mirror of
https://github.com/pi-hole/pi-hole.git
synced 2024-12-25 14:20:18 +00:00
Merge pull request #1021 from pi-hole/development
[RELEASE] Pi-Hole Core 2.10.1
This commit is contained in:
commit
bfe5506cc1
11 changed files with 126 additions and 159 deletions
11
.github/ISSUE_TEMPLATE.md
vendored
11
.github/ISSUE_TEMPLATE.md
vendored
|
@ -6,16 +6,7 @@
|
||||||
|
|
||||||
**How familiar are you with the codebase?:**
|
**How familiar are you with the codebase?:**
|
||||||
|
|
||||||
- [] 1 (very unfamiliar)
|
_{replace this text with a number from 1 to 10, with 1 being not familiar, and 10 being very familiar}_
|
||||||
- [] 2
|
|
||||||
- [] 3
|
|
||||||
- [] 4
|
|
||||||
- [] 5
|
|
||||||
- [] 6
|
|
||||||
- [] 7
|
|
||||||
- [] 8
|
|
||||||
- [] 9
|
|
||||||
- [] 10 (very familiar)
|
|
||||||
|
|
||||||
---
|
---
|
||||||
**[FEATURE REQUEST | QUESTION | OTHER]:**
|
**[FEATURE REQUEST | QUESTION | OTHER]:**
|
||||||
|
|
11
.github/PULL_REQUEST_TEMPLATE.md
vendored
11
.github/PULL_REQUEST_TEMPLATE.md
vendored
|
@ -10,16 +10,7 @@
|
||||||
|
|
||||||
**How familiar are you with the codebase?:**
|
**How familiar are you with the codebase?:**
|
||||||
|
|
||||||
- [] 1 (very unfamiliar)
|
_{replace this text with a number from 1 to 10, with 1 being not familiar, and 10 being very familiar}_
|
||||||
- [] 2
|
|
||||||
- [] 3
|
|
||||||
- [] 4
|
|
||||||
- [] 5
|
|
||||||
- [] 6
|
|
||||||
- [] 7
|
|
||||||
- [] 8
|
|
||||||
- [] 9
|
|
||||||
- [] 10 (very familiar)
|
|
||||||
|
|
||||||
---
|
---
|
||||||
_{replace this line with your pull request content}_
|
_{replace this line with your pull request content}_
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
## The multi-platform, network-wide ad blocker
|
## The multi-platform, network-wide ad blocker
|
||||||
|
|
||||||
Block ads for **all** your devices _without_ the need to install client-side software. The Pi-hole blocks ads the DNS-level, so all your devices are protected.
|
Block ads for **all** your devices _without_ the need to install client-side software. The Pi-hole blocks ads at the DNS-level, so all your devices are protected.
|
||||||
|
|
||||||
- Web Browsers
|
- Web Browsers
|
||||||
- Cell Phones
|
- Cell Phones
|
||||||
|
@ -53,7 +53,7 @@ wget -O basic-install.sh https://install.pi-hole.net
|
||||||
bash basic-install.sh
|
bash basic-install.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](http://pi-hole.net/faq/can-i-set-the-pi-hole-to-be-the-dns-server-at-my-router-so-i-dont-have-to-change-settings-for-my-devices/) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/).
|
Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/).
|
||||||
|
|
||||||
## Installing the Pi-hole (Click to Watch!)
|
## Installing the Pi-hole (Click to Watch!)
|
||||||
<p align="center">
|
<p align="center">
|
||||||
|
|
|
@ -15,8 +15,6 @@
|
||||||
piLog="/var/log/pihole.log"
|
piLog="/var/log/pihole.log"
|
||||||
gravity="/etc/pihole/gravity.list"
|
gravity="/etc/pihole/gravity.list"
|
||||||
|
|
||||||
today=$(date "+%b %e")
|
|
||||||
|
|
||||||
. /etc/pihole/setupVars.conf
|
. /etc/pihole/setupVars.conf
|
||||||
|
|
||||||
CalcBlockedDomains() {
|
CalcBlockedDomains() {
|
||||||
|
@ -35,7 +33,7 @@ CalcBlockedDomains() {
|
||||||
|
|
||||||
CalcQueriesToday() {
|
CalcQueriesToday() {
|
||||||
if [ -e "${piLog}" ]; then
|
if [ -e "${piLog}" ]; then
|
||||||
queriesToday=$(cat "${piLog}" | grep "${today}" | awk '/query/ {print $6}' | wc -l)
|
queriesToday=$(awk '/query\[/ {print $6}' < "${piLog}" | wc -l)
|
||||||
else
|
else
|
||||||
queriesToday="Err."
