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
fi
echo "::: Running gravity.sh" echo "::: Running gravity.sh"
/opt/pihole/gravity.sh { /opt/pihole/gravity.sh; }
} }
create_pihole_user() { create_pihole_user() {
@ -877,7 +897,6 @@ installPihole() {
installScripts installScripts
installConfigs installConfigs
CreateLogFile CreateLogFile
configureSelinux
installPiholeWeb installPiholeWeb
installCron installCron
configureFirewall configureFirewall
@ -908,7 +927,6 @@ updatePihole() {
installScripts installScripts
installConfigs installConfigs
CreateLogFile CreateLogFile
configureSelinux
installPiholeWeb installPiholeWeb
installCron installCron
configureFirewall configureFirewall
@ -916,23 +934,25 @@ updatePihole() {
runGravity runGravity
} }
configureSelinux() {
checkSelinux() {
if [ -x "$(command -v getenforce)" ]; then if [ -x "$(command -v getenforce)" ]; then
printf "\n::: SELinux Detected\n" echo ":::"
printf ":::\tChecking for SELinux policy development packages..." echo -n "::: SELinux Support Detected... Mode: "
package_check_install "selinux-policy-devel" > /dev/null enforceMode=$(getenforce)
echo " installed!" echo "${enforceMode}"
printf ":::\tEnabling httpd server side includes (SSI).. " if [[ "${enforceMode}" == "Enforcing" ]]; then
setsebool -P httpd_ssi_exec on &> /dev/null && echo "Success" || echo "SELinux not enabled" if (whiptail --title "SELinux Enforcing Detected" --yesno "SELinux is being Enforced on your system!\n\nPi-hole currently does not support SELinux, but you may still continue with the installation.\n\nNote: Admin UI Will not function fully without setting your policies correctly\n\nContinue installing Pi-hole?" ${r} ${c}); then
printf "\n:::\tCompiling Pi-Hole SELinux policy..\n" echo ":::"
if ! [ -x "$(command -v systemctl)" ]; then echo "::: Continuing installation with SELinux Enforcing."
sed -i.bak '/systemd/d' /etc/.pihole/advanced/selinux/pihole.te echo "::: Please refer to official SELinux documentation to create a custom policy."
else
echo ":::"
echo "::: Not continuing install after SELinux Enforcing detected."
exit 1
fi
fi fi
checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
semodule -i /etc/pihole/pihole.pp
rm -f /etc/pihole/pihole.mod
semodule -l | grep pihole &> /dev/null && echo "::: Installed Pi-Hole SELinux policy" || echo "::: Warning: Pi-Hole SELinux policy did not install."
fi fi
} }
@ -998,6 +1018,7 @@ update_dialogs() {
} }
main() { main() {
# Check arguments for the undocumented flags # Check arguments for the undocumented flags
for var in "$@"; do for var in "$@"; do
case "$var" in case "$var" in
@ -1033,6 +1054,9 @@ main() {
# Install packages used by this installation script # Install packages used by this installation script
install_dependent_packages INSTALLER_DEPS[@] install_dependent_packages INSTALLER_DEPS[@]
# Check if SELinux is Enforcing
checkSelinux
if [[ "${reconfigure}" == true ]]; then if [[ "${reconfigure}" == true ]]; then
echo "::: --reconfigure passed to install script. Not downloading/updating local repos" echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
else else
@ -1053,10 +1077,10 @@ main() {
get_available_interfaces get_available_interfaces
# Find interfaces and let the user choose one # Find interfaces and let the user choose one
chooseInterface chooseInterface
# Let the user decide if they want to block ads over IPv4 and/or IPv6
use4andor6
# Decide what upstream DNS Servers to use # Decide what upstream DNS Servers to use
setDNS setDNS
# Let the user decide if they want to block ads over IPv4 and/or IPv6
use4andor6
# Let the user decide if they want query logging enabled... # Let the user decide if they want query logging enabled...
setLogging setLogging

