Merge pull request #572 from pi-hole/development

Dan forgot this : `}`

README.md

@@ -1,12 +1,9 @@
 # Automated Install 
 ##### Designed For Raspberry Pi A+, B, B+, 2, Zero, and 3B (with an Ethernet/Wi-Fi adapter) (Works on most Debian distributions!)
 
-
-[![Join the chat at https://gitter.im/pi-hole/pi-hole](https://badges.gitter.im/pi-hole/pi-hole.svg)](https://gitter.im/pi-hole/pi-hole?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-
 1. Install Raspbian 
 
-2. Run the command below
+2. Run the command below (downloads [this script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) in case you want to read over it first!)
 
 ### ```curl -L https://install.pi-hole.net | bash```
 
@@ -16,29 +13,73 @@ wget -O basic-install.sh https://install.pi-hole.net
 chmod +x basic-install.sh
 ./basic-install.sh
 ```
+If you wish to read over the script before running it, then after the `wget` command, do `nano basic-install.sh` to open a text viewer
+
 
 Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](http://pi-hole.net/faq/can-i-set-the-pi-hole-to-be-the-dns-server-at-my-router-so-i-dont-have-to-change-settings-for-my-devices/) and then any device that connects to your network will have ads blocked without any further configuration.  Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/).
 
-## Pi-hole Is Free, But Powered By Your Donations
-Send a one-time donation or sign up for Optimal.com's service using our link below to provide us with a small portion of the montly fee.
+## How To Install Pi-hole
 
-| Paypal | Bitcoin | Optimal.com |
-| ------ | ------- | -------- |
-| [![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif "Free, but powered by donations")](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY "Donate") |  <center> ![1hXEKGKExiPAQ7y5CFPwWiEXUXB6wDuqX](http://todobom.com/images/bitcoin-donations.png)<br />1hXEKGKExiPAQ7y5CFPwWiEXUXB6wDuqX</center> | Sign up for [Optimal.com using our link](http://api.optimal.com/partner/v1.0/bmV0d29ya3xkbnN8OlJhc3BiZXJyeSBQaS1Ib2xl/subscribe?redirect=https%3A%2F%2Fpi-hole.net%2Fthank-you%2F) to provide us with a small monthly amount.  Your money will also support content-creators.
-
-[![Support Pi-hole by using Optimal.com](http://i.imgur.com/m8GN3Zv.png)](http://api.optimal.com/partner/v1.0/bmV0d29ya3xkbnN8OlJhc3BiZXJyeSBQaS1Ib2xl/subscribe?redirect=https%3A%2F%2Fpi-hole.net%2Fthank-you%2F)
-![](http)
-
-
-## Catch us out on the net:
-Twitter: [@The_Pi_Hole](https://twitter.com/The_Pi_Hole)
-
-reddit: [/r/pihole](https://www.reddit.com/r/pihole/)
+[![60-second install tutorial](http://i.imgur.com/5TEc3a6.png)](https://www.youtube.com/watch?v=TzFLJqUeirA)
 
 ## How Does It Work?
 **Watch the 60-second video below to get a quick overview**
 
-[![Pi-hole exlplained](http://i.imgur.com/qNybJDX.png)](https://vimeo.com/135965232)
+[![Pi-hole exlplained](http://i.imgur.com/pG1m937.png)](https://youtu.be/9Eti3xibiho)
+
+## Pi-hole Is Free, But Powered By Your Donations
+Send a one-time donation or sign up for Optimal.com's service using our link below to provide us with a small portion of the montly fee.
+* ![Paypal](http://i.imgur.com/3muNfxu.png) : [Donate](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY)
+* ![Flattr](http://i.imgur.com/ZFceFRu.png) : [Donate](https://flattr.com/submit/auto?user_id=jacobsalmela&url=https://github.com/pi-hole/pi-hole)
+* ![Bitcoin](http://i.imgur.com/FIlmOMG.png)  : 1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL
+* ![Optimal.com](http://i.imgur.com/d4EAYrw.png) : [Optimal.com](http://api.optimal.com/partner/v1.0/bmV0d29ya3xkbnN8OlJhc3BiZXJyeSBQaS1Ib2xl/subscribe?redirect=https%3A%2F%2Fpi-hole.net%2Fthank-you%2F) (we get a small comission)
+
+
+## Get Help Or Connect With Us On The Web
+
+- [@The_Pi_Hole](https://twitter.com/The_Pi_Hole)
+- [/r/pihole](https://www.reddit.com/r/pihole/)
+- [Pi-hole YouTube channel](https://www.youtube.com/channel/UCT5kq9w0wSjogzJb81C9U0w)
+- [Wiki](https://github.com/pi-hole/pi-hole/wiki/Customization)
+- [FAQs](https://pi-hole.net/help/)
+- [![Join the chat at https://gitter.im/pi-hole/pi-hole](https://badges.gitter.im/pi-hole/pi-hole.svg)](https://gitter.im/pi-hole/pi-hole?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+
+## Technical Details
+
+The Pi-hole is an **advertising-aware DNS/Web server**.  If an ad domain is queried, a small Web page or GIF is delivered in place of the advertisement.  You can also [replace ads with any image you want](http://pi-hole.net/faq/is-it-possible-to-change-the-blank-page-that-takes-place-of-the-ads-to-something-else/) since it is just a simple Webpage taking place of the ads.
+
+### Gravity
+The [gravity.sh](https://github.com/pi-hole/pi-hole/blob/master/gravity.sh) does most of the magic.  The script pulls in ad domains from many sources and compiles them into a single list of [over 1.6 million entries](http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0) (if you decide to use the [mahakala list](https://github.com/pi-hole/pi-hole/commit/963eacfe0537a7abddf30441c754c67ca1e40965)).
+
+## Web Interface
+The [Web interface](https://github.com/jacobsalmela/AdminLTE#pi-hole-admin-dashboard) will be installed automatically so you can view stats and change settings.  You can find it at:
+
+`http://192.168.1.x/admin/index.php` or `http://pi.hole/admin`
+
+![Pi-hole Advanced Stats Dashboard](http://i.imgur.com/gTq2GbS.png)
+
+### Whitelist and blacklist
+
+Domains can be whitelisted and blacklisted using two pre-installed scripts. See [the wiki page](https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting) for more details
+![Whitelist editor in the Web interface](http://i.imgur.com/ogu2ewg.png)
+
+## API
+
+A basic read-only API can be accessed at `/admin/api.php`. It returns the following JSON:
+```JSON
+{
+	"domains_being_blocked": "136708",
+	"dns_queries_today": "18108",
+	"ads_blocked_today": "14648",
+	"ads_percentage_today": "80.89"
+}
+```
+The same output can be acheived on the CLI by running `chronometer.sh -j`
+
+## Real-time Statistics
+
+You can view [real-time stats](http://pi-hole.net/faq/install-the-real-time-lcd-monitor-chronometer/) via `ssh` or on an [2.8" LCD screen](http://amzn.to/1P0q1Fj).  This is accomplished via [`chronometer.sh`](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/chronometer.sh).
