diff --git a/advanced/Scripts/blacklist.sh b/advanced/Scripts/blacklist.sh index 7e99f830..d83ca867 100755 --- a/advanced/Scripts/blacklist.sh +++ b/advanced/Scripts/blacklist.sh @@ -17,7 +17,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 263fe9cd..a5958bbd 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -36,7 +36,7 @@ if [[ $EUID -eq 0 ]]; then else echo "::: Sudo will be used for debugging." # Check if sudo is actually installed - if [[ $(dpkg-query -s sudo) ]]; then + if [ -x "$(command -v sudo)" ]; then export SUDO="sudo" else echo "::: Please install sudo or run this as root." diff --git a/advanced/Scripts/setupLCD.sh b/advanced/Scripts/setupLCD.sh index df2be704..03be4e0a 100755 --- a/advanced/Scripts/setupLCD.sh +++ b/advanced/Scripts/setupLCD.sh @@ -19,7 +19,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/advanced/Scripts/whitelist.sh b/advanced/Scripts/whitelist.sh index 37b4ade4..266ac49e 100755 --- a/advanced/Scripts/whitelist.sh +++ b/advanced/Scripts/whitelist.sh @@ -17,7 +17,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/advanced/lighttpd.conf b/advanced/lighttpd.conf.debian similarity index 99% rename from advanced/lighttpd.conf rename to advanced/lighttpd.conf.debian index f899350a..8b62f448 100644 --- a/advanced/lighttpd.conf +++ b/advanced/lighttpd.conf.debian @@ -14,7 +14,7 @@ server.modules = ( "mod_accesslog", "mod_expire", "mod_compress", - "mod_redirect", + "mod_redirect", "mod_setenv", "mod_rewrite" ) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora new file mode 100644 index 00000000..30784b1a --- /dev/null +++ b/advanced/lighttpd.conf.fedora @@ -0,0 +1,77 @@ +# Pi-hole: A black hole for Internet advertisements +# (c) 2015, 2016 by Jacob Salmela +# Network-wide ad blocking via your Raspberry Pi +# http://pi-hole.net +# lighttpd config for Pi-hole +# +# Pi-hole is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. + +server.modules = ( + "mod_access", + "mod_fastcgi", + "mod_accesslog", + "mod_expire", + "mod_compress", + "mod_redirect", + "mod_setenv", + "mod_rewrite" +) + +server.document-root = "/var/www/html" +server.error-handler-404 = "pihole/index.html" +server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/var/run/lighttpd.pid" +server.username = "lighttpd" +server.groupname = "lighttpd" +server.port = 80 +accesslog.filename = "/var/log/lighttpd/access.log" +accesslog.format = "%{%s}t|%V|%r|%s|%b" + + +index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) +url.access-deny = ( "~", ".inc" ) +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +compress.cache-dir = "/var/cache/lighttpd/compress/" +compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) + +mimetype.assign = ( ".png" => "image/png", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".html" => "text/html", + ".css" => "text/css; charset=utf-8", + ".js" => "application/javascript", + ".json" => "application/json", + ".txt" => "text/plain" ) + +# default listening port for IPv6 falls back to the IPv4 port +#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port +#include_shell "/usr/share/lighttpd/create-mime.assign.pl" +#include_shell "/usr/share/lighttpd/include-conf-enabled.pl" + +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# If the URL starts with /admin, it is the Web interface +$HTTP["url"] =~ "^/admin/" { + # Create a response header for debugging using curl -I + setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" ) +} + +# If the URL does not start with /admin, then it is a query for an ad domain +$HTTP["url"] =~ "^(?!/admin)/.*" { + # Create a response header for debugging using curl -I + setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." ) + # rewrite only js requests + url.rewrite = ("(.