Merge pull request #3166 from pi-hole/release/v4.4

Add use-application-dns.net = NXDOMAIN in ProcessDNSSettings rather t…
Add use-application-dns.net = NXDOMAIN in ProcessDNSSettings rather than in the template so we can ensure that it will survive config-renewals.
2020-02-25 20:59:35 +00:00 · 2020-02-25 20:41:35 +00:00 · 2020-02-24 20:16:54 +00:00 · 2020-02-24 20:02:48 +00:00 · 2020-02-24 18:48:03 +00:00 · 2020-02-24 17:38:37 +00:00
30 changed files with 1242 additions and 951 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,4 @@
 # These are supported funding model platforms
 patreon: pihole
 custom: https://pi-hole.net/donate
--- a/README.md
+++ b/README.md
@@ -17,12 +17,12 @@ The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a
 - **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy
 -----
-<a href="https://www.codacy.com/app/Pi-hole/pi-hole?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=pi-hole/pi-hole&amp;utm_campaign=Badge_Grade"><img src="https://api.codacy.com/project/badge/Grade/c558a0f8d7124c99b02b84f0f5564238" alt="Codacy Grade"/></a>
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/c558a0f8d7124c99b02b84f0f5564238)](https://www.codacy.com/app/Pi-hole/pi-hole?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=pi-hole/pi-hole&amp;utm_campaign=Badge_Grade)
-<a href="https://travis-ci.org/pi-hole/pi-hole"><img src="https://travis-ci.org/pi-hole/pi-hole.svg?branch=development" alt="Travis Build Status"/></a>
+[![Build Status](https://travis-ci.org/pi-hole/pi-hole.svg?branch=development)](https://travis-ci.org/pi-hole/pi-hole)
-<a href="https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE"><img src="https://www.bountysource.com/badge/tracker?tracker_id=3011939" alt="BountySource"/></a>
+[![BountySource](https://www.bountysource.com/badge/tracker?tracker_id=3011939)](https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE)
 ## One-Step Automated Install
-Those who want to get started quickly and conveniently, may install Pi-hole using the following command:
+Those who want to get started quickly and conveniently may install Pi-hole using the following command:
 #### `curl -sSL https://install.pi-hole.net | bash`
@@ -46,14 +46,14 @@ sudo bash basic-install.sh
 Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention.
-If your router does not support setting the DNS server, you can [use Pi-hole's built in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available).
+If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available).
 As a last resort, you can always manually set each device to use Pi-hole as their DNS server.
 -----
 ## Pi-hole is free, but powered by your support
-There are many reoccurring costs involved with maintaining free, open source, and privacy respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained.
+There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained.
 Make no mistake: **your support is absolutely vital to help keep us innovating!**
@@ -61,16 +61,13 @@ Make no mistake: **your support is absolutely vital to help keep us innovating!*
 Sending a donation using our links below is **extremely helpful** in offsetting a portion of our monthly expenses:
 - <img src="https://pi-hole.github.io/graphics/Badges/paypal-badge-black.svg" width="24" height="24" alt="PP"/> <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY">Donate via PayPal</a><br/>
- <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>
+- <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin, Bitcoin Cash, Ethereum, Litecoin](https://commerce.coinbase.com/checkout/dd304d04-f324-4a77-931b-0db61c77a41b)
 3MDPzjXu2hjw5sGLJvKUi1uXbvQPzVrbpF</code></br>
 - <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin Cash](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>qzqsz4aju2eecc6uhs7tus4vlwhhela24sdruf4qp5</code></br>
 - <img src="https://pi-hole.github.io/graphics/Badges/ethereum-badge-black.svg" width="24" height="24" alt="BTC"/> [Ethereum](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>0x79d4e90A4a0C732819526c93e21A3F1356A2FAe1</code>
 ### Alternative support
 If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us:
 - [Patreon](https://patreon.com/pihole) _Become a patron for rewards_
 - [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
- [UNIXstickers.com](http://unixstickers.refr.cc/jacobs) _save $5 when you spend $9 using our affiliate link_
+- [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_
 - [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_
 - [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
 - [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_
@@ -82,7 +79,7 @@ We welcome _everyone_ to contribute to issue reports, suggest new features, and
 If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve.
-You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it, and submit a pull request for us to review.
+You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review.
 ### Presentations about Pi-hole
 Word-of-mouth continues to help our project grow immensely, and so we are helping make this easier for people.
@@ -110,7 +107,7 @@ While we are primarily reachable on our <a href="https://discourse.pi-hole.net/"
 ## Breakdown of Features
 ### The Command Line Interface
-The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with understanding of `bash`.
+The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
 <a href="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif"><img src="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif" alt="Pi-hole Blacklist Demo"/></a>
@@ -137,7 +134,7 @@ Some notable features include:
 * Detailed graphs and doughnut charts
 * Top lists of domains and clients
 * A filterable and sortable query log
-* Long Term Statistics to view data over user defined time ranges
+* Long Term Statistics to view data over user-defined time ranges
 * The ability to easily manage and configure Pi-hole features
 * ... and all the main features of the Command Line Interface!
@@ -148,7 +145,7 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t
 3. `http://pi.hole/` (when using Pi-hole as your DNS server)
 ## Faster-than-light Engine
-FTLDNS[™](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
+FTLDNS is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
 Some of the statistics you can integrate include:
 * Total number of domains being blocked
@@ -165,40 +162,46 @@ The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web
 -----
 ## The Origin Of Pi-hole
-Pi-hole being a **advertising-aware DNS/Web server**, makes use of the following technologies:
+Pi-hole being an **advertising-aware DNS/Web server**, makes use of the following technologies:
 * [`dnsmasq`](http://www.thekelleys.org.uk/dnsmasq/doc.html) - a lightweight DNS and DHCP server
 * [`curl`](https://curl.haxx.se) - A command line tool for transferring data with URL syntax
-* [`lighttpd`](https://www.lighttpd.net) - webserver designed and optimized for high performance
+* [`lighttpd`](https://www.lighttpd.net) - web server designed and optimized for high performance
 * [`php`](https://secure.php.net) - a popular general-purpose web scripting language
 * [AdminLTE Dashboard](https://github.com/almasaeed2010/AdminLTE) - premium admin control panel based on Bootstrap 3.x
-While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally setup and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state.
+While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally set up and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state.
 -----
 ## Coverage
- [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/)
+- [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/) (Feburary, 2015)
- [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers)
+- [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) (March, 2015)
- [Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/)
+- [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/) (September, 2015)
- [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole)
+- [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s) (October, 2015)
- [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/)
+- [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m) (December, 2015)
- [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/)
+- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s) (December, 2015)
- [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/)
+- [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d) (December, 2015)
- [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s)
+- [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/) (December, 2015)
- [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m)
+- [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585) (December, 2015)
- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s)
+- [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s) (January, 2016)
- [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d)
+- [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/) (March, 2016)
- [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/)
+- [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s) (March, 2016)
- [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585)
+- [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) (June, 2016)
- [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s)
+- [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) (December, 2016)
- [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/)
+- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole) (July, 2017)
- [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s)
+- [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole) (August, 2017)
- [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI)
+- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) (October, 2017)
- [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/)
+- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) (November, 2017)
- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole)
+- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355) (November, 2017)
- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/)
+- [Hobohouse: Block Advertising on your Network with Pi-hole and Raspberry Pi](https://hobo.house/2018/02/27/block-advertising-with-pi-hole-and-raspberry-pi/) (March, 2018)
- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/)
+- [Scott Helme: Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/) (April, 2018)
- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355)
+- [Scott Helme: Catching and dealing with naughty devices on my home network](https://scotthelme.co.uk/catching-naughty-devices-on-my-home-network/) (April, 2018)
 - [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers) (May, 2018)
 - [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/) (May, 2018)
 - [Raspberry Pi: Block ads at home using Pi-hole and a Raspberry Pi](https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/) (July, 2018)
 - [Troy Hunt: Mmm... Pi-hole...](https://www.troyhunt.com/mmm-pi-hole/) (September, 2018)
 - [PEBKAK Podcast: Interview With Jacob Salmela](https://www.jerseystudios.net/2018/10/11/150-pi-hole/) (October, 2018)
 -----
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -1,13 +1,11 @@
 # Pi-hole: A black hole for Internet advertisements
-# (c) 2015, 2016 by Jacob Salmela
+# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your Raspberry Pi
+# Network-wide ad blocking via your own hardware.
 # http://pi-hole.net
 # dnsmasq config for Pi-hole
 #
-# Pi-hole is free software: you can redistribute it and/or modify
+# Dnsmasq config for Pi-hole's FTLDNS
-# it under the terms of the GNU General Public License as published by
+#
-# the Free Software Foundation, either version 2 of the License, or
+# This file is copyright under the latest version of the EUPL.
-# (at your option) any later version.
+# Please see LICENSE file for your rights under this license.