|
queriesToday="Err."
|
||||||
fi
|
fi
|
||||||
|
@ -43,7 +41,7 @@ CalcQueriesToday() {
|
||||||
|
|
||||||
CalcblockedToday() {
|
CalcblockedToday() {
|
||||||
if [ -e "${piLog}" ] && [ -e "${gravity}" ];then
|
if [ -e "${piLog}" ] && [ -e "${gravity}" ];then
|
||||||
blockedToday=$(cat ${piLog} | awk '/\/etc\/pihole\/gravity.list/ && !/address/ {print $6}' | wc -l)
|
blockedToday=$(awk '/\/etc\/pihole\/gravity.list/ && !/address/ {print $6}' < "${piLog}" | wc -l)
|
||||||
else
|
else
|
||||||
blockedToday="Err."
|
blockedToday="Err."
|
||||||
fi
|
fi
|
||||||
|
@ -104,7 +102,7 @@ normalChrono() {
|
||||||
|
|
||||||
echo "Blocking: ${blockedDomainsTotal}"
|
echo "Blocking: ${blockedDomainsTotal}"
|
||||||
echo "Queries: ${queriesToday}" #same total calculation as dashboard
|
echo "Queries: ${queriesToday}" #same total calculation as dashboard
|
||||||
echo "Pi-holed: ${blockedToday} (${percentBlockedToday}%)"
|
echo "Pi-holed: ${blockedToday} (${percentBlockedToday}%)"
|
||||||
|
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
|
|
@ -69,7 +69,7 @@ SetWebPassword(){
|
||||||
SetDNSServers(){
|
SetDNSServers(){
|
||||||
|
|
||||||
# Remove setting from file (create backup setupVars.conf.bak)
|
# Remove setting from file (create backup setupVars.conf.bak)
|
||||||
sed -i.bak '/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/DNS_FQDN_REQUIRED/d;' /etc/pihole/setupVars.conf
|
sed -i.bak '/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/DNS_FQDN_REQUIRED/d;/DNS_BOGUS_PRIV/d;' /etc/pihole/setupVars.conf
|
||||||
# Save setting to file
|
# Save setting to file
|
||||||
echo "PIHOLE_DNS_1=${args[2]}" >> /etc/pihole/setupVars.conf
|
echo "PIHOLE_DNS_1=${args[2]}" >> /etc/pihole/setupVars.conf
|
||||||
if [[ "${args[3]}" != "none" ]]; then
|
if [[ "${args[3]}" != "none" ]]; then
|
||||||
|
@ -215,6 +215,20 @@ SetDNSDomainName(){
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ResolutionSettings() {
|
||||||
|
|
||||||
|
typ=${args[2]}
|
||||||
|
state=${args[3]}
|
||||||
|
|
||||||
|
if [[ "${typ}" == "forward" ]]; then
|
||||||
|
sed -i.bak '/API_GET_UPSTREAM_DNS_HOSTNAME/d;' /etc/pihole/setupVars.conf
|
||||||
|
echo "API_GET_UPSTREAM_DNS_HOSTNAME=${state}" >> /etc/pihole/setupVars.conf
|
||||||
|
elif [[ "${typ}" == "clients" ]]; then
|
||||||
|
sed -i.bak '/API_GET_CLIENT_HOSTNAME/d;' /etc/pihole/setupVars.conf
|
||||||
|
echo "API_GET_CLIENT_HOSTNAME=${state}" >> /etc/pihole/setupVars.conf
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
case "${args[1]}" in
|
case "${args[1]}" in
|
||||||
"-p" | "password" ) SetWebPassword;;
|
"-p" | "password" ) SetWebPassword;;
|
||||||
"-c" | "celsius" ) unit="C"; SetTemperatureUnit;;
|
"-c" | "celsius" ) unit="C"; SetTemperatureUnit;;
|
||||||
|
@ -231,6 +245,7 @@ case "${args[1]}" in
|
||||||
"layout" ) SetWebUILayout;;
|
"layout" ) SetWebUILayout;;
|
||||||
"-h" | "--help" ) helpFunc;;
|
"-h" | "--help" ) helpFunc;;
|
||||||
"domainname" ) SetDNSDomainName;;
|
"domainname" ) SetDNSDomainName;;
|
||||||
|
"resolve" ) ResolutionSettings;;
|
||||||
* ) helpFunc;;