+![Pi-hole LCD](http://i.imgur.com/nBEqycp.jpg)
 
 ## Pi-hole Projects
 - [Pi-hole stats in your Mac's menu bar](https://getbitbar.com/plugins/Network/pi-hole.1m.py)
@@ -55,6 +96,7 @@ reddit: [/r/pihole](https://www.reddit.com/r/pihole/)
 - [Minibian Pi-hole](http://munkjensen.net/wiki/index.php/See_my_Pi-Hole#Minibian_Pi-hole)
 
 ## Coverage
+- [Adafruit livestream install](https://www.youtube.com/watch?v=eg4u2j1HYlI)
 - [TekThing: 5 fun, easy projects for a Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s)
 - [Pi-hole on Adafruit's blog](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/)
 - [The Defrag Show - MSDN/Channel 9](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s)
@@ -68,52 +110,5 @@ reddit: [/r/pihole](https://www.reddit.com/r/pihole/)
 - [Pi-hole on Ubuntu](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/)
 - [Catchpoint: iOS 9 Ad Blocking](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/)
 
-## Partnering With Optimal.com
-
-Sign up for Optimal.com's service [using our link](http://api.optimal.com/partner/v1.0/bmV0d29ya3xkbnN8OlJhc3BiZXJyeSBQaS1Ib2xl/subscribe?redirect=https%3A%2F%2Fpi-hole.net%2Fthank-you%2F).  This service splits your money between your favorite ad blockers and free Websites.  This allows you to block ads while still supporting those sites that currently depend on ads for revenue.
-
-## Technical Details
-
-The Pi-hole is an **advertising-aware DNS/Web server**.  If an ad domain is queried, a small Web page or GIF is delivered in place of the advertisement.  You can also [replace ads with any image you want](http://pi-hole.net/faq/is-it-possible-to-change-the-blank-page-that-takes-place-of-the-ads-to-something-else/) since it is just a simple Webpage taking place of the ads.
-
-A more detailed explanation of the installation can be found [here](http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0).
-
-## Gravity
-The [gravity.sh](https://github.com/pi-hole/pi-hole/blob/master/gravity.sh) does most of the magic.  The script pulls in ad domains from many sources and compiles them into a single list of [over 1.6 million entries](http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0) (if you decide to use the [mahakala list](https://github.com/pi-hole/pi-hole/commit/963eacfe0537a7abddf30441c754c67ca1e40965)).
-
-## Whitelist and blacklist
-Domains can be whitelisted and blacklisted using two pre-installed scripts. See [the wiki page](https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting) for more details
-
-## Web Interface
-The [Web interface](https://github.com/jacobsalmela/AdminLTE#pi-hole-admin-dashboard) will be installed automatically so you can view stats and change settings.  You can find it at:
-
-`http://192.168.1.x/admin/index.php`
-
-![Pi-hole Advanced Stats Dashboard](http://i.imgur.com/rTlLYPh.png)
-
-### API
-
-A basic read-only API can be accessed at `/admin/api.php`. It returns the following JSON:
-```JSON
-{
-	"domains_being_blocked": "136708",
-	"dns_queries_today": "18108",
-	"ads_blocked_today": "14648",
-	"ads_percentage_today": "80.89"
-}
-```
-The same output can be acheived on the CLI by running `chronometer.sh -j`
-
-![Web](http://i.imgur.com/m114SCn.png)
-
-## Real-time Statistics
-
-You can view [real-time stats](http://pi-hole.net/faq/install-the-real-time-lcd-monitor-chronometer/) via `ssh` or on an [2.8" LCD screen](http://amzn.to/1P0q1Fj).  This is accomplished via [`chronometer.sh`](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/chronometer.sh).
-![Pi-hole LCD](http://i.imgur.com/nBEqycp.jpg)
-
-## Help
-- See the [Wiki](https://github.com/pi-hole/pi-hole/wiki/Customization) entry for more details
-- There is also an [FAQ section on pi-hole.net](http://pi-hole.net)
-
 ## Other Operating Systems
 This script will work for other UNIX-like systems with some slight **modifications**.  As long as you can install `dnsmasq` and a Webserver, it should work OK.  The automated install is only for a clean install of a Debian based system, such as the Raspberry Pi.

adlists.default

@@ -22,7 +22,7 @@ https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
 https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
 
 # hosts-file.net list. Updated frequently, but has been known to block legitimate sites.
-http://hosts-file.net/ad_servers.txt
+https://hosts-file.net/ad_servers.txt
 
 # Mahakala list. Has been known to block legitimage domains including the entire .com range.
 # Warning: Due to the sheer size of this list, the web admin console will be unresponsive.
@@ -32,7 +32,7 @@ http://hosts-file.net/ad_servers.txt
 #http://optimate.dl.sourceforge.net/project/adzhosts/HOSTS.txt
 
 # Windows 10 telemetry list
-#https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/hosts/windows10_spy.txt
+#https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt
 
 # Securemecca.com list - Also blocks "adult" sites (pornography/gambling etc)
 #http://securemecca.com/Downloads/hosts.txt
@@ -43,11 +43,15 @@ https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
 # Block the BBC News website Breaking News banner
 #https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts
 
+# List of known C&C malware servers (see https://github.com/pi-hole/pi-hole/issues/528)
+https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
 
 # Untested Lists:
 #https://raw.githubusercontent.com/reek/anti-adblock-killer/master/anti-adblock-killer-filters.txt
-#http://spam404bl.com/spam404scamlist.txt
+#https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
 #http://malwaredomains.lehigh.edu/files/domains.txt
 # Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/)
 #https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
 #https://raw.github.com/notracking/hosts-blocklists/master/domains.txt
+# Combination of serveral host files on the internet (warning some facebook domains are also blocked but you can go to facebook.com). See https://github.com/mat1th/Dns-add-block for more information.