View file

@ -104,16 +104,30 @@ gravity_collapse() {
# patternCheck - check to see if curl downloaded any new files. # patternCheck - check to see if curl downloaded any new files.
gravity_patternCheck() { gravity_patternCheck() {
patternBuffer=$1 patternBuffer=$1
success=$2
error=$3
if [ $success = true ]; then
# check if download was successful but list has not been modified
if [ "${error}" == "304" ]; then
echo "::: No changes detected, transport skipped!"
# check if the patternbuffer is a non-zero length file # check if the patternbuffer is a non-zero length file
if [[ -s "${patternBuffer}" ]]; then elif [[ -s "${patternBuffer}" ]]; then
# Some of the blocklists are copyright, they need to be downloaded # Some of the blocklists are copyright, they need to be downloaded
# and stored as is. They can be processed for content after they # and stored as is. They can be processed for content after they
# have been saved. # have been saved.
mv "${patternBuffer}" "${saveLocation}" mv "${patternBuffer}" "${saveLocation}"
echo " List updated, transport successful!" echo "::: List updated, transport successful!"
else else
# curl didn't download any host files, probably because of the date check # Empty file -> use previously downloaded list
echo " No changes detected, transport skipped!" echo "::: Received empty file, using cached one (list not updated!)"
fi
else
# check if cached list exists
if [[ -r "${saveLocation}" ]]; then
echo "::: List download failed, using cached list (list not updated!)"
else
echo "::: Download failed and no cached list available (list will not be considered)"
fi
fi fi
} }
@ -132,9 +146,27 @@ gravity_transport() {
fi fi
# Silently curl url # Silently curl url
curl -s -L ${cmd_ext} ${heisenbergCompensator} -A "${agent}" ${url} > ${patternBuffer} err=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w %{http_code} -A "${agent}" ${url} -o ${patternBuffer})
# Check for list updates
gravity_patternCheck "${patternBuffer}" echo " done"
# Analyze http response
echo -n "::: Status: "
case "$err" in
"200" ) echo "Success (OK)"; success=true;;
"304" ) echo "Not modified"; success=true;;
"403" ) echo "Forbidden"; success=false;;
"404" ) echo "Not found"; success=false;;
"408" ) echo "Time-out"; success=false;;
"451" ) echo "Unavailable For Legal Reasons"; success=false;;
"521" ) echo "Web Server Is Down (Cloudflare)"; success=false;;
"522" ) echo "Connection Timed Out (Cloudflare)"; success=false;;
"500" ) echo "Internal Server Error"; success=false;;
* ) echo "Status $err"; success=false;;
esac
# Process result
gravity_patternCheck "${patternBuffer}" ${success} "${err}"
} }
# spinup - main gravity function # spinup - main gravity function
@ -181,7 +213,10 @@ gravity_Schwarzchild() {
echo -n "::: Aggregating list of domains..." echo -n "::: Aggregating list of domains..."
truncate -s 0 ${piholeDir}/${matterAndLight} truncate -s 0 ${piholeDir}/${matterAndLight}
for i in "${activeDomains[@]}"; do for i in "${activeDomains[@]}"; do
# Only assimilate list if it is available (download might have faild permanently)
if [[ -r "${i}" ]]; then
cat "${i}" | tr -d '\r' >> ${piholeDir}/${matterAndLight} cat "${i}" | tr -d '\r' >> ${piholeDir}/${matterAndLight}
fi
done done
echo " done!" echo " done!"
} }
@ -353,7 +388,7 @@ if [[ "${forceGrav}" == true ]]; then
fi fi
#Overwrite adlists.default from /etc/.pihole in case any changes have been made. Changes should be saved in /etc/adlists.list #Overwrite adlists.default from /etc/.pihole in case any changes have been made. Changes should be saved in /etc/adlists.list
cp /etc/.pihole/adlists.default /etc/pihole/adlists.default #cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
gravity_collapse gravity_collapse
gravity_spinup gravity_spinup
if [[ "${skipDownload}" == false ]]; then if [[ "${skipDownload}" == false ]]; then

4
pihole
View file

@ -72,9 +72,9 @@ scanList(){
list="${2}" list="${2}"
method="${3}" method="${3}"
if [[ ${method} == "-exact" ]] ; then if [[ ${method} == "-exact" ]] ; then
grep -E "(^|\s)${domain}($|\s)" "${list}" grep -i -E "(^|\s)${domain}($|\s)" "${list}"
else else
grep "${domain}" "${list}" grep -i "${domain}" "${list}"
fi fi
} }