pi-hole-workshop-instructions-using-VM.md

CryptoAUSTRALIA Pi-hole Workshop

Instructions using a virtual machine. This guide was written for the CryptoAUSTRALIA Pi-hole workshop.

This is the version of the workshop if you're using a VM to run Pi-hole. If you have a physical Raspberry Pi device (or similar SBC) use these instructions.

Author: Nick Kavadias (CryptoAUSTRALIA)

Install virtual machine manager and import Raspbian VM

1. Download and Install VirtualBox (Recommended)
2. Alternative, use VMWare Fusion

Download the OVF.

1. We've created a purpose built VM for the workshop so you can try out Pi-hole for yourself.

• VirtualBox: https://s3-ap-southeast-2.amazonaws.com/dl.cryptoaustralia.org.au/workshops/Raspbian.ova?torrent
• VMware Fusion: https://s3-ap-southeast-2.amazonaws.com/dl.cryptoaustralia.org.au/workshops/Raspbian-vmware.ova?torrent

Import and boot the VM

1. From Virtual Machine Manager (VMM), got to File -> Import or File -> Import Appliance and select .ova file downloaded in previous step

2. Click Import. Note: It may take several minutes to complete the VM import.

3. Once complete, you should now have a Linux machine called Raspbian appear in VMM. No need to change the hardware settings. Leave the network configured to use NAT.

4. Click Start in the VMM.

5. You should now be booted straight into Raspbian and have a the Raspbian desktop appear.

6. To check that you have a working system, click on Chromium on the desktop and browse to your favourite website, hopefully it works! If not, you may need to tinker with the NAT settings in VirtualBox to get vm online (change adapter NAT is using?), or proceed with the workshop offline.

• If you've customised NAT in VirtualBox, try changing VM back to using DHCP, you can do this with sudo rasp-config

Note: system username is pi and password raspberry. The Pi-hole web admin password is also raspberry

Running terminal and re-installing Pi-hole

1. Pi-hole is already installed on this VM, but we can easily uninstall and re-install it (only do this step if you've checked in previous step that you're online).

2. The Keyboard layout is set to UK. Easiest way to fix this is to click on the Raspberry in to left hand side and go to Preferences -> Keyboard and Mouse -> Keyboard -> Keyboard Layout

3. Click US under Country and then English (US) under variant. Yes, UK keyboards are weird.

4. Open a new bash terminal and run `

sudo pihole uninstall. The password is raspberry`.

1. Type Y for uninstalling dependencies, you can say N for curl, wget and zip.

2. You have to reset your dns server not to be yourself. Run the following:

   $ sudo su

   # echo "nameserver 8.8.8.8" > /etc/resolv.conf

3. Ready to run the Pi-hole installer, run the following command, as per the Pi-hole website:

   # curl -sSL https://install.pi-hole.net | bash

This command should kick off the automated installer.

1. Once installer starts, you can use arrow keys to navigate and space or enter to accept

2. Ok all the prompts. Pick an upstream DNS provider. This is the upstream provider your Pi-hole will use, from here, you can basically accept all the defaults.

3. Accept changes the network settings to a static IP;

4. accept installing the web admin interface; and

5. accept logging queries.

Post-install configuration

1. (Optional) Change the webadmin password:

# pihole -a -p

note: password currently set to raspberry, we have included it in instructions as its good practice and cannot be done in webadmin gui.

1. If you are curious what other console commands pihole has, try $ pihole -h. Also, -c looks like an interesting switch!

Logging into webadmin

1. Open up Chrome in the VM and visit http://pi.hole/admin (there should be a bookmark for this)

2. If the stats are looking sad, click open another tab an do some browsing, try some websites with lots of ads.

Adding additional blocklists

Add some new lists:

1. There are some great additional block lists you can add over the default. The default blocklists are stored in /etc/pihole/adlists.list.

2. You can use the admin portal to add more lists. On the left hand side of web admin portal menu, go to Settings, then click on the + Pi-hole's block lists.

3. Wally3k maintains a good list of block lists compatible with Pi-hole at https://wally3k.github.io/

4. Consider adding CryptoAUSTRALIA's favourite community-managed block lists

   1. https://hosts-file.net/exp.txt - hpHosts - Websites hosting exploits
   2. https://hosts-file.net/emd.txt - hpHosts - Websites hosting malware
   3. https://hosts-file.net/psh.txt - hpHosts - Phishing websites
   4. https://www.malwaredomainlist.com/hostslist/hosts.txt - Extensive list by Malware Domain List
   5. https://v.firebog.net/hosts/Airelle-hrsk.txt - Airelle's list of phishing domains
   6. https://v.firebog.net/hosts/Shalla-mal.txt - Shalla's Ad and Spyware Blacklists
   7. https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt - Ransomware Tracker - Ransomware C2 server block list (generic)
   8. https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt - Ransomware Tracker - Ransomware C2 server block list (Locky)
   9. https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt - Ransomware Tracker - Ransomware C2 server block list (CryptoWall)
   10. https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt - Ransomware Tracker - Ransomware C2 server block list (TeslaCrypt)
   11. https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt - Ransomware Tracker - Ransomware C2 server block list (TorrentLocker)
   12. http://www.networksec.org/grabbho/block.txt - ThreatExpert.com's malware and adware block list
   13. https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt - DShield.org Suspicious Domain List (Medium-level)
   14. http://someonewhocares.org/hosts/hosts - Dan Pollock's list blocking ads and spyware
   15. https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt - WindowsSpyBlocker - Blocks Windows 10 telemetry domains
   16. https://v.firebog.net/hosts/static/SamsungSmart.txt - Blocks Samsung SmartTV trackers
   17. https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt - Disconnect.me anti-malvertising
   18. https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt - Disconnect.me ad-blocker
   19. https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt - Disconnect.me anti-tracking
   20. https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt - Block YouTube ads
   21. https://v.firebog.net/hosts/Easylist.txt - EasyList - Might be familiar from the uBlock and Adblock browser plugins
   22. http://www.joewein.net/dl/bl/dom-bl.txt - jwSpamSpy - Domains featured in Spam emails

5. Paste the URL into the admin page textbox and wait

Finding out what's been blocked

1. Sometimes you'll find a website is behaving strange. If you think Pi-hole is to blame, you can click Disable -> 5 minutes You can then try reloading the page.

2. You can also look at the query log and then click status & sort by what's been blocked. You can try whitelisting the site by clicking whitelist button and see if that fixes it. If it doesn't, you can then remove the site you just whitelisted by going to Whitelist and removing it.

Poke around

1. Open up terminal and try:

   $ nslookup googleads.g.doubleclick.net

2. Compare previous result to resolving directly against Google's DNS servers:

   $ nslookup googleads.g.doubleclick.net 8.8.8.8

3. Try visiting http://googleads.g.doubleclick.net in a web browser, the web page should be blocked

4. Try visiting http://googleads.g.doubleclick.net/test.js, the JavaScript file should be just one line long

More information

If you are stuck or need more information, tweet CryptoAUSTRALIA on Twitter or ping us on Slack