+#https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts

advanced/Scripts/blacklist.sh

@@ -17,7 +17,7 @@ else
 	echo "::: sudo will be used."
 	# Check if it is actually installed
 	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
+	if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
 	else
 		echo "::: Please install sudo or run this script as root."
@@ -25,6 +25,22 @@ else
 	fi
 fi
 
+function helpFunc()
+{
+	echo "::: Immediately blacklists one or more domains in the hosts file"
+	echo ":::"
+	echo ":::"
+	echo "::: Usage: pihole -b domain1 [domain2 ...]"
+	echo "::: Options:"
+	echo ":::  -d, --delmode			Remove domains from the blacklist"
+	echo ":::  -nr, --noreload			Update blacklist without refreshing dnsmasq"
+	echo ":::  -f, --force				Force updating of the hosts files, even if there are no changes"
+	echo ":::  -q, --quiet				output is less verbose"
+	echo ":::  -h, --help				Show this help dialog"
+	echo ":::  -l, --list				Display your blacklisted domains"
+	exit 1
+}
+
 if [[ $# = 0 ]]; then
 	helpFunc
 fi
@@ -70,27 +86,6 @@ if [[ -f $piholeIPv6file ]];then
     piholeIPv6=$(ip -6 route get 2001:4860:4860::8888 | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
 fi
 
-
-function helpFunc()
-{
-	echo "::: Immediately blacklists one or more domains in the hosts file"
-	echo ":::"
-	echo ":::"
-	echo "::: Usage: pihole -b domain1 [domain2 ...]"
-	echo "::: Options:"
-	echo ":::  -d, --delmode			Remove domains from the blacklist"
-	echo ":::  -nr, --noreload			Update blacklist without refreshing dnsmasq"
-	echo ":::  -f, --force				Force updating of the hosts files, even if there are no changes"
-	echo ":::  -q, --quiet				output is less verbose"
-	echo ":::  -h, --help				Show this help dialog"
-	echo ":::  -l, --list				Display your blacklisted domains"
-	exit 1
-}
-
-if [[ $# = 0 ]]; then
-	helpFunc
-fi
-
 function HandleOther(){
   #check validity of domain
 	validDomain=$(echo "$1" | perl -ne'print if /\b((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}\b/')

advanced/Scripts/piholeDebug.sh

@@ -36,7 +36,7 @@ if [[ $EUID -eq 0 ]]; then
 else
 	echo "::: Sudo will be used for debugging."
 	# Check if sudo is actually installed
-	if [[ $(dpkg-query -s sudo) ]]; then
+	if [ -x "$(command -v sudo)" ]; then
 		export SUDO="sudo"
 	else
 		echo "::: Please install sudo or run this as root."
@@ -67,6 +67,15 @@ function versionCheck {
 	echo >> $DEBUG_LOG
 }
 
+function distroCheck {
+	echo "#######################################" >> $DEBUG_LOG
+	echo "######## Distribution Section #########" >> $DEBUG_LOG
+	echo "#######################################" >> $DEBUG_LOG
+	
+	TMP=$(cat /etc/*release/ || echo "Failed to find release")
+	echo "Distribution Version: $TMP" >> $DEBUG_LOG
+}
+	
 function compareWhitelist {
 	if [ ! -f "$WHITELISTMATCHES" ]; then
 		$SUDO touch $WHITELISTMATCHES
@@ -195,6 +204,7 @@ echo "$GATEWAY_CHECK" >> $DEBUG_LOG
 echo >> $DEBUG_LOG
 
 versionCheck
+distroCheck
 compareWhitelist
 compareBlacklist
 testNslookup
@@ -330,8 +340,16 @@ function dumpPiHoleLog {
 
 # Anything to be done after capturing of pihole.log terminates
 function finalWork {
-	echo "::: Finshed debugging!" 
-	echo "::: Debug log can be found at : /var/log/pihole_debug.log"
+	echo "::: Finshed debugging!"
+	TERMBIN=$(cat /var/log/pihole_debug.log | nc termbin.com 9999)
+
+	# Check if termbin.com is reachable. When it's not, point to local log instead
+	if [ -n "$TERMBIN" ]
+	then
+		echo "::: Debug log can be found at : $TERMBIN"
+	else
+		echo "::: Debug log can be found at : /var/log/pihole_debug.log"
+	fi
 }
 trap finalWork EXIT
 

advanced/Scripts/setupLCD.sh

@@ -19,7 +19,7 @@ else
 	echo "::: sudo will be used."
   # Check if it is actually installed
   # If it isn't, exit because the install cannot complete
-  if [[ $(dpkg-query -s sudo) ]];then
+  if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
   else
 		echo "::: Please install sudo or run this script as root."

advanced/Scripts/whitelist.sh

@@ -17,7 +17,7 @@ else
 	echo "::: sudo will be used."
 	# Check if it is actually installed
 	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
+	if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
 	else
 		echo "::: Please install sudo or run this script as root."
@@ -25,6 +25,22 @@ else
 	fi
 fi
 
+function helpFunc()
+{
+	echo "::: Immediately whitelists one or more domains in the hosts file"
+	echo ":::"
+	echo "::: Usage: pihole -w domain1 [domain2 ...]"
+	echo ":::"
+	echo "::: Options:"
+	echo ":::  -d, --delmode			Remove domains from the whitelist"
+	echo ":::  -nr, --noreload			Update Whitelist without refreshing dnsmasq"
+	echo ":::  -f, --force				Force updating of the hosts files, even if there are no changes"
+	echo ":::  -q, --quiet				output is less verbose"
+	echo ":::  -h, --help				Show this help dialog"
+	echo ":::  -l, --list				Display your whitelisted domains"
+	exit 1
+}
+
 if [[ $# = 0 ]]; then
 	helpFunc
 fi
@@ -69,27 +85,6 @@ if [[ -f $piholeIPv6file ]];then
     piholeIPv6=$(ip -6 route get 2001:4860:4860::8888 | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
 fi
 
-
-function helpFunc()
-{
-	echo "::: Immediately whitelists one or more domains in the hosts file"
-	echo ":::"
-	echo "::: Usage: pihole -w domain1 [domain2 ...]"
