pi-hole/README.md
Adam Warner ecde222512 [Staging] 3.1 (#1502)
* Fix handling of wildcard help text

* Rewrite help text for better handling of params

* Replace misleading letter variable

* stash changes on branch switch, else it fails if any changes have been made.

* Make changes according to comment in #1384

* Update queryFunc()

* Allow scanList() to search files using a wildcard by removing quotes wrapped around `${list}`
* scanList() will not provide a domain ouput on each string if exact is specified (`grep -l`)
* Remove unused processWildcards() function
* Return a message if no domain is specified
* IDN domains are converted to punycode when running a `pihole -q` search if the `python` package is available, otherwise will revert to current behaviour
* Scan Blacklist & Wildcards first, exiting from search if a match is found (Fixes #1330)
* Use one `grep` subshell to search for all "*.domains" lists at once (opposed to looping to get every matching file name, and then spawning a `grep` instance for every matching file)
* queryFunc() will not return "(0 results)" output from files where no match is found
* Sort results based off list number
* Return a message if no results are found

* Update basic-install.sh

* Update block page. Allow for setupVars setting of CUSTOMBLOCKPAGE (bool) to prevent it being overwritten

* simplify

* further simplify

* fix inteliJ IDEA complaints

* even further simplify

* tidy up output

* revert line, looks tidyer

* clarify

* Revert "Ensure any changes to blocking page are updated."

* We test for dpkg lock on line 830 directly, no need for the check also
in the template section.

Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>

* Display FTL version & version.sh rewrite

While testing to make sure `pihole -v` would output `pihole-FTL version`, I noticed some options didn't work how I expected them to. For example, if I use `pihole -v -p`, I would expect to see the version output of Pi-hole Core. Instead, I'm informed that it's an invalid option.

I've had the following things in mind while rewriting this:
  * I'm operating under the assumption that FTL is only installed if the Admin Console is (Line 113 exit 0)
  * I have modified the help text to only output with `pihole -v --help`
  * I have modified all output to be more similar to the output style of `grep` and `curl` (Ditching ":::")

Testing output:
```
w3k@MCT:~$ pihole -v
  Pi-hole version is v3.0.1-14-ga928cd3 (Latest: v3.0.1)
  Admin Console version is v3.0-9-g3760482 (Latest: v3.0.1)
  FTL version is v2.6.2 (Latest: v2.6.2)
w3k@MCT:~$ pihole -v -c
  Current Pi-hole version is v3.0.1-14-ga928cd3
  Current Admin Console version is v3.0-9-g3760482
  Current FTL version is v2.6.2
w3k@MCT:~$ pihole -v -l
  Latest Pi-hole version is v3.0.1
  Latest Admin Console version is v3.0.1
  Latest FTL version is v2.6.2
w3k@MCT:~$ pihole -v -p --hash
  Current Pi-hole hash is a928cd3
w3k@MCT:~$ pihole -v -a --hash
  Current Admin Console hash is 3760482
w3k@MCT:~$ pihole -v --help
Usage: pihole -v [REPO | OPTION] [OPTION]
Show Pi-hole, Web Admin & FTL versions
  <Shows all Repositories and Options>
w3k@MCT:~$ pihole -v -foo
  Invalid Option!
```

* Update -h to work as --hash

Also provide error output as per https://github.com/pi-hole/pi-hole/pull/1447#issuecomment-300600093

* Perform EXACT searches on HOSTS lists correctly

`\s` on the end may be overkill, but it is the existing scanList() behaviour.

* Fixed indentation

* Minimise string duplication & other minor changes

Instead of duplicating output strings, rewrite core/web/ftlOutput() into one neat versionOutput().

* Modified syntax to be valid for Shellcheck

* Log and echo gateway responses

* Update queryFunc() to search Whitelist

If there is a match in Whitelist/Blacklist/Wildcards, `[ ! -t 1 ]` will cause the search to end if the terminal is closed when the script is called. This has the intended effect of allowing a user to search for a W/B/W domain (as well as all the adlists it's found in) using `pihole -q` via Terminal, but the script will stop searching after a W/B/W match when called by the block page.