*).js" => "pihole/index.js") +} diff --git a/advanced/selinux/pihole.te b/advanced/selinux/pihole.te new file mode 100644 index 00000000..595755dd --- /dev/null +++ b/advanced/selinux/pihole.te @@ -0,0 +1,87 @@ +module pihole 1.0; + +require { + type var_log_t; + type unconfined_t; + type init_t; + type auditd_t; + type syslogd_t; + type NetworkManager_t; + type mdadm_t; + type tuned_t; + type avahi_t; + type irqbalance_t; + type system_dbusd_t; + type kernel_t; + type httpd_sys_script_t; + type systemd_logind_t; + type httpd_t; + type policykit_t; + type dnsmasq_t; + type udev_t; + type postfix_pickup_t; + type sshd_t; + type crond_t; + type getty_t; + type lvm_t; + type postfix_qmgr_t; + type postfix_master_t; + class dir { getattr search }; + class file { read open setattr }; +} + +#============= dnsmasq_t ============== +allow dnsmasq_t var_log_t:file { open setattr }; + +#============= httpd_t ============== +allow httpd_t var_log_t:file { read open }; + +#============= httpd_sys_script_t (class: dir) ============== +allow httpd_sys_script_t NetworkManager_t:dir { getattr search }; +allow httpd_sys_script_t auditd_t:dir { getattr search }; +allow httpd_sys_script_t avahi_t:dir { getattr search }; +allow httpd_sys_script_t crond_t:dir { getattr search }; +allow httpd_sys_script_t dnsmasq_t:dir { getattr search }; +allow httpd_sys_script_t getty_t:dir { getattr search }; +allow httpd_sys_script_t httpd_t:dir { getattr search }; +allow httpd_sys_script_t init_t:dir { getattr search }; +allow httpd_sys_script_t irqbalance_t:dir { getattr search }; +allow httpd_sys_script_t kernel_t:dir { getattr search }; +allow httpd_sys_script_t lvm_t:dir { getattr search }; +allow httpd_sys_script_t mdadm_t:dir { getattr search }; +allow httpd_sys_script_t policykit_t:dir { getattr search }; +allow httpd_sys_script_t postfix_master_t:dir { getattr search }; +allow httpd_sys_script_t postfix_pickup_t:dir { getattr search }; +allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search }; +allow httpd_sys_script_t sshd_t:dir { getattr search }; +allow httpd_sys_script_t syslogd_t:dir { getattr search }; +allow httpd_sys_script_t system_dbusd_t:dir { getattr search }; +allow httpd_sys_script_t systemd_logind_t:dir { getattr search }; +allow httpd_sys_script_t tuned_t:dir { getattr search }; +allow httpd_sys_script_t udev_t:dir { getattr search }; +allow httpd_sys_script_t unconfined_t:dir { getattr search }; + +#============= httpd_sys_script_t (class: file) ============== +allow httpd_sys_script_t NetworkManager_t:file { read open }; +allow httpd_sys_script_t auditd_t:file { read open }; +allow httpd_sys_script_t avahi_t:file { read open }; +allow httpd_sys_script_t crond_t:file { read open }; +allow httpd_sys_script_t dnsmasq_t:file { read open }; +allow httpd_sys_script_t getty_t:file { read open }; +allow httpd_sys_script_t httpd_t:file { read open }; +allow httpd_sys_script_t init_t:file { read open }; +allow httpd_sys_script_t irqbalance_t:file { read open }; +allow httpd_sys_script_t kernel_t:file { read open }; +allow httpd_sys_script_t lvm_t:file { read open }; +allow httpd_sys_script_t mdadm_t:file { read open }; +allow httpd_sys_script_t policykit_t:file { read open }; +allow httpd_sys_script_t postfix_master_t:file { read open }; +allow httpd_sys_script_t postfix_pickup_t:file { read open }; +allow httpd_sys_script_t postfix_qmgr_t:file { read open }; +allow httpd_sys_script_t sshd_t:file { read open }; +allow httpd_sys_script_t syslogd_t:file { read open }; +allow httpd_sys_script_t system_dbusd_t:file { read open }; +allow httpd_sys_script_t systemd_logind_t:file { read open }; +allow httpd_sys_script_t tuned_t:file { read open }; +allow httpd_sys_script_t udev_t:file { read open }; +allow httpd_sys_script_t unconfined_t:file { read open }; diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index d26c33cc..a61c5e9b 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -36,16 +36,6 @@ columns=$(tput cols) r=$(( rows / 2 )) c=$(( columns / 2 )) - -# Find IP used to route to outside world - -IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') -IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}') -IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}') - -availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1) -dhcpcdFile=/etc/dhcpcd.conf - ######## FIRST CHECK ######## # Must be root to install echo ":::" @@ -55,7 +45,7 @@ else echo "::: sudo will be used for the install." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: sudo is needed for the Web interface to run pihole commands. Please run this script as root and it will be automatically installed." @@ -63,6 +53,47 @@ else fi fi +# Compatability +if [ -x "$(command -v rpm)" ];then + # Fedora Family + if [ -x "$(command -v dnf)" ];then + PKG_MANAGER="dnf" + else + PKG_MANAGER="yum" + fi + PKG_CACHE="/var/cache/$PKG_MANAGER" + UPDATE_PKG_CACHE="$PKG_MANAGER check-update -q" + PKG_UPDATE="$PKG_MANAGER update -y" + PKG_INSTALL="$PKG_MANAGER install -y" + PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]" + INSTALLER_DEPS=( iproute net-tools procps-ng newt ) + PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo ) + LIGHTTPD_USER="lighttpd" + LIGHTTPD_GROUP="lighttpd" + LIGHTTPD_CFG="lighttpd.conf.fedora" + package_check() { + rpm -qa | grep ^$1- > /dev/null + } +elif [ -x "$(command -v apt-get)" ];then + # Debian Family + PKG_MANAGER="apt-get" + PKG_CACHE="/var/cache/apt" + UPDATE_PKG_CACHE="$PKG_MANAGER -qq update" + PKG_UPDATE="$PKG_MANAGER upgrade" + PKG_INSTALL="$PKG_MANAGER -y -qq install" + PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst" + INSTALLER_DEPS=( apt-utils whiptail dhcpcd5) + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo ) + LIGHTTPD_USER="www-data" + LIGHTTPD_GROUP="www-data" + LIGHTTPD_CFG="lighttpd.conf.debian" + package_check() { + dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" + } +else + echo "OS distribution not supported" + exit +fi ####### FUNCTIONS ########## spinner() @@ -80,6 +111,14 @@ spinner() printf " \b\b\b\b" } +findIPRoute() { + # Find IP used to route to outside world + IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}') + IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}') + IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}') + availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1) +} + backupLegacyPihole() { # This function detects and backups the pi-hole v1 files. It will not do anything to the current version files. if [[ -f /etc/dnsmasq.d/adList.conf ]];then @@ -288,20 +327,52 @@ setDHCPCD() { echo "::: interface $piholeInterface static ip_address=$IPv4addr static routers=$IPv4gw - static domain_name_servers=$IPv4gw" | $SUDO tee -a $dhcpcdFile >/dev/null + static domain_name_servers=$IPv4gw" | $SUDO tee -a /etc/dhcpcd.conf >/dev/null } setStaticIPv4() { - # Tries to set the IPv4 address - if grep -q "$IPv4addr" $dhcpcdFile; then - # address already set, noop - : + if [[ -f /etc/dhcpcd.conf ]];then + # Debian Family + if grep -q "$IPv4addr" /etc/dhcpcd.conf; then + echo "::: Static IP already configured" + else + setDHCPCD + $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" + echo ":::" + echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." + echo ":::" + fi + elif [[ -f /etc/sysconfig/network-scripts/ifcfg-$piholeInterface ]];then + # Fedora Family + IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$piholeInterface + if grep -q "$IPv4addr" $IFCFG_FILE; then + echo "::: Static IP already configured" + else + IPADDR=$(echo $IPv4addr | cut -f1 -d/) + CIDR=$(echo $IPv4addr | cut -f2 -d/) + # Backup existing interface configuration: + cp $IFCFG_FILE $IFCFG_FILE.backup-$(date +%Y-%m-%d-%H%M%S) + # Build Interface configuration file: + $SUDO echo "# Configured via Pi-Hole installer" > $IFCFG_FILE + $SUDO echo "DEVICE=$piholeInterface" >> $IFCFG_FILE + $SUDO echo "BOOTPROTO=none" >> $IFCFG_FILE + $SUDO echo "ONBOOT=yes" >> $IFCFG_FILE + $SUDO echo "IPADDR=$IPADDR" >> $IFCFG_FILE + $SUDO echo "PREFIX=$CIDR" >> $IFCFG_FILE + $SUDO echo "USERCTL=no" >> $IFCFG_FILE + $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" + if [ -x "$(command -v nmcli)" ];then + # Tell NetworkManager to read our new sysconfig file + $SUDO nmcli con load $IFCFG_FILE > /dev/null + fi + echo ":::" + echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." + echo ":::" + + fi else - setDHCPCD - $SUDO ip addr replace dev "$piholeInterface" "$IPv4addr" - echo ":::" - echo "::: Setting IP to $IPv4addr. You may need to restart after the install is complete." - echo ":::" + echo "::: Warning: Unable to locate configuration file to set static IPv4 address!" + exit 1 fi } @@ -455,6 +526,7 @@ versionCheckDNSmasq(){ else $SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation fi + $SUDO sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' $dnsFile1 } installScripts() { @@ -502,7 +574,11 @@ installConfigs() { $SUDO chown "$USER":root /etc/lighttpd $SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig fi - $SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf + $SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf + $SUDO mkdir -p /var/run/lighttpd + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/run/lighttpd + $SUDO mkdir -p /var/cache/lighttpd/compress + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/cache/lighttpd/compress } stopServices() { @@ -510,50 +586,52 @@ stopServices() { $SUDO echo ":::" $SUDO echo -n "::: Stopping services..." #$SUDO service dnsmasq stop & spinner $! || true - $SUDO service lighttpd stop & spinner $! || true + if [ -x "$(command -v systemctl)" ]; then + $SUDO systemctl stop lighttpd & spinner $! || true + else + $SUDO service lighttpd stop & spinner $! || true + fi $SUDO echo " done." } -checkForDependencies() { +installerDependencies() { #Running apt-get update/upgrade with minimal output can cause some issues with #requiring user input (e.g password for phpmyadmin see #218) #We'll change the logic up here, to check to see if there are any updates availible and # if so, advise the user to run apt-get update/upgrade at their own discretion #Check to see if apt-get update has already been run today # it needs to have been run at least once on new installs! - - timestamp=$(stat -c %Y /var/cache/apt/) + timestamp=$(stat -c %Y $PKG_CACHE) timestampAsDate=$(date -d @"$timestamp" "+%b %e") today=$(date "+%b %e") if [ ! "$today" == "$timestampAsDate" ]; then #update package lists echo ":::" - echo -n "::: apt-get update has not been run today. Running now..." - $SUDO apt-get -qq update & spinner $! + echo -n "::: $PKG_MANAGER update has not been run today. Running now..." + $SUDO $UPDATE_PKG_CACHE > /dev/null 2>&1 echo " done!" fi echo ":::" - echo -n "::: Checking apt-get for upgraded packages...." - updatesToInstall=$($SUDO apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst) - echo " done!" - echo ":::" - if [[ $updatesToInstall -eq "0" ]]; then + echo -n "::: Checking $PKG_MANAGER for upgraded packages...." + updatesToInstall=$(eval "$SUDO $PKG_COUNT") + echo " done!" + echo ":::" + if [[ $updatesToInstall -eq "0" ]]; then echo "::: Your pi is up to date! Continuing with pi-hole installation..." - else + else echo "::: There are $updatesToInstall updates availible for your pi!" - echo "::: We recommend you run 'sudo apt-get upgrade' after installing Pi-Hole! " + echo "::: We recommend you run '$PKG_UPDATE' after installing Pi-Hole! " echo ":::" - fi - echo ":::" - echo "::: Checking dependencies:" - - dependencies=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo) - for i in "${dependencies[@]}"; do + fi + echo ":::" + echo "::: Checking installer dependencies..." + for i in "${INSTALLER_DEPS[@]}"; do echo -n "::: Checking for $i..." - if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then + package_check $i > /dev/null + if ! [ $? -eq 0 ]; then echo -n " Not found! Installing...." - $SUDO apt-get -y -qq install "$i" > /dev/null & spinner $! + $SUDO $PKG_INSTALL "$i" > /dev/null 2>&1 echo " done!" else echo " already installed!" @@ -561,6 +639,23 @@ checkForDependencies() { done } +checkForDependencies() { + # Install dependencies for Pi-Hole + echo "::: Checking Pi-Hole dependencies:" + + for i in "${PIHOLE_DEPS[@]}"; do + echo -n "::: Checking