|
* ) helpFunc;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
|
@ -13,14 +13,15 @@
|
||||||
# scripts, any changes made to this file will be overwritten when the softare
|
# scripts, any changes made to this file will be overwritten when the softare
|
||||||
# is updated or re-installed. Please make any changes to the appropriate crontab
|
# is updated or re-installed. Please make any changes to the appropriate crontab
|
||||||
# or other cron file snippets.
|
# or other cron file snippets.
|
||||||
|
PATH="$PATH:/usr/local/bin/"
|
||||||
|
|
||||||
# Pi-hole: Update the ad sources once a week on Sunday at 01:59
|
# Pi-hole: Update the ad sources once a week on Sunday at 01:59
|
||||||
# Download any updates from the adlists
|
# Download any updates from the adlists
|
||||||
59 1 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updateGravity
|
59 1 * * 7 root pihole updateGravity
|
||||||
|
|
||||||
# Pi-hole: Update Pi-hole! Uncomment to enable auto update
|
# Pi-hole: Update Pi-hole! Uncomment to enable auto update
|
||||||
#30 2 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updatePihole
|
#30 2 * * 7 root pihole updatePihole
|
||||||
|
|
||||||
# Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control
|
# Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control
|
||||||
# Stats will be viewable in the Web interface thanks to the cron job above
|
# Stats will be viewable in the Web interface thanks to the cron job above
|
||||||
00 00 * * * root PATH="$PATH:/usr/local/bin/" pihole flush
|
00 00 * * * root pihole flush
|
||||||
|
|
|
@ -9,4 +9,3 @@
|
||||||
# the Free Software Foundation, either version 2 of the License, or
|
# the Free Software Foundation, either version 2 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
www-data ALL=NOPASSWD: /usr/local/bin/pihole
|
|
||||||
|
|
|
@ -1,87 +0,0 @@
|
||||||
module pihole 1.0;
|
|
||||||
|
|
||||||
require {
|
|
||||||
type var_log_t;
|
|
||||||
type unconfined_t;
|
|
||||||
type init_t;
|
|
||||||
type auditd_t;
|
|
||||||
type syslogd_t;
|
|
||||||
type NetworkManager_t;
|
|
||||||
type mdadm_t;
|
|
||||||
type tuned_t;
|
|
||||||
type avahi_t;
|
|
||||||
type irqbalance_t;
|
|
||||||
type system_dbusd_t;
|
|
||||||
type kernel_t;
|
|
||||||
type httpd_sys_script_t;
|
|
||||||
type systemd_logind_t;
|
|
||||||
type httpd_t;
|
|
||||||
type policykit_t;
|
|
||||||
type dnsmasq_t;
|
|
||||||
type udev_t;
|
|
||||||
type postfix_pickup_t;
|
|
||||||
type sshd_t;
|
|
||||||
type crond_t;
|
|
||||||
type getty_t;
|
|
||||||
type lvm_t;
|
|
||||||
type postfix_qmgr_t;
|
|
||||||
type postfix_master_t;
|
|
||||||
class dir { getattr search };
|
|
||||||
class file { read open setattr };
|
|
||||||
}
|
|
||||||
|
|
||||||
#============= dnsmasq_t ==============
|
|
||||||
allow dnsmasq_t var_log_t:file { open setattr };
|
|
||||||
|
|
||||||
#============= httpd_t ==============
|
|
||||||
allow httpd_t var_log_t:file { read open };
|
|
||||||
|
|
||||||
#============= httpd_sys_script_t (class: dir) ==============
|
|
||||||
allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t auditd_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t avahi_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t crond_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t getty_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t httpd_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t init_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t irqbalance_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t kernel_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t lvm_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t mdadm_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t policykit_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t postfix_master_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t sshd_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t syslogd_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t tuned_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t udev_t:dir { getattr search };
