初代Raspberry PiにPi-Holeをインストールして利用していますが、いろいろ追加したらどうも動きが怪しい(^^;
で念のためにいつでも切り替えられるようにCnetOS 8(VM)にpi-holeをインストールしました。
Pi-hole – Network-wide protection
https://pi-hole.net/
環境
・CnetOS 8(VM mem:2G, vcpu:1, hdd:32gb)
・CentOS Linux release 8.2.2004 (Core)
・Kernel 4.18.0-193.28.1.el8_2.x86_64
・Minimal Install
- dnf update
- php 7.4 install
- SELinuxの無効化
- Pi-holeのインストール
- ファイアウォールの許可
- Web UIにログイン
1 |
# dnf -y update |
そのままpi-holeのインストールスクリプトを実行すると標準のphp 7.2がインストールされたので、予め7.4をインストールしました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm remi-release-8.rpm 15 kB/s | 23 kB 00:01 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: remi-release noarch 8.1-2.el8.remi @commandline 23 k Installing dependencies: epel-release noarch 8-8.el8 extras 23 k Transaction Summary =========================================================================== (snip) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# dnf module list php CentOS-8 - AppStream Name Stream Profiles Summary php 7.2 [d] common [d], devel, minimal PHP scripting language php 7.3 common [d], devel, minimal PHP scripting language Remi's Modular repository for Enterprise Linux 8 - x86_64 Name Stream Profiles Summary php remi-7.2 common [d], devel, minimal PHP scripting language php remi-7.3 common [d], devel, minimal PHP scripting language php remi-7.4 common [d], devel, minimal PHP scripting language php remi-8.0 common [d], devel, minimal PHP scripting language Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled |
1 2 3 4 5 6 7 8 9 10 11 12 |
# dnf module install php:remi-7.4 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing group/module packages: php-cli x86_64 7.4.13-1.el8.remi remi-modular 4.6 M php-common x86_64 7.4.13-1.el8.remi remi-modular 1.2 M php-fpm x86_64 7.4.13-1.el8.remi remi-modular 1.6 M php-mbstring x86_64 7.4.13-1.el8.remi remi-modular 528 k php-xml x86_64 7.4.13-1.el8.remi remi-modular 214 k (snip) |
SELinuxを無効化しないとスクリプトが停止してしまいました。
Pi-hole does not provide an SELinux policy as the required changes modify the security of your system.
Please refer to https://wiki.centos.org/HowTos/SELinux if SELinux is required for your deployment.
This check can be skipped by setting the environment variable PIHOLE_SELINUX to true
e.g: export PIHOLE_SELINUX=true
By setting this variable to true you acknowledge there may be issues with Pi-hole during or after the installSELinux Enforcing detected, exiting installer
1 2 3 4 5 6 |
# vi /etc/sysconfig/selinux SELINUX=disabled # setenforce 0 # getenforce Permissive |
インストールスクリプトを実行します。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 |
# curl -sSL https://install.pi-hole.net | bash [レ] Root user check .;;,. .ccccc:,. :cccclll:. ..,, :ccccclll. ;ooodc 'ccll:;ll .oooodc .;cll.;;looo:. .. ','. .',,,,,,'. .',,,,,,,,,,. .',,,,,,,,,,,,.... ....''',,,,,,,'....... ......... .... ......... .......... .......... .......... .......... ......... .... ......... ........,,,,,,,'...... ....',,,,,,,,,,,,. .',,,,,,,,,'. .',,,,,,'. ..'''. [レ] Checking dnf for upgraded packages... 1 updates available [i] It is recommended to update your OS after installing the Pi-hole! [i] Installer Dependency checks... [レ] Checking for git [レ] Checking for iproute [レ] Checking for newt [レ] Checking for procps-ng [レ] Checking for which [レ] Checking for chkconfig [レ] Checking for bind-utils [レ] Supported OS detected [レ] Default SELinux: disabled [レ] Current SELinux: Permissive [i] Using upstream DNS: Cloudflare (1.1.1.1, 1.0.0.1) [i] Static IP already configured [i] Found IPv6 GUA address, using it for blocking IPv6 ads [i] IPv4 address: 192.168.1.3/24 [i] IPv6 address: 