* Wrap in double brackets

* Provide remote hashes for version.sh

 * Provide remote hashes for comparison
 * Use double braces for all conditions (for consistency)
 * Suppress potential "cd" error output
 * Provide "not applicable" output upon any hash request for FTL

* whitelist on website blocked doesnt work (#1452)

Since Pi-hole redirects ad domains to itself, accessing the script via de.ign.com is the same as pi.hole in this case. The fix should be as simple as adding a / before admin on this line.

* Solve piholeLogFlush.sh having to be issued 2 x to clear logs (#1460)

Simplified the command -v syntax, and added a sleep 3 timer to the first execution of the log rotation. The second execution was being issued while the first was still running, thus it would fail and you would have to issue the "Flush Logs" command a second time.

* Use `echo "ABC" | pihole tricorder` to upload to Pi-hole's medical tricorder. Uses SSL if available.

* Update list.sh

I believe this has feature parity with `sed /foo/ Id` but also supports busybox, and my alpine docker ;)

* Document `sed` substitution for user readability

Comment the oneliner with explanations of what each step does.

* Update Help Output (#1467)



* File consistency

* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals

* Standardise core help text

* Added help text for disable command
* Added help text for logging command

* Clean up

* Fixed certain new lines and spaces

* Sync with development branch

* Formatting consistency

* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals
* Fixed certain newlines and spaces

* Admin help text

* Added help text for interface command

* Sync with development branch

* Formatting consistency

* Tabs to 2 spaces
* Fixed some wording
* Fixed certain spaces

* Formatting consistency

* Minor wording changes
* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals
* Fixed certain newlines and spaces

* Blacklist help text

* Formatting consistency

* Tabs to 2 spaces
* Corrected indenting

* Cronometer help text

* Formatting consistency

* Fixed certain newlines and spaces
* Corrected indenting

* Checkout warning alteration

* Add checkout help text

* Corrected help output

* Show help for "pihole -a -i --help"

* Fix "pihole disable --help" and "pihole -l --help"

* Show help for "pihole -v -h" 

* Indent output text
* Minor help text change

* Show help for "pihole checkout --help"

* Tricorder: Insecure Opt-out

* Check to see if Tricorder is being called directly
* Provide opt-out for insecure transmission of debug log
* Remove mention of internal function from help menu

* 🌮 is the new :shipit: squirrel

* Wording changes and bug fix

* Fix wildcard help text

* -wild is not a valid option since we're already using -wild

* Fix logrotation: manual flushing should be done twice, but automated rotation at midnight should only be done *once*!

* Print echos only when manual flushing is requested

* Add "quiet" mode + update comments in the cron file

* Confirm Tricorder is online

* Scan port 9998 to confirm the availability of "tricorder.pi-hole.net"
* Exit codes for upload process

* Formatting consistency

* Add link to Windows DNS Swapper

See #1400

* Install loopback firewall rules for FTL (#1419)

* Install loopback firewall rules for FTL

* FirewallD FTL ports

Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>

* Remove firewallD FTL local rules.

Local rules should not be blocked in firewallD, not requred for internal service FTD>

* Reinstate https rules, and delete FTL rules

Fixes earlier commit.

* Retrieve local repos on repair (#1481)

* Retrieve local repos on repair

* Change conditional to check for repair
* Change wording of Update/Reconfigure message
* Fixed indenting

* Perform "git reset --hard" on reconfigure

* Change directory before trying to reset repository. Fixes #1489

* No need to `cd $PWD` as it doesn't affect flow of caller script.

Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>

* Refine output of password status in basic-install.sh:displayFinalMessage(). Fixes #1488 (#1490)

* Rewrite Chronometer to output more stats

* Fix output IPv4 addr when removing CIDR notation (#1498)

* Move wildcards file if blocking is disabled (#1495)

* Move wildcards file if blocking is diabled

* Delete newline

* Roll back merge #1417 (#1494)

* Update ISSUE_TEMPLATE.md

* Remove Question option

* Prefer ULA over GUA addresses [IPv6] (#1508)

* On installs with GUA and ULA's we should prefer ULA's as it's been demonstrated that GUA's can and often are rotated by ISPs. Fixes #1473

* Add test for link-local address detection

* Add ULA-only and GUA-only tests

* Add test_IPv6_GUA_ULA_test and test_IPv6_ULA_GUA_test

* Add ""

* Add mock_command_2 command that can mock a command with more than one argument (as "ip -6 address") and result multiple lines of results

* Make mock_command_2 more similar to the original mock_command

* Correct comments

* Fixed remaining comments

* Fixed one last comment...

* Fixed a comment...

* Add weekly logrotation of FTL's log (#1509)

* Update LICENSE of the project to EUPL v1.2

* Make clear that NO is the default if the user just hits return (#1514)

* Add tricorderFunc back as usable function (#1515)

As per #1464

* Don't update FTL when there is a core update (as this will update FTL a second time). Fixes #1516

* Add FTL tests to the test suite (#1510)

* Add first version of FTL tests

* Wait one second to allow FTL to start up and analyze our mock log

* Add test_FTL_telnet_statistics

* Added test_FTL_telnet_top_clients

* Add test_FTL_telnet_top_domains

* Revert "Add FTL tests to the test suite (#1510)" (#1519)

This reverts commit cf6a1ac9ad.

* Trim version output when update is successful (#1527)

* Change ownership of /etc/pihole to user/group pihole. Fixes #1529 (#1530)

* Delete temporary files after installing the FTL binary. Fixes #1525

* Change from admin to approvers teams

* Introduce new file black.list for blacklist content

* Add "pihole -g -b" to *only* update black.list (saves a bunch of time when adding/changing only blacklisted files - won'tdownload lal lists, but only processes the blacklist and restars dnsmasq)

* Remove useless cat

* Improve displayed messages and overall logic

* Disable black.list on "pihole disable"