|
|
||||||
allow httpd_sys_script_t unconfined_t:dir { getattr search };
|
|
||||||
|
|
||||||
#============= httpd_sys_script_t (class: file) ==============
|
|
||||||
allow httpd_sys_script_t NetworkManager_t:file { read open };
|
|
||||||
allow httpd_sys_script_t auditd_t:file { read open };
|
|
||||||
allow httpd_sys_script_t avahi_t:file { read open };
|
|
||||||
allow httpd_sys_script_t crond_t:file { read open };
|
|
||||||
allow httpd_sys_script_t dnsmasq_t:file { read open };
|
|
||||||
allow httpd_sys_script_t getty_t:file { read open };
|
|
||||||
allow httpd_sys_script_t httpd_t:file { read open };
|
|
||||||
allow httpd_sys_script_t init_t:file { read open };
|
|
||||||
allow httpd_sys_script_t irqbalance_t:file { read open };
|
|
||||||
allow httpd_sys_script_t kernel_t:file { read open };
|
|
||||||
allow httpd_sys_script_t lvm_t:file { read open };
|
|
||||||
allow httpd_sys_script_t mdadm_t:file { read open };
|
|
||||||
allow httpd_sys_script_t policykit_t:file { read open };
|
|
||||||
allow httpd_sys_script_t postfix_master_t:file { read open };
|
|
||||||
allow httpd_sys_script_t postfix_pickup_t:file { read open };
|
|
||||||
allow httpd_sys_script_t postfix_qmgr_t:file { read open };
|
|
||||||
allow httpd_sys_script_t sshd_t:file { read open };
|
|
||||||
allow httpd_sys_script_t syslogd_t:file { read open };
|
|
||||||
allow httpd_sys_script_t system_dbusd_t:file { read open };
|
|
||||||
allow httpd_sys_script_t systemd_logind_t:file { read open };
|
|
||||||
allow httpd_sys_script_t tuned_t:file { read open };
|
|
||||||
allow httpd_sys_script_t udev_t:file { read open };
|
|
||||||
allow httpd_sys_script_t unconfined_t:file { read open };
|
|
|
@ -135,8 +135,14 @@ fi
|
||||||
is_repo() {
|
is_repo() {
|
||||||
# Use git to check if directory is currently under VCS, return the value
|
# Use git to check if directory is currently under VCS, return the value
|
||||||
local directory="${1}"
|
local directory="${1}"
|
||||||
git -C "${directory}" status --short &> /dev/null
|
if [ -d $directory ]; then
|
||||||
return
|
# git -C is not used here to support git versions older than 1.8.4
|
||||||
|
curdir=$PWD; cd $directory; git status --short &> /dev/null; rc=$?; cd $curdir
|
||||||
|
return $rc
|
||||||
|
else
|
||||||
|
# non-zero return code if directory does not exist OR is not a valid git repository
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
make_repo() {
|
make_repo() {
|
||||||
|
@ -152,7 +158,7 @@ make_repo() {
|
||||||
update_repo() {
|
update_repo() {
|
||||||
local directory="${1}"
|
local directory="${1}"
|
||||||
# Pull the latest commits
|
# Pull the latest commits
|
||||||
echo -n "::: Updating repo in $1..."
|
echo -n "::: Updating repo in $1..."
|
||||||
cd "${directory}" || exit 1
|
cd "${directory}" || exit 1
|
||||||
git stash -q &> /dev/null
|
git stash -q &> /dev/null
|
||||||
git pull -q &> /dev/null
|
git pull -q &> /dev/null
|
||||||
|
@ -628,6 +634,7 @@ installScripts() {
|
||||||
# Install files from local core repository
|
# Install files from local core repository
|
||||||
if is_repo "${PI_HOLE_LOCAL_REPO}"; then
|
if is_repo "${PI_HOLE_LOCAL_REPO}"; then
|
||||||
cd "${PI_HOLE_LOCAL_REPO}"
|
cd "${PI_HOLE_LOCAL_REPO}"
|
||||||
|
install -o "${USER}" -Dm755 -d /opt/pihole
|
||||||
install -o "${USER}" -Dm755 -t /opt/pihole/ gravity.sh
|
install -o "${USER}" -Dm755 -t /opt/pihole/ gravity.sh
|
||||||
install -o "${USER}" -Dm755 -t /opt/pihole/ ./advanced/Scripts/*.sh
|
install -o "${USER}" -Dm755 -t /opt/pihole/ ./advanced/Scripts/*.sh
|
||||||
install -o "${USER}" -Dm755 -t /opt/pihole/ ./automated\ install/uninstall.sh
|
install -o "${USER}" -Dm755 -t /opt/pihole/ ./automated\ install/uninstall.sh
|
||||||
|
@ -800,6 +807,15 @@ installPiholeWeb() {
|
||||||
echo -n "::: Installing sudoer file..."