0000:111:222:3333:4444:5555:6666:7777 [i] Web Interface On [i] Web Server On [i] Logging On. [レ] Check for existing repository in /etc/.pihole [i] Clone https://github.com/pi-hole/pi-hole.git into /etc/.pihole...HEAD is now at 0d8ece1 Merge pull request #3889 from pi-hole/release/v5.2.1 [レ] Clone https://github.com/pi-hole/pi-hole.git into /etc/.pihole [レ] Check for existing repository in /var/www/html/admin [i] Clone https://github.com/pi-hole/AdminLTE.git into /var/www/html/admin...HEAD is now at 8ac95be Merge pull request #1647 from pi-hole/release/v5.2.1 [レ] Clone https://github.com/pi-hole/AdminLTE.git into /var/www/html/admin [i] Main Dependency checks... [レ] Checking for cronie [レ] Checking for curl [レ] Checking for findutils [i] Checking for nmap-ncat (will be installed) [レ] Checking for sudo [i] Checking for unzip (will be installed) [レ] Checking for libidn2 [i] Checking for psmisc (will be installed) [i] Checking for sqlite (will be installed) [レ] Checking for libcap [i] Checking for lsof (will be installed) [i] Checking for lighttpd (will be installed) [i] Checking for lighttpd-fastcgi (will be installed) [レ] Checking for php-common [レ] Checking for php-cli [i] Checking for php-pdo (will be installed) [レ] Checking for php-xml [レ] Checking for php-json [i] Checking for php-intl (will be installed) [i] Processing dnf install(s) for: nmap-ncat unzip psmisc sqlite lsof lighttpd lighttpd-fastcgi php-pdo php-intl, please wait... -------------------------------------------------------------------------------- Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: lighttpd x86_64 1.4.55-3.el8 epel 470 k lighttpd-fastcgi x86_64 1.4.55-3.el8 epel 41 k lsof x86_64 4.91-2.el8 BaseOS 253 k nmap-ncat x86_64 2:7.70-5.el8 AppStream 237 k php-intl x86_64 7.4.13-1.el8.remi remi-modular 241 k php-pdo x86_64 7.4.13-1.el8.remi remi-modular 143 k psmisc x86_64 23.1-4.el8 BaseOS 150 k sqlite x86_64 3.26.0-6.el8 BaseOS 666 k unzip x86_64 6.0-43.el8 BaseOS 195 k Installing dependencies: centos-logos x86_64 80.5-2.el8 BaseOS 706 k compat-lua-libs x86_64 5.1.5-15.el8 epel 167 k gamin x86_64 0.1.10-31.el8 BaseOS 127 k libicu65 x86_64 65.1-1.el8.remi remi-safe 9.3 M lighttpd-filesystem noarch 1.4.55-3.el8 epel 24 k mariadb-connector-c x86_64 3.0.7-1.el8 AppStream 148 k mariadb-connector-c-config noarch 3.0.7-1.el8 AppStream 13 k spawn-fcgi x86_64 1.6.3-17.el8 epel 24 k Transaction Summary ================================================================================ Install 17 Packages Total download size: 13 M Installed size: 40 M Downloading Packages: (1/17): mariadb-connector-c-config-3.0.7-1.el8. 148 kB/s | 13 kB 00:00 (2/17): mariadb-connector-c-3.0.7-1.el8.x86_64. 581 kB/s | 148 kB 00:00 (3/17): nmap-ncat-7.70-5.el8.x86_64.rpm 668 kB/s | 237 kB 00:00 (4/17): gamin-0.1.10-31.el8.x86_64.rpm 742 kB/s | 127 kB 00:00 (5/17): lsof-4.91-2.el8.x86_64.rpm 1.0 MB/s | 253 kB 00:00 (6/17): psmisc-23.1-4.el8.x86_64.rpm 622 kB/s | 150 kB 00:00 (7/17): centos-logos-80.5-2.el8.x86_64.rpm 1.0 MB/s | 706 kB 00:00 (8/17): unzip-6.0-43.el8.x86_64.rpm 1.0 MB/s | 195 kB 00:00 (9/17): sqlite-3.26.0-6.el8.x86_64.rpm 2.0 MB/s | 666 kB 00:00 (10/17): compat-lua-libs-5.1.5-15.el8.x86_64.rp 683 kB/s | 167 kB 00:00 (11/17): lighttpd-filesystem-1.4.55-3.el8.noarc 1.1 MB/s | 24 kB 00:00 (12/17): lighttpd-fastcgi-1.4.55-3.el8.x86_64.r 505 kB/s | 41 kB 00:00 (13/17): lighttpd-1.4.55-3.el8.x86_64.rpm 2.7 MB/s | 470 kB 00:00 (14/17): spawn-fcgi-1.6.3-17.el8.x86_64.rpm 1.1 MB/s | 24 kB 00:00 (15/17): php-intl-7.4.13-1.el8.remi.x86_64.rpm 165 kB/s | 241 kB 00:01 (16/17): php-pdo-7.4.13-1.el8.remi.x86_64.rpm 97 kB/s | 143 kB 00:01 (17/17): libicu65-65.1-1.el8.remi.x86_64.rpm 1.7 MB/s | 9.3 MB 00:05 -------------------------------------------------------------------------------- Total 1.3 MB/s | 13 MB 00:09 warning: /var/cache/dnf/epel-6519ee669354a484/packages/compat-lua-libs-5.1.5-15.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY Extra Packages for Enterprise Linux 8 - x86_64 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x2F86D6A1: Userid : "Fedora EPEL (8) <epel@fedoraproject.org>" Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: mariadb-connector-c-3.0.7-1.el8.x86_64 1/1 Preparing : 1/1 Installing : libicu65-65.1-1.el8.remi.x86_64 1/17 Installing : spawn-fcgi-1.6.3-17.el8.x86_64 2/17 Running scriptlet: spawn-fcgi-1.6.3-17.el8.x86_64 2/17 Running scriptlet: lighttpd-filesystem-1.4.55-3.el8.noarch 3/17 Installing : lighttpd-filesystem-1.4.55-3.el8.noarch 3/17 Installing : compat-lua-libs-5.1.5-15.el8.x86_64 4/17 Installing : gamin-0.1.10-31.el8.x86_64 5/17 Running scriptlet: gamin-0.1.10-31.el8.x86_64 5/17 Installing : centos-logos-80.5-2.el8.x86_64 6/17 Running scriptlet: centos-logos-80.5-2.el8.x86_64 6/17 Installing : mariadb-connector-c-config-3.0.7-1.el8.noarch 7/17 Installing : mariadb-connector-c-3.0.7-1.el8.x86_64 8/17 Installing : lighttpd-1.4.55-3.el8.x86_64 9/17 Running scriptlet: lighttpd-1.4.55-3.el8.x86_64 9/17 Installing : lighttpd-fastcgi-1.4.55-3.el8.x86_64 10/17 Installing : php-intl-7.4.13-1.el8.remi.x86_64 11/17 Installing : php-pdo-7.4.13-1.el8.remi.x86_64 12/17 Installing : unzip-6.0-43.el8.x86_64 13/17 Installing : sqlite-3.26.0-6.el8.x86_64 14/17 Installing : psmisc-23.1-4.el8.x86_64 15/17 Installing : lsof-4.91-2.el8.x86_64 16/17 Installing : nmap-ncat-2:7.70-5.el8.x86_64 17/17 Running scriptlet: nmap-ncat-2:7.70-5.el8.x86_64 17/17 Running scriptlet: centos-logos-80.5-2.el8.x86_64 17/17 Running scriptlet: nmap-ncat-2:7.70-5.el8.x86_64 17/17 Verifying : mariadb-connector-c-3.0.7-1.el8.x86_64 1/17 Verifying : mariadb-connector-c-config-3.0.7-1.el8.noarch 2/17 Verifying : nmap-ncat-2:7.70-5.el8.x86_64 3/17 Verifying : centos-logos-80.5-2.el8.x86_64 4/17 Verifying : gamin-0.1.10-31.el8.x86_64 5/17 Verifying : lsof-4.91-2.el8.x86_64 6/17 Verifying : psmisc-23.1-4.el8.x86_64 7/17 Verifying : sqlite-3.26.0-6.el8.x86_64 8/17 Verifying : unzip-6.0-43.el8.x86_64 9/17 Verifying : compat-lua-libs-5.1.5-15.el8.x86_64 10/17 Verifying : lighttpd-1.4.55-3.el8.x86_64 11/17 Verifying : lighttpd-fastcgi-1.4.55-3.el8.x86_64 12/17 Verifying : lighttpd-filesystem-1.4.55-3.el8.noarch 13/17 Verifying : spawn-fcgi-1.6.3-17.el8.x86_64 14/17 Verifying : php-intl-7.4.13-1.el8.remi.x86_64 15/17 Verifying : php-pdo-7.4.13-1.el8.remi.x86_64 16/17 Verifying : libicu65-65.1-1.el8.remi.x86_64 17/17 Installed: centos-logos-80.5-2.el8.x86_64 compat-lua-libs-5.1.5-15.el8.x86_64 gamin-0.1.10-31.el8.x86_64 libicu65-65.1-1.el8.remi.x86_64 lighttpd-1.4.55-3.el8.x86_64 lighttpd-fastcgi-1.4.55-3.el8.x86_64 lighttpd-filesystem-1.4.55-3.el8.noarch lsof-4.91-2.el8.x86_64 mariadb-connector-c-3.0.7-1.el8.x86_64 mariadb-connector-c-config-3.0.7-1.el8.noarch nmap-ncat-2:7.70-5.el8.x86_64 php-intl-7.4.13-1.el8.remi.x86_64 php-pdo-7.4.13-1.el8.remi.x86_64 psmisc-23.1-4.el8.x86_64 spawn-fcgi-1.6.3-17.el8.x86_64 sqlite-3.26.0-6.el8.x86_64 unzip-6.0-43.el8.x86_64 Complete! -------------------------------------------------------------------------------- [レ] Enabling lighttpd service to start on reboot... [レ] Creating user 'pihole' [i] FTL Checks... [レ] Detected x86_64 processor [i] Checking for existing FTL binary... [レ] Downloading and Installing FTL [i] Warning: 'lighty-enable-mod' utility