Projekt Pi-Hole:
Ansatz ist die Eindämmung von Tracking und Werbung fürs Homenetzwerk:
Installation erfolgt auf einem bestehenden (FHEM) Raspberry Pi 2 (Rasbian):
Installationsquelle herunterladen bzw. Script im Anschluss ausführen.
curl -sSL https://install.pi-hole.net | bash
Dem Installations-Assistenten folgen:
- Select Upstream DNS-Provider:
IPv4: 194.150.168.168 #Chaos Computer Club (Serverstandort in Deutschland)
IPv4: 84.200.69.80, 84.200.70.40 #DNS.Watch (Serverstandort in Deutschland) - Select Protocols
IPv4 oder/und IPv6 selektieren
Gegebenenfalls noch den Port des Webservers ändern, sofern er schon z.B. durch eine Instanz (apache etc) belegt ist:
nano /etc/lighttpd/lighttpd.conf
sudo service lighttpd restartInstallationslog:root@pi:~# curl -sSL https://install.pi-hole.net | bash .;;,. .ccccc:,. :cccclll:. ..,, :ccccclll. ;ooodc 'ccll:;ll .oooodc .;cll.;;looo:. .. ','. .',,,,,,'. .',,,,,,,,,,. .',,,,,,,,,,,,.... ....''',,,,,,,'....... ......... .... ......... .......... .......... .......... .......... ......... .... ......... ........,,,,,,,'...... ....',,,,,,,,,,,,. .',,,,,,,,,'. .',,,,,,'. ..'''. [✓] Root user check [✓] Disk space check [✓] Update local cache of available packages [✓] Checking apt-get for upgraded packages... 7 updates available [i] It is recommended to update your OS after installing the Pi-hole! [i] Installer Dependency checks... [✓] Checking for apt-utils [✓] Checking for dialog [✓] Checking for debconf [✓] Checking for dhcpcd5 [✓] Checking for git [✓] Checking for iproute2 [✓] Checking for whiptail [✓] Stopping dnsmasq service... [✓] Stopping lighttpd service... [i] Using interface: wlan0 [i] Using [✓] Set IP address to <IP-ADDRESS> You may need to restart after the install is complete [i] IPv4 address: <IP-ADDRESS>/24 [i] IPv6 address: [i] Web Interface On [i] Logging On. [✗] Check for existing repository in /etc/.pihole [✓] Clone https://github.com/pi-hole/pi-hole.git into /etc/.pihole [✗] Check for existing repository in /var/www/html/admin [✓] Clone https://github.com/pi-hole/AdminLTE.git into /var/www/html/admin [i] Main Dependency checks... [✓] Checking for bc [✓] Checking for cron [✓] Checking for curl [i] Checking for dnsmasq (will be installed) [i] Checking for dnsutils (will be installed) [✓] Checking for iputils-ping [✓] Checking for lsof [i] Checking for netcat (will be installed) [✓] Checking for sudo [✓] Checking for unzip [✓] Checking for wget [i] Checking for idn2 (will be installed) [i] Checking for lighttpd (will be installed) [✓] Checking for php5-common [i] Checking for php5-cgi (will be installed) [i] Checking for php5-sqlite (will be installed) [✓] Enabling lighttpd service to start on reboot [✓] Installing scripts from /etc/.pihole [i] Installing configs from /etc/.pihole... [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone! [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf [✓] Creating log and changing owner to dnsmasq [i] Installing blocking page... [✓] Creating directory for blocking page, and copying files [✓] Backing up index.lighttpd.html [✓] Installing sudoer file [✓] Installing latest Cron script [✓] Installing latest logrotate script [i] FTL Checks... [✓] Detected ARM-hf architecture (armv7+) [i] Checking for existing FTL binary... [✓] Downloading and Installing FTL [i] Skipping firewall configuration [i] Restarting services... [✓] Starting dnsmasq service [✓] Enabling dnsmasq service to start on reboot [✓] Starting lighttpd service [✓] Enabling lighttpd service to start on reboot [✓] Starting pihole-FTL service [✓] Enabling pihole-FTL service to start on reboot [i] Preparing to run gravity.sh to refresh hosts... [i] Running gravity.sh [i] Neutrino emissions detected... [✓] Pulling blocklist source list into range [i] Target: raw.githubusercontent.com (hosts) [✓] Status: Retrieval successful [i] Target: mirror1.malwaredomains.com (justdomains) [✓] Status: Retrieval successful [i] Target: sysctl.org (hosts) [✓] Status: Retrieval successful [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist) [✓] Status: Retrieval successful [i] Target: s3.amazonaws.com (simple_tracking.txt) [✓] Status: Retrieval successful [i] Target: s3.amazonaws.com (simple_ad.txt) [✓] Status: Retrieval successful [i] Target: hosts-file.net (ad_servers.txt) [✓] Status: Retrieval successful [✓] Consolidating blocklists [✓] Extracting domains from blocklists [i] Number of domains being pulled in by gravity: 131.681 [✓] Removing duplicate domains [i] Number of unique domains trapped in the Event Horizon: 108.530 [i] Number of blocklist source domains being added to the whitelist: 6 [i] Number of whitelisted domains: 6 [✓] Parsing domains into hosts format [✓] Cleaning up stray matter [✓] Force-reloading DNS service [✓] DNS service is running [✓] Pi-hole blocking is Enabled [i] Web Interface password: <PASSWORD> This can be changed using 'pihole -a -p'
View the web interface at http://pi.hole/admin or http://<IP-ADDRESS>/admin
You may now configure your devices to use the Pi-hole as their DNS server
[i] Pi-hole DNS (IPv4): <IP-ADDRESS>
If you set a new IP address, please restart the server running the Pi-hole
[i] The install log is located at: /etc/pihole/install.log
Installation Complete!
Nach erfolgreicher Installation ist das Admin-Interface unter folgender Adresse erreichbar:
Webinterface:
Wichtige Commands für Verwaltung:
pihole -h |
#Befehlsübersicht |
pihole -g |
#Update der Blockierlisten anstossen |
pihole -r |
#Anstoßen des Konfigurators |
pihole -a -p geheim |
#Setzen des Webinterface-Passwortes |
pihole -up |
#Update von PiHole |
Pi-Hole Auto-Update durchführen per Cronjob:sudo nano /etc/cron.d/pihole
Auskommentieren der Zeile#30 2 * * 7 root PATH="$PATH:/usr/local/bin/" pihole updatePihole
Crond neu startensudo service cron restart
Whitelists anzeigen / erweitern:
Ansicht:sudo cat /etc/pihole/whitelist.txt
Erweiterung einer Domain:pihole -w domainname.extension
Entfernen einer Domain:pihole -w -d domainname.extension
Für die Endgeräte, die nun in den Genuß der Pi-HoleDNS-Verwaltung kommen sollen, bietet sich nun an, diese entweder per statischer Zuweisung eines DNS-Server oder per DHCP (z.B. Fritzbox) zu konfigurieren.