|
echo -n "::: Installing sudoer file..."
|
||||||
mkdir -p /etc/sudoers.d/
|
mkdir -p /etc/sudoers.d/
|
||||||
cp /etc/.pihole/advanced/pihole.sudo /etc/sudoers.d/pihole
|
cp /etc/.pihole/advanced/pihole.sudo /etc/sudoers.d/pihole
|
||||||
|
# Add lighttpd user (OS dependent) to sudoers file
|
||||||
|
echo "${LIGHTTPD_USER} ALL=NOPASSWD: /usr/local/bin/pihole" >> /etc/sudoers.d/pihole
|
||||||
|
|
||||||
|
if [[ "$LIGHTTPD_USER" == "lighttpd" ]]; then
|
||||||
|
# Allow executing pihole via sudo with Fedora
|
||||||
|
# Usually /usr/local/bin is not permitted as directory for sudoable programms
|
||||||
|
echo "Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin" >> /etc/sudoers.d/pihole
|
||||||
|
fi
|
||||||
|
|
||||||
chmod 0440 /etc/sudoers.d/pihole
|
chmod 0440 /etc/sudoers.d/pihole
|
||||||
echo " done!"
|
echo " done!"
|
||||||
}
|
}
|
||||||
|
@ -820,8 +836,12 @@ runGravity() {
|
||||||
echo "::: Cleaning up previous install (preserving whitelist/blacklist)"
|
echo "::: Cleaning up previous install (preserving whitelist/blacklist)"
|
||||||
rm /etc/pihole/list.*
|
rm /etc/pihole/list.*
|
||||||
fi
|
fi
|
||||||
|
# Test if /etc/pihole/adlists.default exists
|
||||||
|
if [[ ! -e /etc/pihole/adlists.default ]]; then
|
||||||
|
cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
|
||||||
|
fi
|
||||||
echo "::: Running gravity.sh"
|
echo "::: Running gravity.sh"
|
||||||
/opt/pihole/gravity.sh
|
{ /opt/pihole/gravity.sh; }
|
||||||
}
|
}
|
||||||
|
|
||||||
create_pihole_user() {
|
create_pihole_user() {
|
||||||
|
@ -877,7 +897,6 @@ installPihole() {
|
||||||
installScripts
|
installScripts
|
||||||
installConfigs
|
installConfigs
|
||||||
CreateLogFile
|
CreateLogFile
|
||||||
configureSelinux
|
|
||||||
installPiholeWeb
|
installPiholeWeb
|
||||||
installCron
|
installCron
|
||||||
configureFirewall
|
configureFirewall
|
||||||
|
@ -908,7 +927,6 @@ updatePihole() {
|
||||||
installScripts
|
installScripts
|
||||||
installConfigs
|
installConfigs
|
||||||
CreateLogFile
|
CreateLogFile
|
||||||
configureSelinux
|
|
||||||
installPiholeWeb
|
installPiholeWeb
|
||||||
installCron
|
installCron
|
||||||
configureFirewall
|
configureFirewall
|
||||||
|
@ -916,23 +934,25 @@ updatePihole() {
|
||||||
runGravity
|
runGravity
|
||||||
}
|
}
|
||||||
|
|
||||||
configureSelinux() {
|
|
||||||
|
|
||||||
|
checkSelinux() {
|
||||||
if [ -x "$(command -v getenforce)" ]; then
|
if [ -x "$(command -v getenforce)" ]; then
|
||||||
printf "\n::: SELinux Detected\n"
|
echo ":::"
|
||||||
printf ":::\tChecking for SELinux policy development packages..."
|
echo -n "::: SELinux Support Detected... Mode: "
|
||||||
package_check_install "selinux-policy-devel" > /dev/null
|
enforceMode=$(getenforce)
|
||||||
echo " installed!"
|
echo "${enforceMode}"
|
||||||
printf ":::\tEnabling httpd server side includes (SSI).. "
|
if [[ "${enforceMode}" == "Enforcing" ]]; then
|
||||||
setsebool -P httpd_ssi_exec on &> /dev/null && echo "Success" || echo "SELinux not enabled"
|
if (whiptail --title "SELinux Enforcing Detected" --yesno "SELinux is being Enforced on your system!\n\nPi-hole currently does not support SELinux, but you may still continue with the installation.\n\nNote: Admin UI Will not function fully without setting your policies correctly\n\nContinue installing Pi-hole?" ${r} ${c}); then
|
||||||
printf "\n:::\tCompiling Pi-Hole SELinux policy..\n"
|
echo ":::"
|
||||||
if ! [ -x "$(command -v systemctl)" ]; then
|
echo "::: Continuing installation with SELinux Enforcing."