for $i..." + package_check $i > /dev/null + if ! [ $? -eq 0 ]; then + echo -n " Not found! Installing...." + $SUDO $PKG_INSTALL "$i" > /dev/null & spinner $! + echo " done!" + else + echo " already installed!" + fi + done +} + getGitFiles() { # Setup git repos for base files and web admin echo ":::" @@ -677,6 +772,27 @@ setUser(){ fi } +configureFirewall() { + # Allow HTTP and DNS traffic + if [ -x "$(command -v firewall-cmd)" ]; then + $SUDO firewall-cmd --state > /dev/null + if [[ $? -eq 0 ]]; then + $SUDO echo "::: Configuring firewalld for httpd and dnsmasq.." + $SUDO firewall-cmd --permanent --add-port=80/tcp + $SUDO firewall-cmd --permanent --add-port=53/tcp + $SUDO firewall-cmd --permanent --add-port=53/udp + $SUDO firewall-cmd --reload + fi + elif [ -x "$(command -v iptables)" ]; then + $SUDO echo "::: Configuring iptables for httpd and dnsmasq.." + $SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT + $SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT + $SUDO iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT + else + $SUDO echo "::: No firewall detected.. skipping firewall configuration." + fi +} + installPihole() { # Install base files and web interface checkForDependencies # done @@ -686,18 +802,55 @@ installPihole() { if [ ! -d "/var/www/html" ]; then $SUDO mkdir -p /var/www/html fi - $SUDO chown www-data:www-data /var/www/html + $SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/www/html $SUDO chmod 775 /var/www/html - $SUDO usermod -a -G www-data pihole - $SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null + $SUDO usermod -a -G $LIGHTTPD_GROUP pihole + if [ -x "$(command -v lighty-enable-mod)" ]; then + $SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null + else + printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n" + fi getGitFiles installScripts installConfigs CreateLogFile + configureSelinux installPiholeWeb installCron runGravity + configureFirewall +} + +configureSelinux() { + if [ -x "$(command -v getenforce)" ]; then + printf "\n::: SELinux Detected\n" + printf ":::\tChecking for SELinux policy development packages..." + package_check "selinux-policy-devel" > /dev/null + if ! [ $? -eq 0 ]; then + echo -n " Not found! Installing...." + $SUDO $PKG_INSTALL "selinux-policy-devel" > /dev/null & spinner $! + echo " done!" + else + echo " already installed!" + fi + printf "::: Enabling httpd server side includes (SSI).. " + $SUDO setsebool -P httpd_ssi_exec on + if [ $? -eq 0 ]; then + echo -n "Success\n" + fi + printf ":::\tCompiling Pi-Hole SELinux policy..\n" + $SUDO checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te + $SUDO semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod + $SUDO semodule -i /etc/pihole/pihole.pp + $SUDO rm -f /etc/pihole/pihole.mod + $SUDO semodule -l | grep pihole > /dev/null + if [ $? -eq 0 ]; then + printf "::: Successfully installed Pi-Hole SELinux policy\n" + else + printf "::: Warning: Pi-Hole SELinux policy did not install correctly!\n" + fi + fi } displayFinalMessage() { @@ -716,6 +869,10 @@ View the web interface at http://pi.hole/admin or http://${IPv4addr%/*}/admin" $ ######## SCRIPT ############ # Start the installer $SUDO mkdir -p /etc/pihole/ + +# Install packages used by this installation script +installerDependencies + welcomeDialogs # Verify there is enough disk space for the install @@ -723,6 +880,8 @@ verifyFreeDiskSpace # Just back up the original Pi-hole right away since it won't take long and it gets it out of the way backupLegacyPihole +# Find IP used to route to outside world +findIPRoute # Find interfaces and let the user choose one chooseInterface # Let the user decide if they want to block ads over IPv4 and/or IPv6 @@ -741,8 +900,16 @@ displayFinalMessage echo -n "::: Restarting services..." # Start services -$SUDO service dnsmasq restart -$SUDO service lighttpd start +if [ -x "$(command -v systemctl)" ]; then + $SUDO systemctl enable dnsmasq + $SUDO systemctl restart dnsmasq + $SUDO systemctl enable lighttpd + $SUDO systemctl start lighttpd +else + $SUDO service dnsmasq restart + $SUDO service lighttpd start +fi + echo " done." echo ":::" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 83168d6a..5730c531 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -17,7 +17,7 @@ else echo "::: Sudo will be used for the uninstall." # Check if it is actually installed # If it isn't, exit because the unnstall cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this as root." @@ -25,6 +25,39 @@ else fi fi +# Compatability +if [ -x "$(command -v rpm)" ];then + # Fedora Family + if [ -x "$(command -v dnf)" ];then + PKG_MANAGER="dnf" + else + PKG_MANAGER="yum" + fi + PKG_REMOVE="$PKG_MANAGER remove -y" + PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common git curl unzip wget findutils ) + package_check() { + rpm -qa | grep ^$1- > /dev/null + } + package_cleanup() { + $SUDO $PKG_MANAGER -y autoremove + } +elif [ -x "$(command -v apt-get)" ];then + # Debian Family + PKG_MANAGER="apt-get" + PKG_REMOVE="$PKG_MANAGER -y remove --purge" + PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget ) + package_check() { + dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed" + } + package_cleanup() { + $SUDO $PKG_MANAGER -y autoremove + $SUDO $PKG_MANAGER -y autoclean + } +else + echo "OS distribution not supported" + exit +fi + spinner() { local pid=$1 @@ -43,14 +76,13 @@ spinner() function removeAndPurge { # Purge dependencies echo ":::" - # Nate 3/28/2016 - Removed `php5-cgi` and `php5` as they are removed with php5-common - dependencies=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget ) - for i in "${dependencies[@]}"; do - if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then + for i in "${PIHOLE_DEPS[@]}"; do + package_check $i > /dev/null + if [ $? -eq 0 ]; then while true; do read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn case $yn in - [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; break;; + [Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO $PKG_REMOVE "$i" &> /dev/null & spinner $!; printf "done!\n"; break;; [Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;; * ) printf "::: You must answer yes or no!\n";; esac @@ -65,10 +97,8 @@ echo ":::" $SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null # Take care of any additional package cleaning - printf "::: Auto removing remaining dependencies..." - $SUDO apt-get -y autoremove &> /dev/null & spinner $!; printf "done!\n"; - printf "::: Auto cleaning remaining dependencies..." - $SUDO apt-get -y autoclean &> /dev/null & spinner $!; printf "done!\n"; + printf "::: Auto removing & cleaning remaining dependencies..." + package_cleanup &> /dev/null & spinner $!; printf "done!\n"; # Call removeNoPurge to remove PiHole specific files removeNoPurge @@ -107,7 +137,8 @@ function removeNoPurge { fi echo "::: Removing config files and scripts..." - if [ ! "$(dpkg-query -W --showformat='${Status}\n' lighttpd 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then + package_check $i > /dev/null + if [ $? -eq 1 ]; then $SUDO rm -rf /etc/lighttpd/ &> /dev/null else if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then @@ -143,5 +174,3 @@ while true; do [Nn]* ) removeNoPurge; break;; esac done - - diff --git a/gravity.sh b/gravity.sh index e33ca468..6278d80a 100755 --- a/gravity.sh +++ b/gravity.sh @@ -19,7 +19,7 @@ else echo "::: sudo will be used." # Check if it is actually installed # If it isn't, exit because the install cannot complete - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this script as root." diff --git a/pihole b/pihole index 1c348b71..bbcb82d0 100755 --- a/pihole +++ b/pihole @@ -17,7 +17,7 @@ if [[ ! $EUID -eq 0 ]];then #echo "::: Sudo will be used for this tool." # Check if it is actually installed # If it isn't, exit because the pihole cannot be invoked without privileges. - if [[ $(dpkg-query -s sudo) ]];then + if [ -x "$(command -v sudo)" ];then export SUDO="sudo" else echo "::: Please install sudo or run this as root."