 ###############################################################################
 #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
@@ -16,8 +14,8 @@
 #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
 #                      /etc/pihole/setupVars.conf                             #
 #                                                                             #
-#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE           #
+#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
-#                        OR IN /etc/dnsmasq.conf                              #
+#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
 ###############################################################################
 addn-hosts=/etc/pihole/gravity.list
@@ -39,7 +37,7 @@ interface=@INT@
 cache-size=10000
-log-queries=extra
+log-queries
 log-facility=/var/log/pihole.log
 local-ttl=2
--- a/advanced/Scripts/chronometer.sh
+++ b/advanced/Scripts/chronometer.sh
@@ -8,6 +8,7 @@
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 LC_ALL=C
 LC_NUMERIC=C
 # Retrieve stats from FTL engine
@@ -243,7 +244,7 @@ get_sys_stats() {
        disk_total="${disk_raw[1]}"
        disk_perc="${disk_raw[2]}"
-        net_gateway=$(route -n | awk '$4 == "UG" {print $2;exit}')
+        net_gateway=$(ip route | grep default | cut -d ' ' -f 3 | head -n 1)
        # Get DHCP stats, if feature is enabled
        if [[ "$DHCP_ACTIVE" == "true" ]]; then
@@ -443,6 +444,9 @@ get_strings() {
 }
 chronoFunc() {
    local extra_arg="$1"
    local extra_value="$2"
    get_init_stats
    for (( ; ; )); do
@@ -460,10 +464,8 @@ chronoFunc() {
        fi
        # Get refresh number
-        if [[ "$*" == *"-r"* ]]; then
+        if [[ "${extra_arg}" = "refresh" ]]; then
-            num="$*"
+            num="${extra_value}"
            num="${num/*-r /}"
            num="${num/ */}"
            num_str="Refresh set for every $num seconds"
        else
            num_str=""
@@ -472,13 +474,13 @@ chronoFunc() {
        clear
        # Remove exit message heading on third refresh
-        if [[ "$count" -le 2 ]] && [[ "$*" != *"-e"* ]]; then
+        if [[ "$count" -le 2 ]] && [[ "${extra_arg}" != "exit" ]]; then
            echo -e " ${COL_LIGHT_GREEN}Pi-hole Chronometer${COL_NC}
            $num_str
            ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC}
            ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
        else
-        echo -e "[0;1;31;91m|¯[0;1;33;93m¯[0;1;32;92m¯[0;1;32;92m(¯[0;1;36;96m)[0;1;34;94m_[0;1;35;95m|[0;1;33;93m¯[0;1;31;91m|_  [0;1;32;92m__[0;1;36;96m_|[0;1;31;91m¯[0;1;34;94m|[0;1;35;95m__[0;1;31;91m_[0m$phc_ver_str[0;1;33;93m| ¯[0;1;32;92m_[0;1;36;96m/¯[0;1;34;94m|[0;1;35;95m_[0;1;31;91m| [0;1;33;93m' [0;1;32;92m\\/ [0;1;36;96m_ [0;1;34;94m\\ [0;1;35;95m/ [0;1;31;91m-[0;1;33;93m_)[0m$lte_ver_str[0;1;32;92m|_[0;1;36;96m| [0;1;34;94m|_[0;1;35;95m| [0;1;33;93m|_[0;1;32;92m||[0;1;36;96m_\\[0;1;34;94m__[0;1;35;95m_/[0;1;31;91m_\\[0;1;33;93m__[0;1;32;92m_|[0m$ftl_ver_str ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
+        echo -e "[0;1;31;91m|¯[0;1;33;93m¯[0;1;32;92m¯[0;1;32;92m(¯[0;1;36;96m)[0;1;34;94m_[0;1;35;95m|[0;1;33;93m¯[0;1;31;91m|_  [0;1;32;92m__[0;1;36;96m_|[0;1;31;91m¯[0;1;34;94m|[0;1;35;95m__[0;1;31;91m_[0m$phc_ver_str\\n[0;1;33;93m| ¯[0;1;32;92m_[0;1;36;96m/¯[0;1;34;94m|[0;1;35;95m_[0;1;31;91m| [0;1;33;93m' [0;1;32;92m\\/ [0;1;36;96m_ [0;1;34;94m\\ [0;1;35;95m/ [0;1;31;91m-[0;1;33;93m_)[0m$lte_ver_str\\n[0;1;32;92m|_[0;1;36;96m| [0;1;34;94m|_[0;1;35;95m| [0;1;33;93m|_[0;1;32;92m||[0;1;36;96m_\\[0;1;34;94m__[0;1;35;95m_/[0;1;31;91m_\\[0;1;33;93m__[0;1;32;92m_|[0m$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
        fi
        printFunc "  Hostname: " "$sys_name" "$host_info"
@@ -520,10 +522,10 @@ chronoFunc() {
        fi
        # Handle exit/refresh options
-        if [[ "$*" == *"-e"* ]]; then
+        if [[ "${extra_arg}" == "exit" ]]; then
            exit 0
        else
-            if [[ "$*" == *"-r"* ]]; then
+            if [[ "${extra_arg}" == "refresh" ]]; then
                sleep "$num"
            else
                sleep 5
@@ -560,12 +562,10 @@ if [[ $# = 0 ]]; then
    chronoFunc
 fi
-for var in "$@"; do
+case "$1" in
-    case "$var" in
+    "-j" | "--json"    ) jsonFunc;;
-        "-j" | "--json"    ) jsonFunc;;
+    "-h" | "--help"    ) helpFunc;;
-        "-h" | "--help"    ) helpFunc;;
+    "-r" | "--refresh" ) chronoFunc refresh "$2";;
-        "-r" | "--refresh" ) chronoFunc "$@";;
+    "-e" | "--exit"    ) chronoFunc exit;;
-        "-e" | "--exit"    ) chronoFunc "$@";;
+    *                  ) helpFunc "?";;
-        *                  ) helpFunc "?";;
+esac
    esac
 done
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -13,6 +13,7 @@ basename=pihole
 piholeDir=/etc/"${basename}"
 whitelist="${piholeDir}"/whitelist.txt
 blacklist="${piholeDir}"/blacklist.txt
 readonly regexlist="/etc/pihole/regex.list"
 reload=false
 addmode=true
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@@ -46,6 +46,12 @@ checkout() {
    local corebranches
    local webbranches
    # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole
    local funcOutput
    funcOutput=$(get_binary_name) #Store output of get_binary_name here
    local binary
    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
    # Avoid globbing
    set -f
@@ -86,7 +92,6 @@ checkout() {
        fi
        #echo -e "  ${TICK} Pi-hole Core"
        get_binary_name
        local path
        path="development/${binary}"
        echo "development" > /etc/pihole/ftlbranch
@@ -100,7 +105,6 @@ checkout() {
            fetch_checkout_pull_branch "${webInterfaceDir}" "master" || { echo "  ${CROSS} Unable to pull Web master branch"; exit 1; }
        fi
        #echo -e "  ${TICK} Web Interface"
        get_binary_name
        local path
        path="master/${binary}"
        echo "master" > /etc/pihole/ftlbranch
@@ -115,7 +119,7 @@ checkout() {
        if [[ "${corebranches[*]}" == *"master"* ]]; then
            echo -e "${OVER}  ${TICK} $str"
-            echo -e "${INFO} ${#corebranches[@]} branches available for Pi-hole Core"
+            echo -e "  ${INFO} ${#corebranches[@]} branches available for Pi-hole Core"
        else
            # Print STDERR output from get_available_branches
            echo -e "${OVER}  ${CROSS} $str\\n\\n${corebranches[*]}"
@@ -142,7 +146,7 @@ checkout() {
        if [[ "${webbranches[*]}" == *"master"* ]]; then
            echo -e "${OVER}  ${TICK} $str"
-            echo -e "${INFO} ${#webbranches[@]} branches available for Web Admin"
+            echo -e "  ${INFO} ${#webbranches[@]} branches available for Web Admin"
        else
            # Print STDERR output from get_available_branches
            echo -e "${OVER}  ${CROSS} $str\\n\\n${webbranches[*]}"
@@ -159,7 +163,6 @@ checkout() {
        fi
        checkout_pull_branch "${webInterfaceDir}" "${2}"
    elif [[ "${1}" == "ftl" ]] ; then
        get_binary_name
        local path
        path="${2}/${binary}"
@@ -167,7 +170,7 @@ checkout() {
            echo "  ${TICK} Branch ${2} exists"
            echo "${2}" > /etc/pihole/ftlbranch
            FTLinstall "${binary}"
-            start_service pihole-FTL
+            restart_service pihole-FTL
            enable_service pihole-FTL
        else
            echo "  ${CROSS} Requested branch \"${2}\" is not available"
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -76,6 +76,7 @@ WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd"
 HTML_DIRECTORY="/var/www/html"
 WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
 #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole"
 SHM_DIRECTORY="/dev/shm"
 # Files required by Pi-hole
 # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684
@@ -108,7 +109,6 @@ FTL_PORT="${RUN_DIRECTORY}/pihole-FTL.port"
 PIHOLE_LOG="${LOG_DIRECTORY}/pihole.log"
 PIHOLE_LOG_GZIPS="${LOG_DIRECTORY}/pihole.log.[0-9].*"
 PIHOLE_DEBUG_LOG="${LOG_DIRECTORY}/pihole_debug.log"
 PIHOLE_DEBUG_LOG_SANITIZED="${LOG_DIRECTORY}/pihole_debug-sanitized.log"
 PIHOLE_FTL_LOG="${LOG_DIRECTORY}/pihole-FTL.log"
 PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log"
@@ -119,7 +119,7 @@ PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
 #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")
 # Store Pi-hole's processes in an array for easy use and parsing
-PIHOLE_PROCESSES=( "dnsmasq" "lighttpd" "pihole-FTL" )
+PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" )
 # Store the required directories in an array so it can be parsed through
 #REQUIRED_DIRECTORIES=("${CORE_GIT_DIRECTORY}"
@@ -208,11 +208,6 @@ log_write() {
 copy_to_debug_log() {
    # Copy the contents of file descriptor 3 into the debug log
    cat /proc/$$/fd/3 > "${PIHOLE_DEBUG_LOG}"
    # Since we use color codes such as '\e[1;33m', they should be removed before being
    # uploaded to our server, since it can't properly display in color
    # This is accomplished by use sed to remove characters matching that patter
    # The entire file is then copied over to a sanitized version of the log
    sed 's/\[[0-9;]\{1,5\}m//g' > "${PIHOLE_DEBUG_LOG_SANITIZED}" <<< cat "${PIHOLE_DEBUG_LOG}"
 }
 initialize_debug() {
@@ -268,6 +263,9 @@ compare_local_version_to_git_version() {
            # The commit they are on
            local remote_commit
            remote_commit=$(git describe --long --dirty --tags --always)
            # Status of the repo
            local local_status
            local_status=$(git status -s)
            # echo this information out to the user in a nice format
            # If the current version matches what pihole -v produces, the user is up-to-date
            if [[ "${remote_version}" == "$(pihole -v | awk '/${search_term}/ {print $6}' | cut -d ')' -f1)" ]]; then
@@ -290,6 +288,16 @@ compare_local_version_to_git_version() {
            fi
            # echo the current commit
            log_write "${INFO} Commit: ${remote_commit}"
            # if `local_status` is non-null, then the repo is not clean, display details here
            if [[ ${local_status} ]]; then
              #Replace new lines in the status with 12 spaces to make the output cleaner
              log_write "${INFO} Status: ${local_status//$'\n'/'\n            '}"
              local local_diff
              local_diff=$(git diff)
              if [[ ${local_diff} ]]; then
                log_write "${INFO} Diff: ${local_diff//$'\n'/'\n          '}"
              fi
            fi
        # If git status failed,
        else
            # Return an error message
@@ -337,8 +345,6 @@ get_program_version() {
    case "${program_name}" in
        "lighttpd") program_version="$(${program_name} -v |& head -n1 | cut -d '/' -f2 | cut -d ' ' -f1)"
                    ;;
        "dnsmasq") program_version="$(${program_name} -v |& head -n1 | awk '{print $3}')"
                    ;;
        "php") program_version="$(${program_name} -v |& head -n1 | cut -d '-' -f1 | cut -d ' ' -f2)"
                ;;
        # If a match is not found, show an error
@@ -358,7 +364,6 @@ get_program_version() {
 # and their versions, using the functions above.
 check_critical_program_versions() {
    # Use the function created earlier and bundle them into one function that checks all the version numbers
    get_program_version "dnsmasq"
    get_program_version "lighttpd"
    get_program_version "php"
 }
@@ -638,18 +643,21 @@ ping_internet() {
 }
 compare_port_to_service_assigned() {
-    local service_name="${1}"
+    local service_name
-    # The programs we use may change at some point, so they are in a varible here
+    local expected_service
-    local resolver="dnsmasq"
+    local port
-    local web_server="lighttpd"
+
-    local ftl="pihole-FTL"
+    service_name="${2}"
-    if [[ "${service_name}" == "${resolver}" ]] || [[ "${service_name}" == "${web_server}" ]] || [[ "${service_name}" == "${ftl}" ]]; then
+    expected_service="${1}"
-        # if port 53 is dnsmasq, show it in green as it's standard
+    port="${3}"
-        log_write "[${COL_GREEN}${port_number}${COL_NC}] is in use by ${COL_GREEN}${service_name}${COL_NC}"
+
    # If the service is a Pi-hole service, highlight it in green
    if [[ "${service_name}" == "${expected_service}" ]]; then
        log_write "[${COL_GREEN}${port}${COL_NC}] is in use by ${COL_GREEN}${service_name}${COL_NC}"
    # Otherwise,
    else
        # Show the service name in red since it's non-standard
-        log_write "[${COL_RED}${port_number}${COL_NC}] is in use by ${COL_RED}${service_name}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_PORTS})"
+        log_write "[${COL_RED}${port}${COL_NC}] is in use by ${COL_RED}${service_name}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_PORTS})"
    fi
 }
@@ -657,7 +665,7 @@ check_required_ports() {
    echo_current_diagnostic "Ports in use"
    # Since Pi-hole needs 53, 80, and 4711, check what they are being used by
    # so we can detect any issues
-    local resolver="dnsmasq"
+    local resolver="pihole-FTL"
    local web_server="lighttpd"
    local ftl="pihole-FTL"
    # Create an array for these ports in use
@@ -682,12 +690,12 @@ check_required_ports() {
            continue
        fi
        # Use a case statement to determine if the right services are using the right ports
-        case "${port_number}" in
+        case "$(echo "$port_number" | rev | cut -d: -f1 | rev)" in
-            53) compare_port_to_service_assigned  "${resolver}"
+            53) compare_port_to_service_assigned  "${resolver}" "${service_name}" 53
                ;;
-            80) compare_port_to_service_assigned  "${web_server}"
+            80) compare_port_to_service_assigned  "${web_server}" "${service_name}" 80
                ;;
-            4711) compare_port_to_service_assigned  "${ftl}"
+            4711) compare_port_to_service_assigned  "${ftl}" "${service_name}" 4711
                ;;
            # If it's not a default port that Pi-hole needs, just print it out for the user to see
            *) log_write "${port_number} ${service_name} (${protocol_type})";
@@ -836,9 +844,13 @@ process_status(){
            local status_of_process
            status_of_process=$(systemctl is-active "${i}")
        else
-            # Otherwise, use the service command
+            # Otherwise, use the service command and mock the output of `systemctl is-active`
            local status_of_process
-            status_of_process=$(service "${i}" status | awk '/Active:/ {print $2}') &> /dev/null
+            if service "${i}" status | grep -E 'is\srunning' &> /dev/null; then
                status_of_process="active"
            else
                status_of_process="inactive"
            fi
        fi
        # and print it out to the user
        if [[ "${status_of_process}" == "active" ]]; then
@@ -907,7 +919,7 @@ parse_file() {
        #shellcheck disable=SC2016
        IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )'
    else
-        read -a file_info <<< $filename
+        read -r -a file_info <<< "$filename"
    fi
    # Set a named variable for better readability
    local file_lines
@@ -974,6 +986,9 @@ list_files_in_dir() {
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" ]] || \
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then
            :
        elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then
            # SHM file - we do not want to see the content, but we want to see the files and their sizes
            log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")"
        else
            # Then, parse the file's content into an array so each line can be analyzed if need be
            for i in "${!REQUIRED_FILES[@]}"; do
@@ -1017,6 +1032,7 @@ show_content_of_pihole_files() {
    show_content_of_files_in_dir "${CRON_D_DIRECTORY}"
    show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}"
    show_content_of_files_in_dir "${LOG_DIRECTORY}"
    show_content_of_files_in_dir "${SHM_DIRECTORY}"
 }
 head_tail_log() {
@@ -1127,20 +1143,20 @@ analyze_pihole_log() {
    IFS="$OLD_IFS"
 }
-tricorder_use_nc_or_ssl() {
+tricorder_use_nc_or_curl() {
-    # Users can submit their debug logs using nc (unencrypted) or openssl (enrypted) if available
+    # Users can submit their debug logs using nc (unencrypted) or curl (encrypted) if available
-    # Check for openssl first since encryption is a good thing
+    # Check for curl first since encryption is a good thing
-    if command -v openssl &> /dev/null; then
+    if command -v curl &> /dev/null; then
        # If the command exists,
-        log_write "    * Using ${COL_GREEN}openssl${COL_NC} for transmission."
+        log_write "    * Using ${COL_GREEN}curl${COL_NC} for transmission."
-        # encrypt and transmit the log and store the token returned in a variable
+        # transmit he log via TLS and store the token returned in a variable
-        tricorder_token=$(< ${PIHOLE_DEBUG_LOG_SANITIZED} openssl s_client -quiet -connect tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER} 2> /dev/null)
+        tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER})
    # Otherwise,
    else
        # use net cat
        log_write "${INFO} Using ${COL_YELLOW}netcat${COL_NC} for transmission."
        # Save the token returned by our server in a variable
-        tricorder_token=$(< ${PIHOLE_DEBUG_LOG_SANITIZED} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
+        tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
    fi
 }
@@ -1166,7 +1182,7 @@ upload_to_tricorder() {
        # let the user know
        log_write "${INFO} Debug script running in automated mode"
        # and then decide again which tool to use to submit it
-        tricorder_use_nc_or_ssl
+        tricorder_use_nc_or_curl
        # If we're not running in automated mode,
    else
        echo ""
@@ -1175,7 +1191,7 @@ upload_to_tricorder() {
        read -r -p "[?] Would you like to upload the log? [y/N] " response
        case ${response} in
            # If they say yes, run our function for uploading the log
-            [yY][eE][sS]|[yY]) tricorder_use_nc_or_ssl;;
+            [yY][eE][sS]|[yY]) tricorder_use_nc_or_curl;;
            # If they choose no, just exit out of the script
            *) log_write "    * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.";exit;
        esac
@@ -1202,7 +1218,7 @@ upload_to_tricorder() {
        log_write "   * Please try again or contact the Pi-hole team for assistance."
    fi
    # Finally, show where the log file is no matter the outcome of the function so users can look at it
-    log_write "   * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG_SANITIZED}${COL_NC}\\n"
+    log_write "   * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n"
 }
 # Run through all the functions we made
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -58,6 +58,8 @@ else
    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
    deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1")
    # Restart pihole-FTL to force reloading history
    sudo pihole restartdns
 fi
 if [[ "$@" != *"quiet"* ]]; then
--- a/advanced/Scripts/query.sh
+++ b/advanced/Scripts/query.sh
@@ -54,7 +54,7 @@ scanList(){
    # /dev/null forces filename to be printed when only one list has been generated
    # shellcheck disable=SC2086
    case "${type}" in
-        "exact" ) grep -i -E -l "(^|\\s)${domain}($|\\s|#)" ${lists} /dev/null 2>/dev/null;;
+        "exact" ) grep -i -E "(^|\\s)${domain}($|\\s|#)" ${lists} /dev/null 2>/dev/null;;
        "wc"    ) grep -i -o -m 1 "/${domain}/" ${lists} 2>/dev/null;;
        *       ) grep -i "${domain}" ${lists} /dev/null 2>/dev/null;;
    esac
@@ -157,6 +157,20 @@ lists=("$(cd "$piholeDir" || exit 0; printf "%s\\n" -- *.domains | sort -V)")
 # Query blocklists for occurences of domain
 mapfile -t results <<< "$(scanList "${domainQuery}" "${lists[*]}" "${exact}")"
 # Remove unwanted content from $results
 # Each line in $results is formatted as such: [fileName]:[line]
 # 1. Delete lines starting with #
 # 2. Remove comments after domain
 # 3. Remove hosts format IP address
 # 4. Remove any lines that no longer contain the queried domain name (in case the matched domain name was in a comment)
 esc_domain="${domainQuery//./\\.}"
 mapfile -t results <<< "$(IFS=$'\n'; sed \
 	-e "/:#/d" \
 	-e "s/[ \\t]#.*//g" \
 	-e "s/:.*[ \\t]/:/g" \
 	-e "/${esc_domain}/!d" \
 	<<< "${results[*]}")"
 # Handle notices
 if [[ -z "${wbMatch:-}" ]] && [[ -z "${wcMatch:-}" ]] && [[ -z "${results[*]}" ]]; then
    echo -e "  ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the block lists"
@@ -170,20 +184,6 @@ elif [[ -z "${all}" ]] && [[ "${#results[*]}" -ge 100 ]]; then
    exit 0
 fi
 # Remove unwanted content from non-exact $results
 if [[ -z "${exact}" ]]; then
    # Delete lines starting with #
    # Remove comments after domain
    # Remove hosts format IP address
    mapfile -t results <<< "$(IFS=$'\n'; sed \
        -e "/:#/d" \
        -e "s/[ \\t]#.*//g" \
        -e "s/:.*[ \\t]/:/g" \
        <<< "${results[*]}")"
    # Exit if result was in a comment
    [[ -z "${results[*]}" ]] && exit 0
 fi
 # Get adlist file content as array
 if [[ -n "${adlist}" ]] || [[ -n "${blockpage}" ]]; then
    for adlistUrl in $(< "${adListsList}"); do
--- a/advanced/Scripts/update.sh
+++ b/advanced/Scripts/update.sh
@@ -31,7 +31,6 @@ source "/opt/pihole/COL_TABLE"
 # make_repo() sourced from basic-install.sh
 # update_repo() source from basic-install.sh
 # getGitFiles() sourced from basic-install.sh
 # get_binary_name() sourced from basic-install.sh
 # FTLcheckUpdate() sourced from basic-install.sh
 GitCheckUpdateAvail() {
@@ -129,7 +128,12 @@ main() {
        fi
    fi
-    if FTLcheckUpdate > /dev/null; then
+    local funcOutput
    funcOutput=$(get_binary_name) #Store output of get_binary_name here
    local binary
    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
    if FTLcheckUpdate "${binary}" > /dev/null; then
        FTL_update=true
        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
    else
@@ -146,6 +150,20 @@ main() {
        FTL_update=false
    fi
    # Determine FTL branch
    local ftlBranch
    if [[ -f "/etc/pihole/ftlbranch" ]]; then
        ftlBranch=$(</etc/pihole/ftlbranch)
    else
        ftlBranch="master"
    fi
    if [[ ! "${ftlBranch}" == "master" && ! "${ftlBranch}" == "development" ]]; then
        # Notify user that they are on a custom branch which might mean they they are lost
        # behind if a branch was merged to development and got abandoned
        printf "  %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}" "${ftlBranch}"
    fi
    if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then
        echo ""
        echo -e "  ${TICK} Everything is up to date!"
@@ -180,6 +198,14 @@ main() {
        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \
        echo -e "${basicError}" && exit 1
    fi
    if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then
        # Force an update of the updatechecker
        /opt/pihole/updatecheck.sh
        /opt/pihole/updatecheck.sh x remote
        echo -e "  ${INFO} Local version file information updated."
    fi
    echo ""
    exit 0
 }
--- a/advanced/Scripts/updatecheck.sh
+++ b/advanced/Scripts/updatecheck.sh
@@ -34,33 +34,58 @@ function get_local_branch() {
 function get_local_version() {
    # Return active branch
    cd "${1}" 2> /dev/null || return 1
-    git describe --long --dirty --tags || return 1
+    git describe --long --dirty --tags 2> /dev/null || return 1
 }
 # Source the setupvars config file
 # shellcheck disable=SC1091
 . /etc/pihole/setupVars.conf
 if [[ "$2" == "remote" ]]; then
    if [[ "$3" == "reboot" ]]; then
        sleep 30
    fi
-    GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
+    GITHUB_VERSION_FILE="/etc/pihole/GitHubVersions"
    GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
    GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
-    echo -n "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions"
+    GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
    echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
        echo -n " ${GITHUB_WEB_VERSION}" >> "${GITHUB_VERSION_FILE}"
    fi
    GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
    echo -n " ${GITHUB_FTL_VERSION}" >> "${GITHUB_VERSION_FILE}"
 else
-    CORE_BRANCH="$(get_local_branch /etc/.pihole)"
+    LOCAL_BRANCH_FILE="/etc/pihole/localbranches"
    WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
    FTL_BRANCH="$(pihole-FTL branch)"
-    echo -n "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches"
+    CORE_BRANCH="$(get_local_branch /etc/.pihole)"
    echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
        echo -n " ${WEB_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
    fi
    FTL_BRANCH="$(pihole-FTL branch)"
    echo -n " ${FTL_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
    LOCAL_VERSION_FILE="/etc/pihole/localversions"
    CORE_VERSION="$(get_local_version /etc/.pihole)"
-    WEB_VERSION="$(get_local_version /var/www/html/admin)"
+    echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
    FTL_VERSION="$(pihole-FTL version)"
-    echo -n "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions"
+    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        WEB_VERSION="$(get_local_version /var/www/html/admin)"
        echo -n " ${WEB_VERSION}" >> "${LOCAL_VERSION_FILE}"
    fi
    FTL_VERSION="$(pihole-FTL version)"
    echo -n " ${FTL_VERSION}" >> "${LOCAL_VERSION_FILE}"
 fi
--- a/advanced/Scripts/version.sh
+++ b/advanced/Scripts/version.sh
@@ -136,8 +136,16 @@ errorOutput() {
 }
 defaultOutput() {
    # Source the setupvars config file
    # shellcheck disable=SC1091
    source /etc/pihole/setupVars.conf
    versionOutput "pi-hole" "$@"
-    versionOutput "AdminLTE" "$@"
+
    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        versionOutput "AdminLTE" "$@"
    fi
    versionOutput "FTL" "$@"
 }
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -16,6 +16,7 @@ readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf"
 readonly FTLconf="/etc/pihole/pihole-FTL.conf"
 # 03 -> wildcards
 readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf"
 readonly PI_HOLE_BIN_DIR="/usr/local/bin"
 coltable="/opt/pihole/COL_TABLE"
 if [[ -f ${coltable} ]]; then
@@ -36,7 +37,7 @@ Options:
  -e, email           Set an administrative contact address for the Block Page
  -h, --help          Show this help dialog
  -i, interface       Specify dnsmasq's interface listening behavior
-  -l, privacylevel    Set privacy level (0 = lowest, 3 = highest)"
+  -l, privacylevel    Set privacy level (0 = lowest, 4 = highest)"
    exit 0
 }
@@ -110,7 +111,7 @@ SetWebPassword() {
        # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed.