|
||||||
sed -i.bak '/systemd/d' /etc/.pihole/advanced/selinux/pihole.te
|
echo "::: Please refer to official SELinux documentation to create a custom policy."
|
||||||
|
else
|
||||||
|
echo ":::"
|
||||||
|
echo "::: Not continuing install after SELinux Enforcing detected."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
|
|
||||||
semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
|
|
||||||
semodule -i /etc/pihole/pihole.pp
|
|
||||||
rm -f /etc/pihole/pihole.mod
|
|
||||||
semodule -l | grep pihole &> /dev/null && echo "::: Installed Pi-Hole SELinux policy" || echo "::: Warning: Pi-Hole SELinux policy did not install."
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -998,7 +1018,8 @@ update_dialogs() {
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
# Check arguments for the undocumented flags
|
|
||||||
|
# Check arguments for the undocumented flags
|
||||||
for var in "$@"; do
|
for var in "$@"; do
|
||||||
case "$var" in
|
case "$var" in
|
||||||
"--reconfigure" ) reconfigure=true;;
|
"--reconfigure" ) reconfigure=true;;
|
||||||
|
@ -1033,6 +1054,9 @@ main() {
|
||||||
# Install packages used by this installation script
|
# Install packages used by this installation script
|
||||||
install_dependent_packages INSTALLER_DEPS[@]
|
install_dependent_packages INSTALLER_DEPS[@]
|
||||||
|
|
||||||
|
# Check if SELinux is Enforcing
|
||||||
|
checkSelinux
|
||||||
|
|
||||||
if [[ "${reconfigure}" == true ]]; then
|
if [[ "${reconfigure}" == true ]]; then
|
||||||
echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
|
echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
|
||||||
else
|
else
|
||||||
|
@ -1053,10 +1077,10 @@ main() {
|
||||||
get_available_interfaces
|
get_available_interfaces
|
||||||
# Find interfaces and let the user choose one
|
# Find interfaces and let the user choose one
|
||||||
chooseInterface
|
chooseInterface
|
||||||
# Let the user decide if they want to block ads over IPv4 and/or IPv6
|
|
||||||
use4andor6
|
|
||||||
# Decide what upstream DNS Servers to use
|
# Decide what upstream DNS Servers to use
|
||||||
setDNS
|
setDNS
|
||||||
|
# Let the user decide if they want to block ads over IPv4 and/or IPv6
|
||||||
|
use4andor6
|
||||||
# Let the user decide if they want query logging enabled...
|
# Let the user decide if they want query logging enabled...
|
||||||
setLogging
|
setLogging
|
||||||
|
|
||||||
|
|
63
gravity.sh
63
gravity.sh
|
@ -104,16 +104,30 @@ gravity_collapse() {
|
||||||
# patternCheck - check to see if curl downloaded any new files.
|
# patternCheck - check to see if curl downloaded any new files.
|
||||||
gravity_patternCheck() {
|
gravity_patternCheck() {
|
||||||
patternBuffer=$1
|
patternBuffer=$1
|
||||||
# check if the patternbuffer is a non-zero length file
|
success=$2
|
||||||
if [[ -s "${patternBuffer}" ]]; then
|
error=$3
|
||||||
# Some of the blocklists are copyright, they need to be downloaded
|
if [ $success = true ]; then
|
||||||
# and stored as is. They can be processed for content after they
|
# check if download was successful but list has not been modified
|
||||||
# have been saved.
|
if [ "${error}" == "304" ]; then
|
||||||
mv "${patternBuffer}" "${saveLocation}"
|
echo "::: No changes detected, transport skipped!"
|
||||||
echo " List updated, transport successful!"
|
# check if the patternbuffer is a non-zero length file
|
||||||
|
elif [[ -s "${patternBuffer}" ]]; then
|
||||||
|
# Some of the blocklists are copyright, they need to be downloaded
|
||||||
|
# and stored as is. They can be processed for content after they
|
||||||
|
# have been saved.
|
||||||
|
mv "${patternBuffer}" "${saveLocation}"
|
||||||
|
echo "::: List updated, transport successful!"
