This is an old revision of the document!
https://github.com/pi-hole/pi-hole
https://discourse.pi-hole.net/t/hardware-software-requirements
https://docs.pi-hole.net/main/prerequesites/
https://discourse.pi-hole.net/t/seven-things-you-may-not-know-about-pi-hole
pihole -up
curl -sSL https://install.pi-hole.net | bash
Change the pihole
user password used to log in to the web interface:
pihole -a -p
Pi-Hole seems to work fine with only port 53 (TCP and UDP) exposed publicly.
Port 80 needs to be open for the web administration.
We use CSF firewall for bastion hosts.
Create an IP list from the last two days:
cat /var/log/pihole.log |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt cat /var/log/pihole.log.1 |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt
RegEx to find IP of attacker of ELDERJUSTICE.GOV:
^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)
vim /usr/local/csf/bin/regex.custom.pm
Insert:
# Pihole if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)/)) { return ("DNS attack from",$1,"mydnsmatch","3","53","604800"); }
vim /etc/csf/csf.conf
Change:
CUSTOM1_LOG = "/var/log/pihole.log"
Reboot needed?