        # So we reset the terminal via stty if the user does press Ctrl+C
        trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT
-        read -s -p "Enter New Password (Blank for no password): " PASSWORD
+        read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
        echo ""
    if [ "${PASSWORD}" == "" ]; then
@@ -119,12 +120,13 @@ SetWebPassword() {
        exit 0
    fi
-    read -s -p "Confirm Password: " CONFIRM
+    read -s -r -p "Confirm Password: " CONFIRM
    echo ""
    fi
    if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
-        hash=$(HashPassword "${PASSWORD}")
+        # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax
        hash=$(HashPassword "$PASSWORD")
        # Save hash to file
        change_setting "WEBPASSWORD" "${hash}"
        echo -e "  ${TICK} New password set"
@@ -209,6 +211,11 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
        add_dnsmasq_setting "server=/${CONDITIONAL_FORWARDING_DOMAIN}/${CONDITIONAL_FORWARDING_IP}"
        add_dnsmasq_setting "server=/${CONDITIONAL_FORWARDING_REVERSE}/${CONDITIONAL_FORWARDING_IP}"
    fi
    # Prevent Firefox from automatically switching over to DNS-over-HTTPS
    # This follows https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
    # (sourced 7th September 2019)
    add_dnsmasq_setting "server=/use-application-dns.net/"
 }
 SetDNSServers() {
@@ -273,7 +280,7 @@ Reboot() {
 }
 RestartDNS() {
-    /usr/local/bin/pihole restartdns
+    "${PI_HOLE_BIN_DIR}"/pihole restartdns
 }
 SetQueryLogOptions() {
@@ -326,6 +333,12 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
        echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
    fi
    # Sourced from setupVars
    # shellcheck disable=SC2154
    if [[ "${DHCP_rapid_commit}" == "true" ]]; then
        echo "dhcp-rapid-commit" >> "${dhcpconfig}"
    fi
    if [[ "${DHCP_IPv6}" == "true" ]]; then
        echo "#quiet-dhcp6
 #enable-ra
@@ -350,11 +363,20 @@ EnableDHCP() {
    change_setting "DHCP_LEASETIME" "${args[5]}"
    change_setting "PIHOLE_DOMAIN" "${args[6]}"
    change_setting "DHCP_IPv6" "${args[7]}"
    change_setting "DHCP_rapid_commit" "${args[8]}"
    # Remove possible old setting from file
    delete_dnsmasq_setting "dhcp-"
    delete_dnsmasq_setting "quiet-dhcp"
    # If a DHCP client claims that its name is "wpad", ignore that.
    # This fixes a security hole. see CERT Vulnerability VU#598349
    # We also ignore "localhost" as Windows behaves strangely if a
    # device claims this host name
    add_dnsmasq_setting "dhcp-name-match=set:hostname-ignore,wpad
 dhcp-name-match=set:hostname-ignore,localhost
 dhcp-ignore-names=tag:hostname-ignore"
    ProcessDHCPSettings
    RestartDNS
@@ -522,17 +544,27 @@ Interfaces:
 Teleporter() {
    local datetimestamp=$(date "+%Y-%m-%d_%H-%M-%S")
-    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.zip"
+    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.tar.gz"
 }
-audit()
+addAudit()
 {
-    echo "${args[2]}" >> /etc/pihole/auditlog.list
+    shift # skip "-a"
    shift # skip "audit"
    for var in "$@"
    do
        echo "${var}" >> /etc/pihole/auditlog.list
    done
 }
 clearAudit()
 {
    echo -n "" > /etc/pihole/auditlog.list
 }
 SetPrivacyLevel() {
-    # Set privacy level. Minimum is 0, maximum is 3
+    # Set privacy level. Minimum is 0, maximum is 4
-    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then
+    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 4 ]; then
        changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
    fi
 }
@@ -565,7 +597,8 @@ main() {
        "-i" | "interface"    ) SetListeningMode "$@";;
        "-t" | "teleporter"   ) Teleporter;;
        "adlist"              ) CustomizeAdLists;;
-        "audit"               ) audit;;
+        "audit"               ) addAudit "$@";;
        "clearaudit"          ) clearAudit;;
        "-l" | "privacylevel" ) SetPrivacyLevel;;
        *                     ) helpFunc;;
    esac
--- a/advanced/Templates/pihole-FTL.conf
+++ b/advanced/Templates/pihole-FTL.conf
@@ -1,84 +0,0 @@
 ### This file contains parameters for FTL behavior.
 ### At install, all parameters are commented out. The user can select desired options.
 ### Options shown are the default configuration. No modification is needed for most
 ### installations.
 ### Visit https://docs.pi-hole.net/ftldns/configfile/ for more detailed parameter explanations
 ## Socket Listening
 ## Listen only for local socket connections or permit all connections
 ## Options: localonly, all
 #SOCKET_LISTENING=localonly
 ## Query Display
 ## Display all queries? Set to no to hide query display
 ## Options: yes, no
 #QUERY_DISPLAY=yes
 ## AAA Query Analysis
 ## Allow FTL to analyze AAAA queries from pihole.log?
 ## Options: yes, no
 #AAAA_QUERY_ANALYSIS=yes
 ## Resolve IPv6
 ## Should FTL try to resolve IPv6 addresses to host names?
 ## Options: yes, no
 #RESOLVE_IPV6=yes
 ## Resolve IPv4
 ## Should FTL try to resolve IPv4 addresses to host names?
 ## Options: yes, no
 #RESOLVE_IPV4=yes
 ## Max Database Days
 ## How long should queries be stored in the database (days)?
 ## Setting this to 0 disables the database
 ## See: https://docs.pi-hole.net/ftldns/database/
 ## Options: number of days
 #MAXDBDAYS=365
 ## Database Interval
 ## How often do we store queries in FTL's database (minutes)?
 ## See: https://docs.pi-hole.net/ftldns/database/
 ## Options: number of minutes
 #DBINTERVAL=1.0
 ## Database File
 ## Specify path and filename of FTL's SQLite3 long-term database.
 ## Setting this to DBFILE= disables the database altogether
 ## See: https://docs.pi-hole.net/ftldns/database/
 ## Option: path to db file
 #DBFILE=/etc/pihole/pihole-FTL.db
 ## Max Log Age
 ## Up to how many hours of queries should be imported from the database and logs (hours)?
 ## Maximum is 744 (31 days)
 ## Options: number of days
 #MAXLOGAGE=24.0
 ## FTL Port
 ## On which port should FTL be listening?
 ## Options: tcp port
 #FTLPORT=4711
 ## Privacy Level
 ## Which privacy level is used?
 ## See: https://docs.pi-hole.net/ftldns/privacylevels/
 ## Options: 0, 1, 2, 3
 #PRIVACYLEVEL=0
 ## Ignore Localhost
 ## Should FTL ignore queries coming from the local machine?
 ## Options: yes, no
 #IGNORE_LOCALHOST=no
 ## Blocking Mode
 ## How should FTL reply to blocked queries?
 ## See: https://docs.pi-hole.net/ftldns/blockingmode/
 ## Options: NULL, IP-AAAA-NODATA, IP, NXDOMAIN
 #BLOCKINGMODE=NULL
 ## Regex Debug Mode
 ## Controls if FTLDNS should print extended details about regex matching into pihole-FTL.log.
 ## See: https://docs.pi-hole.net/ftldns/regex/overview/
 ## Options: true, false
 #REGEX_DEBUGMODE=false
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -13,7 +13,14 @@ FTLUSER=pihole
 PIDFILE=/var/run/pihole-FTL.pid
 get_pid() {
-    pidof "pihole-FTL"
+    # First, try to obtain PID from PIDFILE
    if [ -s "${PIDFILE}" ]; then
        cat "${PIDFILE}"
        return
    fi
    # If the PIDFILE is empty or not available, obtain the PID using pidof
    pidof "pihole-FTL" | awk '{print $(NF)}'
 }
 is_running() {
@@ -26,17 +33,28 @@ start() {
  if is_running; then
    echo "pihole-FTL is already running"
  else
-    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    # Touch files to ensure they exist (create if non-existing, preserve if existing)
    touch /var/log/pihole-FTL.log /var/log/pihole.log
    touch /run/pihole-FTL.pid /run/pihole-FTL.port
    touch /etc/pihole/dhcp.leases
    mkdir -p /var/run/pihole
    mkdir -p /var/log/pihole
    chown pihole:pihole /var/run/pihole /var/log/pihole
    # Remove possible leftovers from previous pihole-FTL processes
    rm -f /dev/shm/FTL-* 2> /dev/null
    rm /var/run/pihole/FTL.sock 2> /dev/null
-    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port
+    # Ensure that permissions are set so that pihole-FTL can edit all necessary files
-    chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
+    chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port
    chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null
    chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log
    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
    setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"
    echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL
-    su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
+    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"; then
      su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
    else
      echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
      pihole-FTL
    fi
    echo
  fi
 }
@@ -78,7 +96,7 @@ status() {
    echo "[    ] pihole-FTL is not running"
    exit 1
  fi
-}  
+}
 ### main logic ###
--- a/advanced/Templates/pihole.cron
+++ b/advanced/Templates/pihole.cron
@@ -16,7 +16,9 @@
 # Pi-hole: Update the ad sources once a week on Sunday at a random time in the
 #          early morning. Download any updates from the adlists
-59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity
+#          Squash output to log, then splat the log to stdout on error to allow for