|
||||||
|
else
|
||||||
|
# Empty file -> use previously downloaded list
|
||||||
|
echo "::: Received empty file, using cached one (list not updated!)"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
# curl didn't download any host files, probably because of the date check
|
# check if cached list exists
|
||||||
echo " No changes detected, transport skipped!"
|
if [[ -r "${saveLocation}" ]]; then
|
||||||
|
echo "::: List download failed, using cached list (list not updated!)"
|
||||||
|
else
|
||||||
|
echo "::: Download failed and no cached list available (list will not be considered)"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -132,9 +146,27 @@ gravity_transport() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Silently curl url
|
# Silently curl url
|
||||||
curl -s -L ${cmd_ext} ${heisenbergCompensator} -A "${agent}" ${url} > ${patternBuffer}
|
err=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w %{http_code} -A "${agent}" ${url} -o ${patternBuffer})
|
||||||
# Check for list updates
|
|
||||||
gravity_patternCheck "${patternBuffer}"
|
echo " done"
|
||||||
|
# Analyze http response
|
||||||
|
echo -n "::: Status: "
|
||||||
|
case "$err" in
|
||||||
|
"200" ) echo "Success (OK)"; success=true;;
|
||||||
|
"304" ) echo "Not modified"; success=true;;
|
||||||
|
"403" ) echo "Forbidden"; success=false;;
|
||||||
|
"404" ) echo "Not found"; success=false;;
|
||||||
|
"408" ) echo "Time-out"; success=false;;
|
||||||
|
"451" ) echo "Unavailable For Legal Reasons"; success=false;;
|
||||||
|
"521" ) echo "Web Server Is Down (Cloudflare)"; success=false;;
|
||||||
|
"522" ) echo "Connection Timed Out (Cloudflare)"; success=false;;
|
||||||
|
"500" ) echo "Internal Server Error"; success=false;;
|
||||||
|
* ) echo "Status $err"; success=false;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Process result
|
||||||
|
gravity_patternCheck "${patternBuffer}" ${success} "${err}"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# spinup - main gravity function
|
# spinup - main gravity function
|
||||||
|
@ -181,7 +213,10 @@ gravity_Schwarzchild() {
|
||||||
echo -n "::: Aggregating list of domains..."
|
echo -n "::: Aggregating list of domains..."
|
||||||
truncate -s 0 ${piholeDir}/${matterAndLight}
|
truncate -s 0 ${piholeDir}/${matterAndLight}
|
||||||
for i in "${activeDomains[@]}"; do
|
for i in "${activeDomains[@]}"; do
|
||||||
cat "${i}" | tr -d '\r' >> ${piholeDir}/${matterAndLight}
|
# Only assimilate list if it is available (download might have faild permanently)
|
||||||
|
if [[ -r "${i}" ]]; then
|
||||||
|
cat "${i}" | tr -d '\r' >> ${piholeDir}/${matterAndLight}
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
echo " done!"
|
echo " done!"
|
||||||
}
|
}
|
||||||
|
@ -353,7 +388,7 @@ if [[ "${forceGrav}" == true ]]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#Overwrite adlists.default from /etc/.pihole in case any changes have been made. Changes should be saved in /etc/adlists.list
|
#Overwrite adlists.default from /etc/.pihole in case any changes have been made. Changes should be saved in /etc/adlists.list
|
||||||
cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
|
#cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
|
||||||
gravity_collapse
|
gravity_collapse
|
||||||
gravity_spinup
|
gravity_spinup
|
||||||
if [[ "${skipDownload}" == false ]]; then
|
if [[ "${skipDownload}" == false ]]; then
|
||||||
|
|
4
pihole
4
pihole
|
@ -72,9 +72,9 @@ scanList(){
|
||||||
list="${2}"
|
list="${2}"
|
||||||
method="${3}"
|
method="${3}"
|
||||||
if [[ ${method} == "-exact" ]] ; then
|
if [[ ${method} == "-exact" ]] ; then
|
||||||
grep -E "(^|\s)${domain}($|\s)" "${list}"
|
grep -i -E "(^|\s)${domain}($|\s)" "${list}"
|
||||||
else
|
else
|
||||||
grep "${domain}" "${list}"
|
grep -i "${domain}" "${list}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue