-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathunboundhole.sh
221 lines (209 loc) · 12 KB
/
unboundhole.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
#!/bin/bash
# Filename: unboundhole-auto.sh
# Version: 2.0
# Creation: 17 Nov 2022
# Author: Antag0nisticWomble
BASEDIR="$PWD"
ERROR='\033[1;91m' # -> RED
GOOD='\033[1;92m' # -> GREEN
WARN='\033[1;93m' # -> YELLOW
INFO='\033[1;96m' # -> BLUE
END='\033[0m' # -> DEFAULT
## Shared functions
function whitelist(){
sudo git clone https://github.com/anudeepND/whitelist.git /opt/whitelist/
sudo sed -i '87s/.*/ /' /opt/whitelist/scripts/whitelist.py
cd /opt/whitelist/scripts/ || exit
sudo python3 whitelist.py
}
function gravity_up(){
sudo pihole -g
}
function sysreboot(){
echo -e "$INFO Would you like to reboot the system now? Y/N $END"
read sys_reboot_yn
case $sys_reboot_yn in
[yY])
echo -e "$WARN system rebooting in 10 seconds! $END"
sleep 10
sudo reboot
;;
[nN])
echo -e "$INFO Please restart the script once system has rebooted. $END"
exit 0
;;
esac
}
## Ubuntu
if [ "$(hostnamectl | grep -oE 'Ubuntu')" = 'Ubuntu' ]
then
echo -e "$INFO Ubuntu detected continuing $END"
echo -e "$INFO Is the system fully updated? [Y / N] $END"
read ubuntu_updated_yn
case $ubuntu_updated_yn in
[yY])
sudo apt install curl unbound sqlite3 -y
echo -e " "
wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints
echo -e " "
sudo sed -i '$ a net.core.rmem_max=1048576' /etc/sysctl.conf
wget https://raw.githubusercontent.com/Antag0nisticWomble/UnboundHole/stable/pi-hole.conf -qO- | sudo tee /etc/unbound/unbound.conf
echo -e ""
sudo sed -i '$ a 0 1 * * */7 root /opt/whitelist/scripts/whitelist.py' /etc/crontab
sudo sed -i '$ a 05 01 15 */3 * root wget -O /var/lib/unbound/root.hints https://www.internic.net/domain/named.root' /etc/crontab
sudo sed -i '$ a 10 01 15 */3 * root service unbound restart' /etc/crontab
sudo sed -i '$ a FallbackNTP=194.58.204.20 pool.ntp.org/' /etc/systemd/timesyncd.conf
sudo systemctl enable unbound
sudo systemctl stop unbound
sleep 2
sudo systemctl start unbound
sleep 2
if [ "$(systemctl status unbound | grep -oE 'Active')" = 'Active' ]
then
echo -e "$GOOD Unbound working correctly coninuing $END"
else
echo -e "$ERROR Issue with installation. Please try again $END"
sudo cat /var/log/syslog | grep -i unbound > "$BASEDIR"/unbound.log
exit
fi
sudo curl -sSL https://install.pi-hole.net | sudo PIHOLE_SKIP_OS_CHECK=true bash
sudo systemctl status pihole-FTL
if [ "$(systemctl status pihole-FTL | grep -oE 'Active')" = 'Active' ]
then
echo -e "$GOOD Pihole FTL working correctly coninuing $END"
else
echo -e "$ERROR Issue with pihole-FTL installation. Please try again $END"
sudo cat /var/log/syslog | grep -i pihole-FTL > "$BASEDIR"/pihole-FTL.Log
exit
fi
sudo sed -i 's/cache-size=10000/cache-size=0 /' /etc/dnsmasq.d/01-pihole.conf
sudo sed -i 's/CACHE_SIZE=10000/CACHE_SIZE=0 /' /etc/pihole/setupVars.conf
sudo sed -i '$ a ANALYZE_ONLY_A_AND_AAAA=true' /etc/pihole/pihole-FTL.conf
sudo sed -i '$ a MAXDBDAYS=90' /etc/pihole/pihole-FTL.conf
sudo sed -i '$ a BLOCK_ICLOUD_PR=true' /etc/pihole/pihole-FTL.conf
sudo sed -i '$ a MOZILLA_CANARY=true' /etc/pihole/pihole-FTL.conf
sudo systemctl stop pihole-FTL
sleep 2
sudo systemctl start pihole-FTL
sleep 2
sudo curl -sSL https://raw.githubusercontent.com/Antag0nisticWomble/UnboundHole/stable/adlists.sh | bash
gravity_up
whitelist
sleep 5
if [ "$(dig dnssec-failed.org @127.0.0.1 -p 5335 | grep -oE 'SERVFAIL')" = 'SERVFAIL' ]
then
echo -e "$GOOD Bad signature test passed successfully. $END"
else
echo -e "$ERROR Bad signature test failed. Issue with Unbound installation please report your fault along with the log files generated in $BASEDIR $END"
sudo cat /var/log/syslog | grep -i unbound > $BASEDIR/unbound.log
fi
if [ "$(dig amazon.com @127.0.0.1 -p 5335 | grep -oE 'NOERROR')" = 'NOERROR' ]
then
echo -e "$GOOD Good signature test passed successfully. $END"