 #          standard crontab job error handling.
 59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available
--- a/advanced/bash-completion/pihole
+++ b/advanced/bash-completion/pihole
@@ -56,7 +56,7 @@ _pihole() {
 		;;
 		"privacylevel")
 			if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then
-				opts_privacy="0 1 2 3"
+				opts_privacy="0 1 2 3 4"
 				COMPREPLY=( $(compgen -W "${opts_privacy}" -- ${cur}) )
 			else 
 				return 1
--- a/advanced/index.php
+++ b/advanced/index.php
@@ -8,6 +8,8 @@
 // Sanitise HTTP_HOST output
 $serverName = htmlspecialchars($_SERVER["HTTP_HOST"]);
 // Remove external ipv6 brackets if any
 $serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
 if (!is_file("/etc/pihole/setupVars.conf"))
  die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");
@@ -38,13 +40,6 @@ $validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");
 // Get extension of current URL
 $currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION);
 // Check if this is served over HTTP or HTTPS
 if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
    $proto = "https";
 } else {
    $proto = "http";
 }
 // Set mobile friendly viewport
 $viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>';
@@ -227,10 +222,10 @@ setHeader();
  <?=$viewPort ?>
  <meta name="robots" content="noindex,nofollow"/>
  <meta http-equiv="x-dns-prefetch-control" content="off">
-  <link rel="shortcut icon" href="<?=$proto ?>://pi.hole/admin/img/favicon.png" type="image/x-icon"/>
+  <link rel="shortcut icon" href="//pi.hole/admin/img/favicon.png" type="image/x-icon"/>
-  <link rel="stylesheet" href="<?=$proto ?>://pi.hole/pihole/blockingpage.css" type="text/css"/>
+  <link rel="stylesheet" href="//pi.hole/pihole/blockingpage.css" type="text/css"/>
  <title>● <?=$serverName ?></title>
-  <script src="<?=$proto ?>://pi.hole/admin/scripts/vendor/jquery.min.js"></script>
+  <script src="//pi.hole/admin/scripts/vendor/jquery.min.js"></script>
  <script>
    window.onload = function () {
      <?php
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -27,7 +27,7 @@ server.modules = (
 )
 server.document-root        = "/var/www/html"
-server.error-handler-404    = "pihole/index.php"
+server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"
@@ -44,9 +44,18 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 compress.cache-dir          = "/var/cache/lighttpd/compress/"
 compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
 mimetype.assign   = ( ".png"  => "image/png",
                      ".jpg"  => "image/jpeg",
                      ".jpeg" => "image/jpeg",
                      ".html" => "text/html",
                      ".css" => "text/css; charset=utf-8",
                      ".js" => "application/javascript",
                      ".json" => "application/json",
                      ".txt"  => "text/plain",
                      ".svg"  => "image/svg+xml" )
 # default listening port for IPv6 falls back to the IPv4 port
 include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
 include_shell "/usr/share/lighttpd/create-mime.assign.pl"
 # Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
 #include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
@@ -72,4 +81,5 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
 }
 # Add user chosen options held in external file
 # This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -28,7 +28,7 @@ server.modules = (
 )
 server.document-root        = "/var/www/html"
-server.error-handler-404    = "pihole/index.php"
+server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"
@@ -90,4 +90,5 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
 }
 # Add user chosen options held in external file
 # This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"
--- a/install/basic-install.sh
+++ b/install/basic-install.sh
--- a/install/uninstall.sh
+++ b/install/uninstall.sh
@@ -55,13 +55,13 @@ fi
 # Compatability
 if [ -x "$(command -v apt-get)" ]; then
    # Debian Family
-    PKG_REMOVE="${PKG_MANAGER} -y remove --purge"
+    PKG_REMOVE=("${PKG_MANAGER}" -y remove --purge)
    package_check() {
        dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
    }
 elif [ -x "$(command -v rpm)" ]; then
    # Fedora Family
-    PKG_REMOVE="${PKG_MANAGER} remove -y"
+    PKG_REMOVE=("${PKG_MANAGER}" remove -y)
    package_check() {
        rpm -qa | grep "^$1-" > /dev/null
    }
@@ -80,7 +80,7 @@ removeAndPurge() {
                case ${yn} in
                    [Yy]* )
                        echo -ne "  ${INFO} Removing ${i}...";
-                        ${SUDO} "${PKG_REMOVE} ${i}" &> /dev/null;
+                        ${SUDO} "${PKG_REMOVE[@]}" "${i}" &> /dev/null;
                        echo -e "${OVER}  ${INFO} Removed ${i}";
                        break;;
                    [Nn]* ) echo -e "  ${INFO} Skipped ${i}"; break;;
@@ -106,7 +106,7 @@ removeNoPurge() {
    ${SUDO} rm -rf /var/www/html/pihole &> /dev/null
    ${SUDO} rm -f /var/www/html/index.lighttpd.orig &> /dev/null
-    # If the web directory is empty after removing these files, then the parent html folder can be removed.
+    # If the web directory is empty after removing these files, then the parent html directory can be removed.
    if [ -d "/var/www/html" ]; then
        if [[ ! "$(ls -A /var/www/html)" ]]; then
            ${SUDO} rm -rf /var/www/html &> /dev/null
@@ -131,14 +131,16 @@ removeNoPurge() {
        echo -e "  ${TICK} Removed /etc/cron.d/pihole"
    fi
-    package_check lighttpd > /dev/null
+    if package_check lighttpd > /dev/null; then
-    if [[ $? -eq 1 ]]; then
+        if [[ -f /etc/lighttpd/lighttpd.conf.orig ]]; then
        ${SUDO} rm -rf /etc/lighttpd/ &> /dev/null
        echo -e "  ${TICK} Removed lighttpd"
    else
        if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then
            ${SUDO} mv /etc/lighttpd/lighttpd.conf.orig /etc/lighttpd/lighttpd.conf
        fi
        if [[ -f /etc/lighttpd/external.conf ]]; then
            ${SUDO} rm /etc/lighttpd/external.conf
        fi
        echo -e "  ${TICK} Removed lighttpd configs"
    fi
    ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null
--- a/gravity.sh
+++ b/gravity.sh
@@ -68,11 +68,35 @@ else
  exit 1
 fi
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
 if [[ -f "${pihole_FTL}" ]]; then
  source "${pihole_FTL}"
 fi
 if [[ -z "${BLOCKINGMODE}" ]] ; then
  BLOCKINGMODE="NULL"
 fi
 # Determine if superseded pihole.conf exists
 if [[ -r "${piholeDir}/pihole.conf" ]]; then
  echo -e "  ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}"
 fi
 # Determine if Pi-hole blocking is disabled
 # If this is the case, we want to update
 #  gravity.list.bck and black.list.bck instead of
 #  gravity.list and black.list
 detect_pihole_blocking_status() {
  if [[ "${BLOCKING_ENABLED}" == false ]]; then
    echo -e "  ${INFO} Pi-hole blocking is disabled"
    adList="${adList}.bck"
    blackList="${blackList}.bck"
  else
    echo -e "  ${INFO} Pi-hole blocking is enabled"
  fi
 }
 # Determine if DNS resolution is available before proceeding
 gravity_CheckDNSResolutionAvailable() {
  local lookupDomain="pi.hole"
@@ -182,7 +206,7 @@ gravity_SetDownloadOptions() {
    activeDomains[$i]="${saveLocation}"
    # Default user-agent (for Cloudflare's Browser Integrity Check: https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-)
-    agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36"
+    agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
    # Provide special commands for blocklists which may need them
    case "${domain}" in
@@ -216,6 +240,39 @@ gravity_DownloadBlocklistFromUrl() {
  str="Status:"
  echo -ne "  ${INFO} ${str} Pending..."
  blocked=false
  case $BLOCKINGMODE in
    "IP-NODATA-AAAA"|"IP")
        if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then
          blocked=true
        fi;;
    "NXDOMAIN")
        if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
          blocked=true
        fi;;
    "NULL"|*)
        if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
          blocked=true
        fi;;
   esac
  if [[ "${blocked}" == true ]]; then
    printf -v ip_addr "%s" "${PIHOLE_DNS_1%#*}"
    if [[ ${PIHOLE_DNS_1} != *"#"* ]]; then
        port=53
    else
        printf -v port "%s" "${PIHOLE_DNS_1#*#}"
    fi
    ip=$(dig "@${ip_addr}" -p "${port}" +short "${domain}" | tail -1)
    if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then
      port=443;
    else port=80
    fi
    bad_list=$(pihole -q -adlist "${domain}" | head -n1 | awk -F 'Match found in ' '{print $2}')
    echo -e "${OVER}  ${CROSS} ${str} ${domain} is blocked by ${bad_list%:}. Using DNS on ${PIHOLE_DNS_1} to download ${url}";
    echo -ne "  ${INFO} ${str} Pending..."
