Projekt Pi-Hole:
Ansatz ist die Eindämmung von Tracking und Werbung fürs Homenetzwerk:
Installation erfolgt auf einem bestehenden (FHEM) Raspberry Pi 2 (Rasbian):
Installationsquelle herunterladen bzw. Script im Anschluss ausführen.
curl -sSL https://install.pi-hole.net | bash
Dem Installations-Assistenten folgen:
- Select Upstream DNS-Provider:
IPv4: 194.150.168.168 #Chaos Computer Club (Serverstandort in Deutschland)
IPv4: 84.200.69.80, 84.200.70.40 #DNS.Watch (Serverstandort in Deutschland) - Select Protocols
IPv4 oder/und IPv6 selektieren
Gegebenenfalls noch den Port des Webservers ändern, sofern er schon z.B. durch eine Instanz (apache etc) belegt ist:
nano
/etc/lighttpd/lighttpd
.conf
sudo service lighttpd restart
Installationslog:root@pi:~# curl -sSL https://install.pi-hole.net | bash
.;;,.
.ccccc:,.
:cccclll:. ..,,
:ccccclll. ;ooodc
'ccll:;ll .oooodc
.;cll.;;looo:.
.. ','.
.',,,,,,'.
.',,,,,,,,,,.
.',,,,,,,,,,,,....
....''',,,,,,,'.......
......... .... .........
.......... ..........
.......... ..........
......... .... .........
........,,,,,,,'......
....',,,,,,,,,,,,.
.',,,,,,,,,'.
.',,,,,,'.
..'''.
[✓] Root user check
[✓] Disk space check
[✓] Update local cache of available packages
[✓] Checking apt-get for upgraded packages... 7 updates available
[i] It is recommended to update your OS after installing the Pi-hole!
[i] Installer Dependency checks...
[✓] Checking for apt-utils
[✓] Checking for dialog
[✓] Checking for debconf
[✓] Checking for dhcpcd5
[✓] Checking for git
[✓] Checking for iproute2
[✓] Checking for whiptail
[✓] Stopping dnsmasq service...
[✓] Stopping lighttpd service...
[i] Using interface: wlan0
[i] Using [✓] Set IP address to <IP-ADDRESS>
You may need to restart after the install is complete
[i] IPv4 address: <IP-ADDRESS>/24
[i] IPv6 address:
[i] Web Interface On
[i] Logging On.
[✗] Check for existing repository in /etc/.pihole
[✓] Clone https://github.com/pi-hole/pi-hole.git into /etc/.pihole
[✗] Check for existing repository in /var/www/html/admin
[✓] Clone https://github.com/pi-hole/AdminLTE.git into /var/www/html/admin
[i] Main Dependency checks...
[✓] Checking for bc
[✓] Checking for cron
[✓] Checking for curl
[i] Checking for dnsmasq (will be installed)
[i] Checking for dnsutils (will be installed)
[✓] Checking for iputils-ping
[✓] Checking for lsof
[i] Checking for netcat (will be installed)
[✓] Checking for sudo
[✓] Checking for unzip
[✓] Checking for wget
[i] Checking for idn2 (will be installed)
[i] Checking for lighttpd (will be installed)
[✓] Checking for php5-common
[i] Checking for php5-cgi (will be installed)
[i] Checking for php5-sqlite (will be installed)
[✓] Enabling lighttpd service to start on reboot
[✓] Installing scripts from /etc/.pihole
[i] Installing configs from /etc/.pihole...
[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
[✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
[✓] Creating log and changing owner to dnsmasq
[i] Installing blocking page...
[✓] Creating directory for blocking page, and copying files
[✓] Backing up index.lighttpd.html
[✓] Installing sudoer file
[✓] Installing latest Cron script
[✓] Installing latest logrotate script
[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[✓] Downloading and Installing FTL
[i] Skipping firewall configuration
[i] Restarting services...
[✓] Starting dnsmasq service
[✓] Enabling dnsmasq service to start on reboot
[✓] Starting lighttpd service
[✓] Enabling lighttpd service to start on reboot
[✓] Starting pihole-FTL service
[✓] Enabling pihole-FTL service to start on reboot
[i] Preparing to run gravity.sh to refresh hosts...
[i] Running gravity.sh
[i] Neutrino emissions detected...
[✓] Pulling blocklist source list into range
[i] Target: raw.githubusercontent.com (hosts)
[✓] Status: Retrieval successful
[i] Target: mirror1.malwaredomains.com (justdomains)
[✓] Status: Retrieval successful
[i] Target: sysctl.org (hosts)
[✓] Status: Retrieval successful
[i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
[✓] Status: Retrieval successful
[i] Target: s3.amazonaws.com (simple_tracking.txt)
[✓] Status: Retrieval successful
[i] Target: s3.amazonaws.com (simple_ad.txt)
[✓] Status: Retrieval successful
[i] Target: hosts-file.net (ad_servers.txt)
[✓] Status: Retrieval successful
[✓] Consolidating blocklists
[✓] Extracting domains from blocklists
[i] Number of domains being pulled in by gravity: 131.681
[✓] Removing duplicate domains
[i] Number of unique domains trapped in the Event Horizon: 108.530
[i] Number of blocklist source domains being added to the whitelist: 6
[i] Number of whitelisted domains: 6
[✓] Parsing domains into hosts format
[✓] Cleaning up stray matter
[✓] Force-reloading DNS service
[✓] DNS service is running
[✓] Pi-hole blocking is Enabled
[i] Web Interface password: <PASSWORD>
This can be changed using 'pihole -a -p'
View the web interface at http://pi.hole/admin or http://<IP-ADDRESS>/admin
You may now configure your devices to use the Pi-hole as their DNS server
[i] Pi-hole DNS (IPv4): <IP-ADDRESS>
If you set a new IP address, please restart the server running the Pi-hole
[i] The install log is located at: /etc/pihole/install.log
Installation Complete!
Nach erfolgreicher Installation ist das Admin-Interface unter folgender Adresse erreichbar:
Webinterface:
Wichtige Commands für Verwaltung:
pihole -h |
#Befehlsübersicht |
pihole -g |
#Update der Blockierlisten anstossen |
pihole -r |
#Anstoßen des Konfigurators
|
pihole -a -p geheim |
#Setzen des Webinterface-Passwortes |
pihole -up |
#Update von PiHole |
Pi-Hole Auto-Update durchführen per Cronjob:sudo nano /etc/cron.d/pihole
Auskommentieren der Zeile#30 2 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updatePihole
Crond neu startensudo service cron restart
Whitelists anzeigen / erweitern:
Ansicht:sudo cat /etc/pihole/whitelist.txt
Erweiterung einer Domain:pihole -w domainname.extension
Entfernen einer Domain:pihole -w -d domainname.extension
Für die Endgeräte, die nun in den Genuß der Pi-HoleDNS-Verwaltung kommen sollen, bietet sich nun an, diese entweder per statischer Zuweisung eines DNS-Server oder per DHCP (z.B. Fritzbox) zu konfigurieren.