* cp + rm === mv (well, almost)
2017-06-20 22:17:41 +01:00

176 lines
11 KiB
Markdown

<p align="center">
<a href=https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE><img src="https://www.bountysource.com/badge/tracker?tracker_id=3011939"></a>
<a href="https://www.codacy.com/app/Pi-hole/pi-hole?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=pi-hole/pi-hole&amp;utm_campaign=Badge_Grade"><img src="https://api.codacy.com/project/badge/Grade/c558a0f8d7124c99b02b84f0f5564238"/></a>
<a href=https://travis-ci.org/pi-hole/pi-hole><img src="https://travis-ci.org/pi-hole/pi-hole.svg?branch=development"></a>
</p>
<p align="center">
<a href=https://discourse.pi-hole.net><img src="https://assets.pi-hole.net/static/Vortex_with_text_and_TM.png" width=210></a>
</p>
## The multi-platform, network-wide ad blocker
Block ads for **all** your devices _without_ the need to install client-side software. The Pi-hole™ blocks ads at the DNS-level, so all your devices are protected.
- Web Browsers
- Cell Phones
- Smart TV's
- Internet-connected home automation
- Anything that communicates with the Internet
<p align="center">
<a href=http://www.digitalocean.com/?refcode=344d234950e1><img src="https://assets.pi-hole.net/static/DOHostingSlug.png"></a>
</p>
## Your Support Still Matters
Digital Ocean helps with our infrastructure, but our developers are all volunteers so *your donations help keep us innovating*. Sending a donation using our links below helps us offset a portion of our monthly costs.
- ![Paypal](https://assets.pi-hole.net/static/paypal.png) [Donate via PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY)
- ![Bitcoin](https://assets.pi-hole.net/static/Bitcoin.png) Bitcoin Address: 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL
### One-Step Automated Install
1. Install a [supported operating system](https://discourse.pi-hole.net/t/hardware-software-requirements/273/1)
2. Run the command below (it downloads [this script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) in case you want to read over it first!)
### `curl -sSL https://install.pi-hole.net | bash`
#### Alternative Semi-Automated Install Methods
_If you wish to read over the script before running it, run `nano basic-install.sh` to open the file in a text viewer._
##### Clone our repository and run the automated installer from your device.
```
git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
cd Pi-hole/automated\ install/
bash basic-install.sh
```
##### Or
```bash
wget -O basic-install.sh https://install.pi-hole.net
bash basic-install.sh
```
Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to use Pi-hole™ as their DNS server.
## What is Pi-hole™ and how do I install it?
<p align="center">
<a href=https://www.youtube.com/watch?v=vKWjx1AQYgs><img src="https://assets.pi-hole.net/static/video-explainer.png"></a>
</p>
## Get Help Or Connect With Us On The Web
- [Users Forum](https://discourse.pi-hole.net/)
- [FAQs](https://discourse.pi-hole.net/c/faqs)
- [Wiki](https://github.com/pi-hole/pi-hole/wiki)
- ![Twitter](https://assets.pi-hole.net/static/twitter.png) [Tweet @The_Pi_Hole](https://twitter.com/The_Pi_Hole)
- ![Reddit](https://assets.pi-hole.net/static/reddit.png) [Reddit /r/pihole](https://www.reddit.com/r/pihole/)
- ![YouTube](https://assets.pi-hole.net/static/youtube.png) [Pi-hole channel](https://www.youtube.com/channel/UCT5kq9w0wSjogzJb81C9U0w)
- [![Join the chat at https://gitter.im/pi-hole/pi-hole](https://badges.gitter.im/pi-hole/pi-hole.svg)](https://gitter.im/pi-hole/pi-hole?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
## Technical Details
The Pi-hole™ is an **advertising-aware DNS/Web server**. If an ad domain is queried, a small Web page or GIF is delivered in place of the advertisement.
### Gravity
The [gravity.sh](https://github.com/pi-hole/pi-hole/blob/master/gravity.sh) does most of the magic. The script pulls in ad domains from many sources and compiles them into a single list of [over 1.6 million entries](http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0) (if you decide to use the [mahakala list](https://github.com/pi-hole/pi-hole/commit/963eacfe0537a7abddf30441c754c67ca1e40965)). This script is controlled by the `pihole` command. Please run `pihole -h` to see what commands can be run via `pihole`.
#### Other Operating Systems
The automated install is only for a clean install of a Debian family or Fedora based system, such as the Raspberry Pi. However, this script will work for most UNIX-like systems, some with some slight **modifications** that we can help you work through. If you can install `dnsmasq` and a web server, it should work OK. If there are other platforms you'd like supported, let us know.
### Web Interface
The [Web interface](https://github.com/pi-hole/AdminLTE#pi-hole-admin-dashboard) will be installed automatically so you can view stats and change settings. You can find it at:
`http://192.168.1.x/admin/index.php` or `http://pi.hole/admin`
![Pi-hole Advanced Stats Dashboard](https://assets.pi-hole.net/static/dashboard212.png)