    cmd_ext="--resolve $domain:$port:$ip $cmd_ext"
  fi
  # shellcheck disable=SC2086
  httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null)
@@ -296,46 +353,7 @@ gravity_ParseFileIntoDomains() {
  # Determine how to parse individual source file formats
  if [[ "${firstLine,,}" =~ (adblock|ublock|^!) ]]; then
    # Compare $firstLine against lower case words found in Adblock lists
-    echo -ne "  ${INFO} Format: Adblock"
+    echo -e "  ${CROSS} Format: Adblock (list type not supported)"
    # Define symbols used as comments: [!
    # "||.*^" includes the "Example 2" domains we can extract
    # https://adblockplus.org/filter-cheatsheet
    abpFilter="/^(\\[|!)|^(\\|\\|.*\\^)/"
    # Parse Adblock lists by extracting "Example 2" domains
    # Logic: Ignore lines which do not include comments or domain name anchor
    awk ''"${abpFilter}"' {
      # Remove valid adblock type options
      gsub(/\$?~?(important|third-party|popup|subdocument|websocket),?/, "", $0)
      # Remove starting domain name anchor "||" and ending seperator "^"
      gsub(/^(\|\|)|(\^)/, "", $0)
      # Remove invalid characters (*/,=$)
      if($0 ~ /[*\/,=\$]/) { $0="" }
      # Remove lines which are only IPv4 addresses
      if($0 ~ /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) { $0="" }
      if($0) { print $0 }
    }' "${source}" > "${destination}"
    # Determine if there are Adblock exception rules
    # https://adblockplus.org/filters
    if grep -q "^@@||" "${source}" &> /dev/null; then
      # Parse Adblock lists by extracting exception rules
      # Logic: Ignore lines which do not include exception format "@@||example.com^"
      awk -F "[|^]" '/^@@\|\|.*\^/ {
        # Remove valid adblock type options
        gsub(/\$?~?(third-party)/, "", $0)
        # Remove invalid characters (*/,=$)
        if($0 ~ /[*\/,=\$]/) { $0="" }
        if($3) { print $3 }
      }' "${source}" > "${destination}.exceptionsFile.tmp"
      # Remove exceptions
      comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}"
      mv "${source}" "${destination}"
    fi
    echo -e "${OVER}  ${TICK} Format: Adblock"
  elif grep -q "^address=/" "${source}" &> /dev/null; then
    # Parse Dnsmasq format lists
    echo -e "  ${CROSS} Format: Dnsmasq (list type not supported)"
@@ -464,7 +482,7 @@ gravity_ShowBlockCount() {
  fi
  if [[ -f "${regexFile}" ]]; then
-    num=$(grep -c "^(?!#)" "${regexFile}")
+    num=$(grep -cv "^#" "${regexFile}")
    echo -e "  ${INFO} Number of regex filters: ${num}"
  fi
 }
@@ -522,7 +540,7 @@ gravity_ParseBlacklistDomains() {
    mv "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}"
  else
    # There was no whitelist file, so use preEventHorizon instead of whitelistMatter.
-    mv "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
+    cp "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
  fi
  # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it
@@ -621,6 +639,8 @@ if [[ "${forceDelete:-}" == true ]]; then
  echo -e "${OVER}  ${TICK} ${str}"
 fi
 detect_pihole_blocking_status
 # Determine which functions to run
 if [[ "${skipDownload}" == false ]]; then
  # Gravity needs to download blocklists
--- a/manpages/pihole-FTL.conf.5
+++ b/manpages/pihole-FTL.conf.5
@@ -64,7 +64,7 @@ pihole-FTL.conf - FTL's config file
    On which port should FTL be listening?
 .br
-\fBPRIVACYLEVEL=0|1|2|3\fR
+\fBPRIVACYLEVEL=0|1|2|3|4\fR
 .br
    Which privacy level is used?
 .br
@@ -74,7 +74,9 @@ pihole-FTL.conf - FTL's config file
 .br
    2 - hide domains and clients
 .br
-    3 - paranoia mode (hide everything)
+    3 - anonymous mode (hide everything)
 .br
    4 - disable all statistics
 .br
 \fBIGNORE_LOCALHOST=no|yes\fR
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -35,7 +35,7 @@ pihole -g\fR
 .br
 \fBpihole\fR \fB-l\fR (\fBon|off|off noflush\fR)
 .br
-\fBpihole -up \fR[--checkonly]
+\fBpihole -up \fR[--check-only]
 .br
 \fBpihole -v\fR [-p|-a|-f] [-c|-l|-hash]
 .br
@@ -134,7 +134,7 @@ Available commands and options:
      -i, interface     Specify dnsmasq's interface listening behavior
 .br
      -l, privacylevel  <level> Set privacy level
-                        (0 = lowest, 3 = highest)
+                        (0 = lowest, 4 = highest)
 .br
 \fB-c, chronometer\fR	[options]
--- a/114
+++ b/114
@@ -10,23 +10,20 @@
 # Please see LICENSE file for your rights under this license.
 readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
-readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf"
+readonly gravitylist="/etc/pihole/gravity.list"
 readonly blacklist="/etc/pihole/black.list"
 # setupVars and PI_HOLE_BIN_DIR are not readonly here because in some funcitons (checkout),
 # it might get set again when the installer is sourced. This causes an
 # error due to modifying a readonly variable.
 setupVars="/etc/pihole/setupVars.conf"
 PI_HOLE_BIN_DIR="/usr/local/bin"
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"
 resolver="pihole-FTL"
 # Must be root to use this tool
 if [[ ! $EUID -eq 0 ]];then
  if [[ -x "$(command -v sudo)" ]]; then
    exec sudo bash "$0" "$@"
    exit $?
  else
    echo -e "  ${CROSS} sudo is needed to run pihole commands.  Please run this script as root or install sudo."
    exit 1
  fi
 fi
 webpageFunc() {
  source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
  main "$@"
@@ -73,7 +70,7 @@ reconfigurePiholeFunc() {
 updateGravityFunc() {
  "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
-  exit 0
+  exit $?
 }
 queryFunc() {
@@ -102,20 +99,16 @@ versionFunc() {
 restartDNS() {
  local svcOption svc str output status
-  svcOption="${1:-}"
+  svcOption="${1:-restart}"
-  # Determine if we should reload or restart restart
+  # Determine if we should reload or restart
  if [[ "${svcOption}" =~ "reload" ]]; then
-    # Using SIGHUP will NOT re-read any *.conf files
+    # Reload has been requested
    # Note: This will NOT re-read any *.conf files
    svc="killall -s SIGHUP ${resolver}"
  else
-    # Get PID of resolver to determine if it needs to start or restart
+    # A full restart has been requested
-    if pidof pihole-FTL &> /dev/null; then
+    svc="service ${resolver} restart"
      svcOption="restart"
    else
      svcOption="start"
    fi
    svc="service ${resolver} ${svcOption}"
  fi
  # Print output to Terminal, but not to Web Admin
@@ -127,9 +120,11 @@ restartDNS() {
  if [[ "${status}" -eq 0 ]]; then
    [[ -t 1 ]] && echo -e "${OVER}  ${TICK} ${str}"
    return 0
  else
    [[ ! -t 1 ]] && local OVER=""
    echo -e "${OVER}  ${CROSS} ${output}"
    return 1
  fi
 }
@@ -146,10 +141,17 @@ Time:
  elif [[ "${1}" == "0" ]]; then
    # Disable Pi-hole
-    sed -i 's/^addn-hosts=\/etc\/pihole\/gravity.list/#addn-hosts=\/etc\/pihole\/gravity.list/' /etc/dnsmasq.d/01-pihole.conf
+    if grep -cq "BLOCKING_ENABLED=false" "${setupVars}"; then
-    sed -i 's/^addn-hosts=\/etc\/pihole\/black.list/#addn-hosts=\/etc\/pihole\/black.list/' /etc/dnsmasq.d/01-pihole.conf
+      echo -e "  ${INFO} Blocking already disabled, nothing to do"
-    if [[ -e "$wildcardlist" ]]; then
+      exit 0
-      mv "$wildcardlist" "/etc/pihole/wildcard.list"
+    fi
    if [[ -e "${gravitylist}" ]]; then
      mv "${gravitylist}" "${gravitylist}.bck"
      echo "" > "${gravitylist}"
    fi
    if [[ -e "${blacklist}" ]]; then
      mv "${blacklist}" "${blacklist}.bck"
      echo "" > "${blacklist}"
    fi
    if [[ $# > 1 ]]; then
      local error=false
@@ -159,7 +161,7 @@ Time:
          local str="Disabling blocking for ${tt} seconds"
          echo -e "  ${INFO} ${str}..."
          local str="Blocking will be re-enabled in ${tt} seconds"
-          nohup bash -c "sleep ${tt}; pihole enable" </dev/null &>/dev/null &
+          nohup bash -c "sleep ${tt}; ${PI_HOLE_BIN_DIR}/pihole enable" </dev/null &>/dev/null &
        else
          local error=true
        fi
@@ -170,7 +172,7 @@ Time:
          echo -e "  ${INFO} ${str}..."