-	echo ":::"
-	echo "::: Options:"
-	echo ":::  -d, --delmode			Remove domains from the whitelist"
-	echo ":::  -nr, --noreload			Update Whitelist without refreshing dnsmasq"
-	echo ":::  -f, --force				Force updating of the hosts files, even if there are no changes"
-	echo ":::  -q, --quiet				output is less verbose"
-	echo ":::  -h, --help				Show this help dialog"
-	echo ":::  -l, --list				Display your whitelisted domains"
-	exit 1
-}
-
-if [[ $# = 0 ]]; then
-	helpFunc
-fi
-
 function HandleOther(){
   #check validity of domain
 	validDomain=$(echo "$1" | perl -ne'print if /\b((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}\b/')

advanced/lighttpd.conf.debian

@@ -14,7 +14,7 @@ server.modules = (
 	"mod_accesslog",
 	"mod_expire",
 	"mod_compress",
- 	"mod_redirect",
+	"mod_redirect",
 	"mod_setenv",
 	"mod_rewrite"
 )

advanced/lighttpd.conf.fedora

@@ -0,0 +1,77 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# lighttpd config for Pi-hole
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
+server.modules = (
+	"mod_access",
+	"mod_fastcgi",
+	"mod_accesslog",
+	"mod_expire",
+	"mod_compress",
+	"mod_redirect",
+	"mod_setenv",
+	"mod_rewrite"
+)
+
+server.document-root        = "/var/www/html"
+server.error-handler-404	= "pihole/index.html"
+server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/var/run/lighttpd.pid"
+server.username             = "lighttpd"
+server.groupname            = "lighttpd"
+server.port                 = 80
+accesslog.filename			= "/var/log/lighttpd/access.log"
+accesslog.format			= "%{%s}t|%V|%r|%s|%b"
+
+
+index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
+url.access-deny             = ( "~", ".inc" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+compress.cache-dir          = "/var/cache/lighttpd/compress/"
+compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
+
+mimetype.assign   = ( ".png"  => "image/png",
+                      ".jpg"  => "image/jpeg",
+                      ".jpeg" => "image/jpeg",
+                      ".html" => "text/html",
+                      ".css" => "text/css; charset=utf-8",
+                      ".js" => "application/javascript",
+                      ".json" => "application/json",
+                      ".txt"  => "text/plain" )
+
+# default listening port for IPv6 falls back to the IPv4 port
+#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
+#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
+#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
+
+fastcgi.server = ( ".php" =>
+                   ( "localhost" =>
+                     (
+                       "socket" => "/tmp/php-fastcgi.socket",
+                       "bin-path" => "/usr/bin/php-cgi"
+                     )
+                   )
+                 )
+
+# If the URL starts with /admin, it is the Web interface
+$HTTP["url"] =~ "^/admin/" {
+	# Create a response header for debugging using curl -I
+	setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" )
+}
+
+# If the URL does not start with /admin, then it is a query for an ad domain
+$HTTP["url"] =~ "^(?!/admin)/.*" {
+	# Create a response header for debugging using curl -I
+	setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." )
+        # rewrite only js requests
+        url.rewrite = ("(.*).js" => "pihole/index.js")
+}

advanced/pihole.sudo

@@ -0,0 +1,12 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Allows the WebUI to use Pi-hole commands
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+
+www-data ALL=NOPASSWD: /usr/local/bin/pihole

advanced/selinux/pihole.te

@@ -0,0 +1,87 @@
+module pihole 1.0;
+
+require {
+        type var_log_t;
+        type unconfined_t;
+        type init_t;
+        type auditd_t;
+        type syslogd_t;
+        type NetworkManager_t;
+        type mdadm_t;
+        type tuned_t;
+        type avahi_t;
+        type irqbalance_t;
+        type system_dbusd_t;
+        type kernel_t;
+        type httpd_sys_script_t;
+        type systemd_logind_t;
+        type httpd_t;
+        type policykit_t;
+        type dnsmasq_t;
+        type udev_t;
+        type postfix_pickup_t;
+        type sshd_t;
+        type crond_t;
+        type getty_t;
+        type lvm_t;
+        type postfix_qmgr_t;
+        type postfix_master_t;
+        class dir { getattr search };
+        class file { read open setattr };
+}
+
+#============= dnsmasq_t ==============
+allow dnsmasq_t var_log_t:file { open setattr };
+
+#============= httpd_t ==============
+allow httpd_t var_log_t:file { read open };
+
+#============= httpd_sys_script_t (class: dir) ==============
+allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
+allow httpd_sys_script_t auditd_t:dir { getattr search };
+allow httpd_sys_script_t avahi_t:dir { getattr search };
+allow httpd_sys_script_t crond_t:dir { getattr search };
+allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
+allow httpd_sys_script_t getty_t:dir { getattr search };
+allow httpd_sys_script_t httpd_t:dir { getattr search };
+allow httpd_sys_script_t init_t:dir { getattr search };
+allow httpd_sys_script_t irqbalance_t:dir { getattr search };
+allow httpd_sys_script_t kernel_t:dir { getattr search };
+allow httpd_sys_script_t lvm_t:dir { getattr search };
+allow httpd_sys_script_t mdadm_t:dir { getattr search };
+allow httpd_sys_script_t policykit_t:dir { getattr search };
+allow httpd_sys_script_t postfix_master_t:dir { getattr search };
+allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
+allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
+allow httpd_sys_script_t sshd_t:dir { getattr search };
+allow httpd_sys_script_t syslogd_t:dir { getattr search };
+allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
+allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
+allow httpd_sys_script_t tuned_t:dir { getattr search };
+allow httpd_sys_script_t udev_t:dir { getattr search };
+allow httpd_sys_script_t unconfined_t:dir { getattr search };
+
+#============= httpd_sys_script_t (class: file) ==============
+allow httpd_sys_script_t NetworkManager_t:file { read open };
+allow httpd_sys_script_t auditd_t:file { read open };
+allow httpd_sys_script_t avahi_t:file { read open };
+allow httpd_sys_script_t crond_t:file { read open };
+allow httpd_sys_script_t dnsmasq_t:file { read open };
+allow httpd_sys_script_t getty_t:file { read open };
+allow httpd_sys_script_t httpd_t:file { read open };
+allow httpd_sys_script_t init_t:file { read open };
+allow httpd_sys_script_t irqbalance_t:file { read open };
+allow httpd_sys_script_t kernel_t:file { read open };
+allow httpd_sys_script_t lvm_t:file { read open };
+allow httpd_sys_script_t mdadm_t:file { read open };
+allow httpd_sys_script_t policykit_t:file { read open };
+allow httpd_sys_script_t postfix_master_t:file { read open };
+allow httpd_sys_script_t postfix_pickup_t:file { read open };
+allow httpd_sys_script_t postfix_qmgr_t:file { read open };
+allow httpd_sys_script_t sshd_t:file { read open };
+allow httpd_sys_script_t syslogd_t:file { read open };
+allow httpd_sys_script_t system_dbusd_t:file { read open };
+allow httpd_sys_script_t systemd_logind_t:file { read open };
+allow httpd_sys_script_t tuned_t:file { read open };
+allow httpd_sys_script_t udev_t:file { read open };
+allow httpd_sys_script_t unconfined_t:file { read open };

automated install/basic-install.sh

@@ -36,16 +36,6 @@ columns=$(tput cols)
 r=$(( rows / 2 ))
 c=$(( columns / 2 ))
 
-
-# Find IP used to route to outside world
-
-IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
-IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
-IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
-
-availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
-dhcpcdFile=/etc/dhcpcd.conf
-
 ######## FIRST CHECK ########
 # Must be root to install
 echo ":::"
@@ -55,14 +45,55 @@ else
 	echo "::: sudo will be used for the install."