not found Please ensure fastcgi is enabled if you experience issues [レ] Installing scripts from /etc/.pihole [i] Installing configs from /etc/.pihole... [レ] No dnsmasq.conf found... restoring default dnsmasq.conf... [レ] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf [i] Installing blocking page... [レ] Creating directory for blocking page, and copying files [i] Backing up index.lighttpd.html No default index.lighttpd.html file found... not backing up [レ] Installing sudoer file [レ] Installing latest Cron script [レ] Installing latest logrotate script [i] Backing up /etc/dnsmasq.conf to /etc/dnsmasq.conf.old [レ] man pages installed and database updated [i] Testing if systemd-resolved is enabled [i] Systemd-resolved does not need to be restarted [レ] Restarting lighttpd service... [レ] Enabling lighttpd service to start on reboot... [i] Restarting services... [レ] Enabling pihole-FTL service to start on reboot... [レ] Restarting pihole-FTL service... [i] Creating new gravity database [i] Migrating content of /etc/pihole/adlists.list into new database [レ] Deleting existing list cache [i] Neutrino emissions detected... [レ] Pulling blocklist source list into range [レ] Preparing new gravity database [i] Using libz compression [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts [レ] Status: Retrieval successful [i] Received 58230 domains [i] Target: https://mirror1.malwaredomains.com/files/justdomains [レ] Status: Retrieval successful [i] Received 26854 domains [レ] Storing downloaded domains in new gravity database [レ] Building tree [レ] Swapping databases [i] Number of gravity domains: 85084 (85053 unique domains) [i] Number of exact blacklisted domains: 0 [i] Number of regex blacklist filters: 0 [i] Number of exact whitelisted domains: 0 [i] Number of regex whitelist filters: 0 [レ] Flushing DNS cache [レ] Cleaning up stray matter [レ] DNS service is listening [レ] UDP (IPv4) [レ] TCP (IPv4) [レ] UDP (IPv6) [レ] TCP (IPv6) [i] Pi-hole blocking will be enabled [i] Enabling blocking [レ] Flushing DNS cache [レ] Pi-hole Enabled [i] Web Interface password: Password [i] This can be changed using 'pihole -a -p' [i] View the web interface at http://pi.hole/admin or http://192.168.1.3/admin [i] You may now configure your devices to use the Pi-hole as their DNS server [i] Pi-hole DNS (IPv4): 192.168.1.3 [i] Pi-hole DNS (IPv6): 0000:111:222:3333:4444:5555:6666:7777 [i] If you set a new IP address, please restart the server running the Pi-hole [i] The install log is located at: /etc/pihole/install.log Installation Complete! |
スクリプトの途中で設定画面が表示されます。今回は事前に固定IPに設定してあります。
今回は内部ネットワークからのアクセスを全て許可しています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" accept" # firewall-cmd --reload # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.1.0/24" accept |
最後に自動生成されたパスワードが表示されていますのでpi-holeにログインしてみます。
http://192.168.1.3
専用マシンならトラブル無く簡単にインストールできました。
ちなみにこんな感じです
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# df -Th Filesystem Type Size Used Avail Use% Mounted on devtmpfs devtmpfs 978M 0 978M 0% /dev tmpfs tmpfs 994M 612K 993M 1% /dev/shm tmpfs tmpfs 994M 8.7M 985M 1% /run tmpfs tmpfs 994M 0 994M 0% /sys/fs/cgroup /dev/sda3 xfs 27G 1.9G 26G 7% / /dev/sda1 ext4 976M 153M 756M 17% /boot tmpfs tmpfs 199M 0 199M 0% /run/user/0 # top top - 14:00:27 up 3:54, 1 user, load average: 0.00, 0.00, 0.00 Tasks: 190 total, 1 running, 189 sleeping, 0 stopped, 0 zombie %Cpu(s): 5.6 us, 5.6 sy, 0.0 ni, 88.9 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st MiB Mem : 1986.4 total, 1345.7 free, 253.6 used, 387.1 buff/cache MiB Swap: 4096.0 total, 4096.0 free, 0.0 used. 1584.2 avail Mem |