          local str="Blocking will be re-enabled in ${tt} minutes"
          tt=$((${tt}*60))
-          nohup bash -c "sleep ${tt}; pihole enable" </dev/null &>/dev/null &
+          nohup bash -c "sleep ${tt}; ${PI_HOLE_BIN_DIR}/pihole enable" </dev/null &>/dev/null &
        else
          local error=true
        fi
@@ -187,19 +189,29 @@ Time:
      fi
      local str="Pi-hole Disabled"
      sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
      echo "BLOCKING_ENABLED=false" >> "${setupVars}"
    fi
  else
    # Enable Pi-hole
    if grep -cq "BLOCKING_ENABLED=true" "${setupVars}"; then
      echo -e "  ${INFO} Blocking already enabled, nothing to do"
      exit 0
    fi
    echo -e "  ${INFO} Enabling blocking"
    local str="Pi-hole Enabled"
-    sed -i 's/^#addn-hosts/addn-hosts/' /etc/dnsmasq.d/01-pihole.conf
+    if [[ -e "${gravitylist}.bck" ]]; then
-    if [[ -e "/etc/pihole/wildcard.list" ]]; then
+      mv "${gravitylist}.bck" "${gravitylist}"
      mv "/etc/pihole/wildcard.list" "$wildcardlist"
    fi
    if [[ -e "${blacklist}.bck" ]]; then
      mv "${blacklist}.bck" "${blacklist}"
    fi
    sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
    echo "BLOCKING_ENABLED=true" >> "${setupVars}"
  fi
-  restartDNS
+  restartDNS reload
  echo -e "${OVER}  ${TICK} ${str}"
 }
@@ -222,7 +234,7 @@ Options:
    sed -i 's/^QUERY_LOGGING=true/QUERY_LOGGING=false/' /etc/pihole/setupVars.conf
    if [[ "${2}" != "noflush" ]]; then
      # Flush logs
-      pihole -f
+      "${PI_HOLE_BIN_DIR}"/pihole -f
    fi
    echo -e "  ${INFO} Disabling logging..."
    local str="Logging has been disabled!"
@@ -242,8 +254,6 @@ Options:
 }
 statusFunc() {
  local addnConfigs
  # Determine if service is running on port 53 (Cr: https://superuser.com/a/806331)
  if (echo > /dev/tcp/127.0.0.1/53) >/dev/null 2>&1; then
    if [[ "${1}" != "web" ]]; then
@@ -257,16 +267,14 @@ statusFunc() {
    return 0
  fi
-  # Determine if Pi-hole's addn-hosts configs are commented out
+  # Determine if Pi-hole's blocking is enabled
-  addnConfigs=$(grep -i "addn-hosts=/" /etc/dnsmasq.d/01-pihole.conf)
+  if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then
  if [[ "${addnConfigs}" =~ "#" ]]; then
    # A config is commented out
    case "${1}" in
      "web") echo 0;;
      *) echo -e "  ${CROSS} Pi-hole blocking is Disabled";;
    esac
-  elif [[ -n "${addnConfigs}" ]]; then
+  elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf;  then
    # Configs are set
    case "${1}" in
      "web") echo 1;;
@@ -276,11 +284,10 @@ statusFunc() {
    # No configs were found
    case "${1}" in
      "web") echo 99;;
-      *) echo -e "  ${INFO} No hosts file linked to dnsmasq, adding it in enabled state";;
+      *) echo -e "  ${INFO} Pi-hole blocking will be enabled";;
    esac
-    # Add addn-host= to dnsmasq
+    # Enable blocking
-    echo "addn-hosts=/etc/pihole/gravity.list" >> /etc/dnsmasq.d/01-pihole.conf
+    "${PI_HOLE_BIN_DIR}"/pihole enable
    restartDNS
  fi
 }
@@ -303,7 +310,7 @@ tailFunc() {
  # Colour everything else as gray
  tail -f /var/log/pihole.log | sed -E \
    -e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \
-    -e "s,(.*(gravity.list|black.list| config ).* is (${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
+    -e "s,(.*(gravity.list|black.list|regex.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
    -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
    -e "s,.*,${COL_GRAY}&${COL_NC},"
  exit 0
@@ -417,6 +424,21 @@ if [[ $# = 0 ]]; then
  helpFunc
 fi
 case "${1}" in
  "-h" | "help" | "--help"      ) helpFunc;;
 esac
 # Must be root to use this tool
 if [[ ! $EUID -eq 0 ]];then
  if [[ -x "$(command -v sudo)" ]]; then
    exec sudo bash "$0" "$@"
    exit $?
  else
    echo -e "  ${CROSS} sudo is needed to run pihole commands.  Please run this script as root or install sudo."
    exit 1
  fi
 fi
 # Handle redirecting to specific functions based on arguments
 case "${1}" in
  "-w" | "whitelist"            ) listFunc "$@";;
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
-docker-compose
+docker-compose==1.23.2
-pytest
+pytest==4.3.0
-pytest-xdist
+pytest-xdist==1.26.1
-pytest-cov
+pytest-cov==2.6.1
-testinfra
+testinfra==1.19.0
-tox
+tox==3.7.0
--- a/test/fedora.Dockerfile
+++ b/test/fedora.Dockerfile
@@ -1,4 +1,4 @@
-FROM fedora:latest
+FROM fedora:30
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
--- a/test/test_automated_install.py
+++ b/test/test_automated_install.py
@@ -81,6 +81,7 @@ def test_setupVars_saved_to_file(Pihole):
    {}
    mkdir -p /etc/dnsmasq.d
    version_check_dnsmasq
    echo "" > /etc/pihole/pihole-FTL.conf
    finalExports
    cat /etc/pihole/setupVars.conf
    '''.format(set_setup_vars))
@@ -397,7 +398,11 @@ def test_FTL_detect_aarch64_no_errors(Pihole):
    )
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLdetect
+    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = info_box + ' FTL Checks...'
    assert expected_stdout in detectPlatform.stdout
@@ -417,7 +422,11 @@ def test_FTL_detect_armv6l_no_errors(Pihole):
    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLdetect
+    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = info_box + ' FTL Checks...'
    assert expected_stdout in detectPlatform.stdout
@@ -438,7 +447,11 @@ def test_FTL_detect_armv7l_no_errors(Pihole):
    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLdetect
+    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = info_box + ' FTL Checks...'
    assert expected_stdout in detectPlatform.stdout
@@ -454,7 +467,11 @@ def test_FTL_detect_x86_64_no_errors(Pihole):
    '''
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLdetect
+    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = info_box + ' FTL Checks...'
    assert expected_stdout in detectPlatform.stdout
@@ -470,7 +487,11 @@ def test_FTL_detect_unknown_no_errors(Pihole):
    mock_command('uname', {'-m': ('mips', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLdetect
+    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = 'Not able to detect architecture (unknown: mips)'
    assert expected_stdout in detectPlatform.stdout
@@ -480,38 +501,34 @@ def test_FTL_download_aarch64_no_errors(Pihole):
    '''
    confirms only aarch64 package is downloaded for FTL engine
    '''
-    # mock uname to return generic platform
+    # mock whiptail answers and ensure installer dependencies
    mock_command('whiptail', {'*': ('', '0')}, Pihole)
    Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    install_dependent_packages ${INSTALLER_DEPS[@]}
    ''')
    download_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLinstall pihole-FTL-aarch64-linux-gnu
+    create_pihole_user
    FTLinstall "pihole-FTL-aarch64-linux-gnu"
    ''')
    expected_stdout = tick_box + ' Downloading and Installing FTL'
    assert expected_stdout in download_binary.stdout
    assert 'error' not in download_binary.stdout.lower()
 def test_FTL_download_unknown_fails_no_errors(Pihole):
    '''
    confirms unknown binary is not downloaded for FTL engine
    '''
    # mock uname to return generic platform
    download_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
    FTLinstall pihole-FTL-mips
    ''')
    expected_stdout = cross_box + ' Downloading and Installing FTL'
    assert expected_stdout in download_binary.stdout
    error = 'Error: URL not found'
    assert error in download_binary.stdout
 def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
    '''
    confirms FTL binary is copied and functional in installed location
    '''
    installed_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLdetect
+    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    pihole-FTL version
    ''')
    expected_stdout = 'v'
--- a/test/test_centos_fedora_support.py
+++ b/test/test_centos_fedora_support.py
@@ -31,20 +31,13 @@ def test_release_supported_version_check_centos(Pihole):
    '''
    confirms installer exits on unsupported releases of CentOS
    '''
-    # mock CentOS release < 7 (unsupported)
+    # modify /etc/redhat-release to mock an unsupported CentOS release
-    mock_command_2(
+    Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
        'rpm',
        {"-q --queryformat '%{VERSION}' centos-release'": (
            '5',
            '0'
        )},
        Pihole
    )
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
-    expected_stdout = cross_box + (' CentOS  is not suported.')
+    expected_stdout = cross_box + (' CentOS 6 is not supported.')
    assert expected_stdout in distro_check.stdout
    expected_stdout = 'Please update to CentOS release 7 or later'
    assert expected_stdout in distro_check.stdout