 	# Check if it is actually installed
 	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
+	if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
 	else
-		echo "::: Please install sudo or run this as root."
+		echo "::: sudo is needed for the Web interface to run pihole commands.  Please run this script as root and it will be automatically installed."
 		exit 1
 	fi
 fi
 
+# Compatability
+if [ -x "$(command -v rpm)" ];then
+	# Fedora Family
+	if [ -x "$(command -v dnf)" ];then
+		PKG_MANAGER="dnf"
+	else
+		PKG_MANAGER="yum"
+	fi
+	PKG_CACHE="/var/cache/$PKG_MANAGER"
+	UPDATE_PKG_CACHE="$PKG_MANAGER check-update -q"
+	PKG_UPDATE="$PKG_MANAGER update -y"
+	PKG_INSTALL="$PKG_MANAGER install -y"
+	PKG_COUNT="$PKG_MANAGER check-update | grep -v ^Last | grep -c ^[a-zA-Z0-9]"
+	INSTALLER_DEPS=( iproute net-tools procps-ng newt )
+	PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php git curl unzip wget findutils cronie sudo netcat )
+	LIGHTTPD_USER="lighttpd"
+	LIGHTTPD_GROUP="lighttpd"
+	LIGHTTPD_CFG="lighttpd.conf.fedora"
+	package_check() {
+		rpm -qa | grep ^$1- > /dev/null
+	}
+elif [ -x "$(command -v apt-get)" ];then
+	# Debian Family
+	PKG_MANAGER="apt-get"
+	PKG_CACHE="/var/cache/apt"
+	UPDATE_PKG_CACHE="$PKG_MANAGER -qq update"
+	PKG_UPDATE="$PKG_MANAGER upgrade"
+	PKG_INSTALL="$PKG_MANAGER --yes --quiet install"
+	PKG_COUNT="$PKG_MANAGER -s -o Debug::NoLocking=true upgrade | grep -c ^Inst"
+	INSTALLER_DEPS=( apt-utils whiptail dhcpcd5)
+	PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget sudo netcat )
+	LIGHTTPD_USER="www-data"
+	LIGHTTPD_GROUP="www-data"
+	LIGHTTPD_CFG="lighttpd.conf.debian"
+	package_check() {
+		dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
+	}
+else
+	echo "OS distribution not supported"
+	exit
+fi
 
 ####### FUNCTIONS ##########
 spinner()
@@ -80,6 +111,14 @@ spinner()
     printf "    \b\b\b\b"
 }
 
+findIPRoute() {
+	# Find IP used to route to outside world
+	IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
+	IPv4addr=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
+	IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
+	availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
+}
+
 backupLegacyPihole() {
 	# This function detects and backups the pi-hole v1 files.  It will not do anything to the current version files.
 	if [[ -f /etc/dnsmasq.d/adList.conf ]];then
@@ -110,7 +149,7 @@ welcomeDialogs() {
 
 	# Explain the need for a static address
 	whiptail --msgbox --backtitle "Initating network interface" --title "Static IP Needed" "The Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly.
-	
+
 In the next section, you can choose to use your current network settings (DHCP) or to manually edit them." $r $c
 }
 
@@ -236,7 +275,7 @@ getStaticIPv4Settings() {
 If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want.
 It is also possible to use a DHCP reservation, but if you are going to do that, you might as well set a static address." $r $c
 		#piholeIP is saved to a permanent file so gravity.sh can use it when updating
-		echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
+		$SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
 		# Nothing else to do since the variables are already set above
 	else
 		# Otherwise, we need to ask the user to input their desired settings.
@@ -258,8 +297,8 @@ It is also possible to use a DHCP reservation, but if you are going to do that,
 					Gateway:       $IPv4gw" $r $c)then
 					# If the settings are correct, then we need to set the piholeIP
 					# Saving it to a temporary file us to retrieve it later when we run the gravity.sh script. piholeIP is saved to a permanent file so gravity.sh can use it when updating
-					echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
-					echo "$piholeInterface" > /tmp/piholeINT
+					$SUDO echo "${IPv4addr%/*}" > /etc/pihole/piholeIP
+					$SUDO echo "$piholeInterface" > /tmp/piholeINT
 					# After that's done, the loop ends and we move on
 					ipSettingsCorrect=True
 				else
@@ -288,20 +327,52 @@ setDHCPCD() {
 	echo "::: interface $piholeInterface
 	static ip_address=$IPv4addr
 	static routers=$IPv4gw
-	static domain_name_servers=$IPv4gw" | $SUDO tee -a $dhcpcdFile >/dev/null
+	static domain_name_servers=$IPv4gw" | $SUDO tee -a /etc/dhcpcd.conf >/dev/null
 }
 
 setStaticIPv4() {
-	# Tries to set the IPv4 address
-	if grep -q "$IPv4addr" $dhcpcdFile; then
-		# address already set, noop
-		:
+	if [[ -f /etc/dhcpcd.conf ]];then
+		# Debian Family
+		if grep -q "$IPv4addr" /etc/dhcpcd.conf; then
+			echo "::: Static IP already configured"
+		else
+			setDHCPCD
+			$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
+			echo ":::"
+			echo "::: Setting IP to $IPv4addr.  You may need to restart after the install is complete."