### Whitelist and blacklist
Domains can be whitelisted and blacklisted using either the web interface or the command line. See [the wiki page](https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting) for more details
<p align="center">
<a href=https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting><img src="https://assets.pi-hole.net/static/whitelist212.png"></a>
</p>
### Settings
The settings page lets you control and configure your Pi-hole™. You can do things like:
- enable Pi-hole's built-in DHCP server
- exclude domains from the graphs
- configure upstream DNS servers
- and more!
![Settings page](https://assets.pi-hole.net/static/settings212.png)
#### Built-in DHCP Server
Pi-hole™ ships with a built-in DHCP server. This allows you to let your network devices use Pi-hole™ as their DNS server if your router does not let you adjust the DHCP options.
<p align="center">
<a href=hhttps://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245><img src="https://assets.pi-hole.net/static/piholedhcpserver.png"></a>
</p>
## API
A basic read-only API can be accessed at `/admin/api.php`. It returns the following JSON:
``` json
{
"domains_being_blocked": "136708",
"dns_queries_today": "18108",
"ads_blocked_today": "14648",
"ads_percentage_today": "80.89"
}
```
The same output can be achieved on the CLI by running `chronometer.sh -j`
## Real-time Statistics
You can view [real-time stats](https://discourse.pi-hole.net/t/how-do-i-view-my-pi-holes-stats-over-ssh-or-on-an-lcd-using-chronometer/240) via `ssh` or on an [2.8" LCD screen](http://amzn.to/1P0q1Fj). This is accomplished via [`chronometer.sh`](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/chronometer.sh). ![Pi-hole LCD](http://i.imgur.com/nBEqycp.jpg)
## Pi-hole™ Projects
- [An ad blocking Magic Mirror](https://zonksec.com/blog/magic-mirror-dns-filtering/#dnssoftware)
- [Pi-hole stats in your Mac's menu bar](https://getbitbar.com/plugins/Network/pi-hole.1m.py)
- [Get LED alerts for each blocked ad](http://thetimmy.silvernight.org/pages/endisbutton/)
- [Pi-hole on Ubuntu 14.04 on VirtualBox](http://hbalagtas.blogspot.com/2016/02/adblocking-with-pi-hole-and-ubuntu-1404.html)
- [Docker Pi-hole container (x86 and ARM)](https://hub.docker.com/r/diginc/pi-hole/)
- [Splunk: Pi-hole Visualiser](https://splunkbase.splunk.com/app/3023/)
- [Pi-hole Chrome extension](https://chrome.google.com/webstore/detail/pi-hole-list-editor/hlnoeoejkllgkjbnnnhfolapllcnaglh) ([open source](https://github.com/packtloss/pihole-extension))
- [Go Bananas for CHiP-hole ad blocking](https://www.hackster.io/jacobsalmela/chip-hole-network-wide-ad-blocker-98e037)
- [Sky-Hole](http://dlaa.me/blog/post/skyhole)
- [Pi-hole in the Cloud!](http://blog.codybunch.com/2015/07/28/Pi-Hole-in-the-cloud/)
- [unRaid-hole](https://github.com/spants/unraidtemplates/blob/master/Spants/unRaid-hole.xml#L13)--[Repo and more info](http://lime-technology.com/forum/index.php?PHPSESSID=c0eae3e5ef7e521f7866034a3336489d&topic=38486.0)
- [Pi-hole on/off button](http://thetimmy.silvernight.org/pages/endisbutton/)
- [Minibian Pi-hole](http://munkjensen.net/wiki/index.php/See_my_Pi-Hole#Minibian_Pi-hole)
- [Windows Tray Stat Application](https://github.com/goldbattle/copernicus)
- [Let your blink1 device blink when Pi-hole filters ads](https://gist.github.com/elpatron68/ec0b4c582e5abf604885ac1e068d233f)
- [Pi-hole Prometheus exporter](https://github.com/nlamirault/pihole_exporter): a [Prometheus](https://prometheus.io/) exporter for Pi-hole
- [Pi-hole Droid - open source Android client](https://github.com/friimaind/pi-hole-droid)
- [Windows DNS Swapper](https://github.com/roots84/DNS-Swapper), see [#1400](https://github.com/pi-hole/pi-hole/issues/1400)
## Coverage
- [Adafruit livestream install](https://www.youtube.com/watch?v=eg4u2j1HYlI)
- [TekThing: 5 fun, easy projects for a Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s)
- [Pi-hole on Adafruit's blog](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/)
- [The Defrag Show - MSDN/Channel 9](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s)
- [MacObserver Podcast 585](http://www.macobserver.com/tmo/podcast/macgeekgab-585)
- [Medium: Block All Ads For $53](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d)
- [MakeUseOf: Adblock Everywhere, The Pi-hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/)
- [Lifehacker: Turn Your Pi Into An Ad Blocker With A Single Command](http://lifehacker.com/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-co-1686093533)!
- [Pi-hole on TekThing](https://youtu.be/8Co59HU2gY0?t=2m)
- [Pi-hole on Security Now! Podcast](http://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s)
- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s)
- [Pi-hole on Ubuntu](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/)
- [Catchpoint: iOS 9 Ad Blocking](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/)
- [Build an Ad-Blocker for less than 10$ with Orange-Pi](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/)