else
echo -e "$ERROR Good signature test faied. Issue with Unbound installation please report your fault along with the log files generated in $BASEDIR $END"
sudo cat /var/log/syslog | grep -i unbound > $BASEDIR/unbound.log
exit
fi
echo -e "$WARN Remember to run sudo pihole -a -p to change your password. $END"
echo -e "$GOOD Installation complete. Please reboot.$END"
;;
[nN])
echo -e "$WARN Would you like to upgrade the system now? Y/N $END"
read ubuntu_upgrade_yn
case $ubuntu_upgrade_yn in
[yY])
sudo apt update
sudo apt full-upgrade -y
sudo snap refresh
sysreboot
;;
[nN])
echo -e "$ERROR Please update and reboot system then try again. $END"
exit 0
;;
esac
;;
esac
fi
# Debian
if [ "$(hostnamectl | grep -oE 'Debian')" = 'Debian' ]
then
echo -e "$INFO Debian Detected Proceeding $END"
echo -e "$INFO Is the system fully updated? [Y / N] $END"
read debian_updated_yn
case $debian_updated_yn in
[yY])
sudo apt install curl unbound sqlite3 -y
wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints
echo -e " "
echo -e "$INFO Installing unbound configuration. $END"
sudo sed -i '$ a net.core.rmem_max=1048576' /etc/sysctl.conf
wget https://raw.githubusercontent.com/Antag0nisticWomble/UnboundHole/stable/pi-hole.conf -qO- | sudo tee /etc/unbound/unbound.conf
echo -e ""
sudo sed -i '$ a 0 1 * * */7 root /opt/whitelist/scripts/whitelist.py' /etc/crontab
sudo sed -i '$ a 05 01 15 */3 * root wget -O /var/lib/unbound/root.hints https://www.internic.net/domain/named.root' /etc/crontab
sudo sed -i '$ a 10 01 15 */3 * root service unbound restart' /etc/crontab
sudo sed -i '$ a FallbackNTP=194.58.204.20 pool.ntp.org/' /etc/systemd/timesyncd.conf
sudo systemctl enable unbound
sudo systemctl stop unbound
sleep 2
sudo systemctl start unbound
if [ "$(systemctl status unbound | grep -oE 'Active')" = 'Active' ]
then
echo -e "$GOOD Unbound working correctly coninuing $END"
else
echo -e "$ERROR Issue with installation. Please try again $END"
sudo cat /var/log/syslog | grep -i unbound > "$BASEDIR"/unbound.log
exit
fi
sudo curl -sSL https://install.pi-hole.net | sudo PIHOLE_SKIP_OS_CHECK=true bash
sudo sed -i 's/cache-size=10000/cache-size=0 /' /etc/dnsmasq.d/01-pihole.conf
sudo sed -i 's/CACHE_SIZE=10000/CACHE_SIZE=0 /' /etc/pihole/setupVars.conf
sudo sed -i '$ a ANALYZE_ONLY_A_AND_AAAA=true' /etc/pihole/pihole-FTL.conf
sudo sed -i '$ a MAXDBDAYS=90' /etc/pihole/pihole-FTL.conf
sudo sed -i '$ a BLOCK_ICLOUD_PR=true' /etc/pihole/pihole-FTL.conf
sudo sed -i '$ a MOZILLA_CANARY=true' /etc/pihole/pihole-FTL.conf
sudo systemctl stop pihole-FTL
sleep 2
sudo systemctl start pihole-FTL
sleep 2
sudo curl -sSL https://raw.githubusercontent.com/Antag0nisticWomble/UnboundHole/stable/adlists.sh | bash
gravity_up
whitelist
sleep 5
if [ "$(dig dnssec-failed.org @127.0.0.1 -p 5335 | grep -oE 'SERVFAIL')" = 'SERVFAIL' ]
then
echo -e "$GOOD Bad signature test passed successfully. $END"
else
echo -e "$ERROR Bad signature test failed. Issue with Unbound installation please report your fault along with the log files generated in $BASEDIR $END"
sudo cat /var/log/syslog | grep -i unbound > unbound.log
fi
if [ "$(dig amazon.com @127.0.0.1 -p 5335 | grep -oE 'NOERROR')" = 'NOERROR' ]
then
echo -e "$GOOD Good signature test passed successfully. $END"
else
echo -e "$ERROR Good signature test faied. Issue with Unbound installation please report your fault along with the log files generated in $BASEDIR $END"
sudo cat /var/log/syslog | grep -i unbound > unbound.log
exit
fi
echo -e "$WARN Remember to run sudo pihole -a -p to change your password. $END"
echo -e "$GOOD Installation complete. Please reboot.$END"
;;
[nN])
echo -e "$WARN Would you like to upgrade the system now? Y/N $END"
read debian_upgrade_yn
case $debian_upgrade_yn in
[yY])
sudo apt update
sudo apt full-upgrade -y
sysreboot
;;
[nN])
echo -e "$ERROR Please update and reboot system then try again. $END"
exit 0
;;
esac
;;
esac
fi