+			echo ":::"
+		fi
+	elif [[ -f /etc/sysconfig/network-scripts/ifcfg-$piholeInterface ]];then
+		# Fedora Family
+		IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-$piholeInterface
+		if grep -q "$IPv4addr" $IFCFG_FILE; then
+			echo "::: Static IP already configured"
+		else
+			IPADDR=$(echo $IPv4addr | cut -f1 -d/)
+			CIDR=$(echo $IPv4addr | cut -f2 -d/)
+			# Backup existing interface configuration:
+			cp $IFCFG_FILE $IFCFG_FILE.backup-$(date +%Y-%m-%d-%H%M%S)
+			# Build Interface configuration file:
+			$SUDO echo "# Configured via Pi-Hole installer" > $IFCFG_FILE
+			$SUDO echo "DEVICE=$piholeInterface" >> $IFCFG_FILE
+			$SUDO echo "BOOTPROTO=none" >> $IFCFG_FILE
+			$SUDO echo "ONBOOT=yes" >> $IFCFG_FILE
+			$SUDO echo "IPADDR=$IPADDR" >> $IFCFG_FILE
+			$SUDO echo "PREFIX=$CIDR" >> $IFCFG_FILE
+			$SUDO echo "USERCTL=no" >> $IFCFG_FILE
+			$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
+			if [ -x "$(command -v nmcli)" ];then
+				# Tell NetworkManager to read our new sysconfig file
+				$SUDO nmcli con load $IFCFG_FILE > /dev/null
+			fi
+			echo ":::"
+			echo "::: Setting IP to $IPv4addr.  You may need to restart after the install is complete."
+			echo ":::"
+
+		fi
 	else
-		setDHCPCD
-		$SUDO ip addr replace dev "$piholeInterface" "$IPv4addr"
-		echo ":::"
-		echo "::: Setting IP to $IPv4addr.  You may need to restart after the install is complete."
-		echo ":::"
+		echo "::: Warning: Unable to locate configuration file to set static IPv4 address!"
+		exit 1
 	fi
 }
 
@@ -455,6 +526,7 @@ versionCheckDNSmasq(){
 	else
 		$SUDO sed -i '/^server=@DNS2@/d' $newFileFinalLocation
 	fi
+	$SUDO sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' $dnsFile1
 }
 
 installScripts() {
@@ -502,7 +574,11 @@ installConfigs() {
 		$SUDO chown "$USER":root /etc/lighttpd
 		$SUDO mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
 	fi
-	$SUDO cp /etc/.pihole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf
+	$SUDO cp /etc/.pihole/advanced/$LIGHTTPD_CFG /etc/lighttpd/lighttpd.conf
+	$SUDO mkdir -p /var/run/lighttpd
+	$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/run/lighttpd
+	$SUDO mkdir -p /var/cache/lighttpd/compress
+	$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/cache/lighttpd/compress
 }
 
 stopServices() {
@@ -510,50 +586,52 @@ stopServices() {
 	$SUDO echo ":::"
 	$SUDO echo -n "::: Stopping services..."
 	#$SUDO service dnsmasq stop & spinner $! || true
-	$SUDO service lighttpd stop & spinner $! || true
+	if [ -x "$(command -v systemctl)" ]; then
+		$SUDO systemctl stop lighttpd & spinner $! || true
+	else
+		$SUDO service lighttpd stop & spinner $! || true
+	fi
 	$SUDO echo " done."
 }
 
-checkForDependencies() {
+installerDependencies() {
 	#Running apt-get update/upgrade with minimal output can cause some issues with
 	#requiring user input (e.g password for phpmyadmin see #218)
 	#We'll change the logic up here, to check to see if there are any updates availible and
 	# if so, advise the user to run apt-get update/upgrade at their own discretion
 	#Check to see if apt-get update has already been run today
 	# it needs to have been run at least once on new installs!
-
-	timestamp=$(stat -c %Y /var/cache/apt/)
+	timestamp=$(stat -c %Y $PKG_CACHE)
 	timestampAsDate=$(date -d @"$timestamp" "+%b %e")
 	today=$(date "+%b %e")
 
 	if [ ! "$today" == "$timestampAsDate" ]; then
 		#update package lists
 		echo ":::"
-		echo -n "::: apt-get update has not been run today. Running now..."
-		$SUDO apt-get -qq update & spinner $!
+		echo -n "::: $PKG_MANAGER update has not been run today. Running now..."
+		$SUDO $UPDATE_PKG_CACHE > /dev/null 2>&1
 		echo " done!"
 	fi
 	echo ":::"
-	echo -n "::: Checking apt-get for upgraded packages...."
-    updatesToInstall=$($SUDO apt-get -s -o Debug::NoLocking=true upgrade | grep -c ^Inst)
-    echo " done!"
-    echo ":::"
-    if [[ $updatesToInstall -eq "0" ]]; then
+	echo -n "::: Checking $PKG_MANAGER for upgraded packages...."
+	updatesToInstall=$(eval "$SUDO $PKG_COUNT")
+	echo " done!"
+	echo ":::"
+	if [[ $updatesToInstall -eq "0" ]]; then
 		echo "::: Your pi is up to date! Continuing with pi-hole installation..."
-    else
+	else
 		echo "::: There are $updatesToInstall updates availible for your pi!"
-		echo "::: We recommend you run 'sudo apt-get upgrade' after installing Pi-Hole! "
+		echo "::: We recommend you run '$PKG_UPDATE' after installing Pi-Hole! "
 		echo ":::"
-    fi
-    echo ":::"
-    echo "::: Checking dependencies:"
-
-  dependencies=( dnsutils bc dnsmasq lighttpd php5-common php5-cgi php5 git curl unzip wget )
-	for i in "${dependencies[@]}"; do
+	fi
+	echo ":::"
+	echo "::: Checking installer dependencies..."
+	for i in "${INSTALLER_DEPS[@]}"; do
 		echo -n ":::    Checking for $i..."
-		if [ "$(dpkg-query -W -f='${Status}' "$i" 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then
+		package_check $i > /dev/null
+		if ! [ $? -eq 0 ]; then
 			echo -n " Not found! Installing...."
-			$SUDO apt-get -y -qq install "$i" > /dev/null & spinner $!
+			$SUDO $PKG_INSTALL "$i" > /dev/null 2>&1
 			echo " done!"
 		else
 			echo " already installed!"
@@ -561,6 +639,23 @@ checkForDependencies() {
 	done
 }
 
+checkForDependencies() {
+	# Install dependencies for Pi-Hole
+    echo "::: Checking Pi-Hole dependencies:"
+
+    for i in "${PIHOLE_DEPS[@]}"; do
+	echo -n ":::    Checking for $i..."
+	package_check $i > /dev/null
+	if ! [ $? -eq 0 ]; then
+		echo -n " Not found! Installing...."
+		$SUDO $PKG_INSTALL "$i" > /dev/null & spinner $!
+		echo " done!"
+	else
+		echo " already installed!"
+	fi
+    done
+}
+
 getGitFiles() {
 	# Setup git repos for base files and web admin
 	echo ":::"
@@ -638,6 +733,12 @@ installPiholeWeb() {
 		$SUDO cp /etc/.pihole/advanced/index.* /var/www/html/pihole/.
 		$SUDO echo " done!"
 	fi
+	# Install Sudoer file
+	echo -n "::: Installing sudoer file..."
+	$SUDO mkdir -p /etc/sudoers.d/
+	$SUDO cp /etc/.pihole/advanced/pihole.sudo /etc/sudoers.d/pihole
+	$SUDO chmod 0440 /etc/sudoers.d/pihole
+	echo " done!"
 }
 
 installCron() {
@@ -671,6 +772,27 @@ setUser(){
 	fi
 }
 
+configureFirewall() {
+	# Allow HTTP and DNS traffic
+	if [ -x "$(command -v firewall-cmd)" ]; then
+		$SUDO firewall-cmd --state > /dev/null
+		if [[ $? -eq 0 ]]; then
+			$SUDO echo "::: Configuring firewalld for httpd and dnsmasq.."
+			$SUDO firewall-cmd --permanent --add-port=80/tcp
+			$SUDO firewall-cmd --permanent --add-port=53/tcp
+			$SUDO firewall-cmd --permanent --add-port=53/udp
+			$SUDO firewall-cmd --reload
+		fi
+	elif [ -x "$(command -v iptables)" ]; then
+		$SUDO echo "::: Configuring iptables for httpd and dnsmasq.."
+		$SUDO iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+		$SUDO iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
+		$SUDO iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
+	else
+		$SUDO echo "::: No firewall detected.. skipping firewall configuration."
+	fi
+}
+
 installPihole() {
 	# Install base files and web interface
 	checkForDependencies # done
@@ -680,35 +802,77 @@ installPihole() {
 	if [ ! -d "/var/www/html" ]; then
 		$SUDO mkdir -p /var/www/html
 	fi
-	$SUDO chown www-data:www-data /var/www/html
+	$SUDO chown $LIGHTTPD_USER:$LIGHTTPD_GROUP /var/www/html
 	$SUDO chmod 775 /var/www/html
-	$SUDO usermod -a -G www-data pihole
-	$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null
+	$SUDO usermod -a -G $LIGHTTPD_GROUP pihole
+	if [ -x "$(command -v lighty-enable-mod)" ]; then
+		$SUDO lighty-enable-mod fastcgi fastcgi-php > /dev/null
+	else
+		printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n"
+	fi
 
 	getGitFiles
 	installScripts
 	installConfigs
 	CreateLogFile
+	configureSelinux
 	installPiholeWeb
 	installCron
 	runGravity
+	configureFirewall
+}
+
+configureSelinux() {
+	if [ -x "$(command -v getenforce)" ]; then
+		printf "\n::: SELinux Detected\n"
+		printf ":::\tChecking for SELinux policy development packages..."
+		package_check "selinux-policy-devel" > /dev/null
+		if ! [ $? -eq 0 ]; then
+			echo -n " Not found! Installing...."
+			$SUDO $PKG_INSTALL "selinux-policy-devel" > /dev/null & spinner $!
+			echo " done!"
+		else
+			echo " already installed!"
+		fi
+		printf "::: Enabling httpd server side includes (SSI).. "
+		$SUDO setsebool -P httpd_ssi_exec on
+		if [ $? -eq 0 ]; then
+			echo -n "Success\n"
+		fi
+		printf ":::\tCompiling Pi-Hole SELinux policy..\n"
+		$SUDO checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
+		$SUDO semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
+		$SUDO semodule -i /etc/pihole/pihole.pp
+		$SUDO rm -f /etc/pihole/pihole.mod
+		$SUDO semodule -l | grep pihole > /dev/null
+		if [ $? -eq 0 ]; then
+			printf "::: Successfully installed Pi-Hole SELinux policy\n"
+		else
+			printf "::: Warning: Pi-Hole SELinux policy did not install correctly!\n"
+		fi
+	fi
 }
 
 displayFinalMessage() {
 	# Final completion message to user
 	whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using:
 
-IPv4:	$IPv4addr
+IPv4:	${IPv4addr%/*}
 IPv6:	$piholeIPv6
 
 If you set a new IP address, you should restart the Pi.
 
-The install log is in /etc/pihole." $r $c
+The install log is in /etc/pihole.
+View the web interface at http://pi.hole/admin or http://${IPv4addr%/*}/admin" $r $c
 }
 
 ######## SCRIPT ############
 # Start the installer
 $SUDO mkdir -p /etc/pihole/
+
+# Install packages used by this installation script
+installerDependencies
+
 welcomeDialogs
 
 # Verify there is enough disk space for the install
@@ -716,6 +880,8 @@ verifyFreeDiskSpace
 
 # Just back up the original Pi-hole right away since it won't take long and it gets it out of the way
 backupLegacyPihole
+# Find IP used to route to outside world
+findIPRoute
 # Find interfaces and let the user choose one
 chooseInterface
 # Let the user decide if they want to block ads over IPv4 and/or IPv6
@@ -734,16 +900,24 @@ displayFinalMessage
 
 echo -n "::: Restarting services..."
 # Start services
-$SUDO service dnsmasq restart
-$SUDO service lighttpd start
+if [ -x "$(command -v systemctl)" ]; then
+	$SUDO systemctl enable dnsmasq
+	$SUDO systemctl restart dnsmasq
+	$SUDO systemctl enable lighttpd
+	$SUDO systemctl start lighttpd
+else
+	$SUDO service dnsmasq restart
+	$SUDO service lighttpd start
+fi
+
 echo " done."
 
 echo ":::"
 echo "::: Installation Complete! Configure your devices to use the Pi-hole as their DNS server using:"
-echo ":::     $IPv4addr"
+echo ":::     ${IPv4addr%/*}"
 echo ":::     $piholeIPv6"
 echo ":::"
 echo "::: If you set a new IP address, you should restart the Pi."
-echo "::: "
+echo ":::"
 echo "::: The install log is located at: /etc/pihole/install.log"
-
+echo "::: View the web interface at http://pi.hole/admin or http://${IPv4addr%/*}/admin"

automated install/uninstall.sh

@@ -17,7 +17,7 @@ else
 	echo "::: Sudo will be used for the uninstall."
   # Check if it is actually installed
   # If it isn't, exit because the unnstall cannot complete
-  if [[ $(dpkg-query -s sudo) ]];then
+  if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
   else
     echo "::: Please install sudo or run this as root."
@@ -25,6 +25,39 @@ else
   fi
 fi
 
+# Compatability
+if [ -x "$(command -v rpm)" ];then
+	# Fedora Family
+	if [ -x "$(command -v dnf)" ];then
+		PKG_MANAGER="dnf"
+	else
+		PKG_MANAGER="yum"
+	fi
+	PKG_REMOVE="$PKG_MANAGER remove -y"
+	PIHOLE_DEPS=( bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common git curl unzip wget findutils )
+	package_check() {
+		rpm -qa | grep ^$1- > /dev/null
+	}
+	package_cleanup() {
+		$SUDO $PKG_MANAGER -y autoremove
+	}
+elif [ -x "$(command -v apt-get)" ];then
+	# Debian Family
+	PKG_MANAGER="apt-get"
+	PKG_REMOVE="$PKG_MANAGER -y remove --purge"
+	PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget )
+	package_check() {
+		dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
+	}
+	package_cleanup() {
+		$SUDO $PKG_MANAGER -y autoremove
+		$SUDO $PKG_MANAGER -y autoclean
+	}
+else
+	echo "OS distribution not supported"
+	exit
+fi
+
 spinner()
 {
     local pid=$1
@@ -43,14 +76,13 @@ spinner()
 function removeAndPurge {
 	# Purge dependencies
 echo ":::"
-	# Nate 3/28/2016 - Removed `php5-cgi` and `php5` as they are removed with php5-common
-	dependencies=( dnsutils bc dnsmasq lighttpd php5-common git curl unzip wget )
-	for i in "${dependencies[@]}"; do
-		if [ "$(dpkg-query -W --showformat='${Status}\n' "$i" 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then
+	for i in "${PIHOLE_DEPS[@]}"; do
+		package_check $i > /dev/null
+		if [ $? -eq 0 ]; then
 			while true; do
 				read -rp "::: Do you wish to remove $i from your system? [y/n]: " yn
 				case $yn in
-					[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO apt-get -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\n"; break;;
+					[Yy]* ) printf ":::\tRemoving %s..." "$i"; $SUDO $PKG_REMOVE "$i" &> /dev/null & spinner $!; printf "done!\n"; break;;
 					[Nn]* ) printf ":::\tSkipping %s" "$i\n"; break;;
 					* ) printf "::: You must answer yes or no!\n";;
 				esac
@@ -65,10 +97,8 @@ echo ":::"
 	$SUDO rm /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/01-pihole.conf &> /dev/null
 
 	# Take care of any additional package cleaning
-	printf "::: Auto removing remaining dependencies..."
-	$SUDO apt-get -y autoremove &> /dev/null & spinner $!; printf "done!\n";
-	printf "::: Auto cleaning remaining dependencies..."
-	$SUDO apt-get -y autoclean &> /dev/null & spinner $!; printf "done!\n";
+	printf "::: Auto removing & cleaning remaining dependencies..."
+	package_cleanup &> /dev/null & spinner $!; printf "done!\n";
 
 	# Call removeNoPurge to remove PiHole specific files
 	removeNoPurge
@@ -107,7 +137,8 @@ function removeNoPurge {
 	fi
 
 	echo "::: Removing config files and scripts..."
-	if [ ! "$(dpkg-query -W --showformat='${Status}\n' lighttpd 2> /dev/null | grep -c "ok installed")" -eq 1 ]; then
+	package_check $i > /dev/null
+	if [ $? -eq 1 ]; then
 		$SUDO rm -rf /etc/lighttpd/ &> /dev/null
 	else
 		if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then
@@ -122,8 +153,9 @@ function removeNoPurge {
 	$SUDO rm -rf /etc/.pihole/ &> /dev/null
 	$SUDO rm -rf /opt/pihole/ &> /dev/null
 	$SUDO rm /usr/local/bin/pihole &> /dev/null
-	$SUDO rm /etc/bash_completion.d/pihole
-	
+	$SUDO rm /etc/bash_completion.d/pihole &> /dev/null
+	$SUDO rm /etc/sudoers.d/pihole &> /dev/null
+
 	echo ":::"
 	printf "::: Finished removing PiHole from your system. Sorry to see you go!\n"
 	printf "::: Reach out to us at https://github.com/pi-hole/pi-hole/issues if you need help\n"
@@ -142,5 +174,3 @@ while true; do
 		[Nn]* ) removeNoPurge; break;;
 	esac
 done
-
-

gravity.sh

@@ -19,7 +19,7 @@ else
 	echo "::: sudo will be used."
 	# Check if it is actually installed
 	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
+	if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
 	else
 		echo "::: Please install sudo or run this script as root."
@@ -152,7 +152,7 @@ function gravity_transport() {
 	fi
 
 	# Silently curl url
-	curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer
+	curl -s -L $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer
 	# Check for list updates
 	gravity_patternCheck "$patternBuffer"
 	# Cleanup
@@ -181,7 +181,7 @@ function gravity_spinup() {
         # to complete properly and reset the user agent when required
         case "$domain" in
             "adblock.mahakala.is")
-                agent='Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0'
+                agent='Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36'
                 cmd_ext="-e http://forum.xda-developers.com/"
             ;;
 

pihole

@@ -17,7 +17,7 @@ if [[ ! $EUID -eq 0 ]];then
 	#echo "::: Sudo will be used for this tool."
   # Check if it is actually installed
   # If it isn't, exit because the pihole cannot be invoked without privileges.
-  if [[ $(dpkg-query -s sudo) ]];then
+  if [ -x "$(command -v sudo)" ];then
 		export SUDO="sudo"
   else
     echo "::: Please install sudo or run this as root."