Version information
This version is compatible with:
- Puppet Enterprise 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.22.1 < 8.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-vsftpd', '7.6.0'Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
Overview
This module manages vsftpd on supported systems.
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
- If used independently, all SIMP-managed security subsystems will be disabled by
default and must be explicitly opted into by administrators. Please review
simp_optionsfor details.
Module Description
This module can be used for the configuration of vsftpd and includes support for setting up TLS protected servers.
Usage
A Basic Anonymous FTP Server
# If you're not using the SIMP iptables module, you'll need to make sure the
# PASV ports are accessiable using your preferred method.
class { 'vsftpd':
ssl_enable => false,
pasv_min_port => 10000,
pasv_max_port => 20000
}
A TLS Protected FTP Server with Local Accounts
# If you're not using the SIMP iptables module, you'll need to make sure the
# PASV ports are accessiable using your preferred method.
# If you decide not to use the SIMP PKI module, you'll need to manage the
# certificate locations on the filesystem yourself using the options in
# vsftpd::config
# You may need to flip one or more SELinux booleans depending on your setup.
# This really depends on your system so it cannot be automated cleanly.
class { 'vsftpd':
local_enable => true,
ssl_enable => true,
pasv_min_port => 10000,
pasv_max_port => 20000
}
Development
Please read our Contribution Guide
Acceptance tests
This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:
bundle exec rake beaker:suites
Some environment variables may be useful:
BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes
BEAKER_fips=yes
BEAKER_debug: show the commands being run on the STU and their output.BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from thespec/fixtures/modulesdirectory, based on the contents of.fixtures.yml. The contents of this directory are usually populated bybundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.BEAKER_fips=yes: enable FIPS-mode on the virtual instances. This can take a very long time, because it must enable FIPS in the kernel command-line, rebuild the initramfs, then reboot.
Please refer to the SIMP Beaker Helpers documentation for more information.
Reference
Table of Contents
Classes
vsftpd: This class configures a vsftpd server. It ensures that the appropriate files are in the appropriate places and synchronizes the external matvsftpd::config: This class provides a method for setting up the main body of /etc/vsftpd/vsftpd.conf. * The rest of the parameters can be found on the vsftpvsftpd::config::firewall: This class sets up the appropriate IPtables rules based on the value of $fw_rules. By default, it will allow access only to localhost, you wvsftpd::config::tcpwrappers: Sets up tcpwrappers for vsfptd.vsftpd::install: Installs vsftpd and optionally manages the vsftpd group and user.vsftpd::service: Ensures the vsftpd service is running.vsftpd::users: Manages the vsftpd group and user.
Classes
vsftpd
This class configures a vsftpd server. It ensures that the appropriate files are in the appropriate places and synchronizes the external materials.
One thing to note is that local users are forced to SSL for security reasons.
Parameters
The following parameters are available in the vsftpd class:
trusted_netsfirewallpkitcpwrappershavegedcipher_suitepackage_ensurevsfptd_uservsftpd_groupmanage_uservsftpd_uidvsftpd_gidmanage_groupftp_data_portlisten_addresslisten_ipv4listen_portlocal_enablepasv_enablepasv_max_portpasv_min_portssl_enablerequire_ssl_reuseuserlist_denyuserlist_enableuser_listpam_service_namevalidate_certvsftpd_user
trusted_nets
Data type: Simplib::Netlist
A whitelist of subnets (in CIDR notation) permitted access.
Default value: simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1','::1'] })
firewall
Data type: Boolean
If true, use SIMP's iptables to manage firewall rules to accommodate <%= metadata.name %>.
Default value: simplib::lookup('simp_options::firewall', { 'default_value' => false })
pki
Data type: Variant[Enum['simp'],Boolean]
- If 'simp', include SIMP's pki module and use pki::copy to manage application certs in /etc/pki/simp_apps/vsftpd/x509
- If true, do not include SIMP's pki module, but still use pki::copy to manage certs in /etc/pki/simp_apps/vsftpd/x509
- If false, do not include SIMP's pki module and do not use pki::copy
to manage certs. You will need to appropriately assign a subset of:
- app_pki_dir
- app_pki_key
- app_pki_cert
- app_pki_ca
- app_pki_ca_dir
Default value: simplib::lookup('simp_options::pki', { 'default_value' => false })
tcpwrappers
Data type: Boolean
If true, use SIMP's ::tcpwrappers to configure TCP Wrappers to accommodate <%= metadata.name %> and set 'tcp_wrappers' value in vsftpd.conf to true.
Default value: simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })
haveged
Data type: Boolean
If true, include ::haveged to assist with entropy generation.
Default value: simplib::lookup('simp_options::haveged', { 'default_value' => false })
cipher_suite
Data type: Array[String]
OpenSSL cipher suite to use. If you are not using this with ::simp_options and the server is in FIPS mode, you need to set this to a FIPS-compliant cipher suite, (e.g., ['FIPS', '!LOW']). Corresponds to ssl_ciphers in vsftpd.conf.
Default value: simplib::lookup('simp_options::openssl::cipher_suite', { 'default_value' => ['DEFAULT','!MEDIUM'] })
package_ensure
Data type: String
The ensure status of the vsftpd package
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
vsfptd_user
Set the user for the vsftpd service.
vsftpd_group
Data type: String
Set the group for the vsftpd service and files.
Default value: 'ftp'
manage_user
Data type: Boolean
Manage vsftpd user.
Default value: true
vsftpd_uid
Data type: Integer
Integer. UID of the vsftpd user.
Default value: 14
vsftpd_gid
Data type: Integer
Integer. GID of the vsftpd group.
Default value: 50
manage_group
Data type: Boolean
Manage vsftpd group.
Default value: true
ftp_data_port
Data type: Simplib::Port
Default value: 20
listen_address
Data type: Optional[Simplib::IP::V4]
Default value: undef
listen_ipv4
Data type: Boolean
Default value: true
listen_port
Data type: Simplib::Port
Default value: 21
local_enable
Data type: Boolean
Default value: true
pasv_enable
Data type: Boolean
Default value: true
pasv_max_port
Data type: Optional[Simplib::Port]
Default value: undef
pasv_min_port
Data type: Optional[Simplib::Port]
Default value: undef
ssl_enable
Data type: Boolean
Default value: true
require_ssl_reuse
Data type: Boolean
Default value: true
userlist_deny
Data type: Boolean
Default value: true
userlist_enable
Data type: Boolean
Default value: true
user_list
Data type: Array[String]
Default value: ['root','bin','daemon','adm','lp','sync','shutdown','halt','mail','news','uucp','operator','games','nobody']
pam_service_name
Data type: String
Default value: 'vsftpd'
validate_cert
Data type: Boolean
Default value: true
vsftpd_user
Data type: String
Default value: 'ftp'
vsftpd::config
This class provides a method for setting up the main body of /etc/vsftpd/vsftpd.conf.
- The rest of the parameters can be found on the vsftpd.conf man page *
Parameters
The following parameters are available in the vsftpd::config class:
pkiapp_pki_external_sourceapp_pki_dirapp_pki_keyapp_pki_certapp_pki_caallow_anon_sslanon_mkdir_write_enableanon_other_write_enableanon_upload_enableanon_world_readable_onlyanonymous_enableascii_download_enableascii_upload_enableasync_abor_enablebackgroundcheck_shellchmod_enablechown_uploadschroot_list_enablechroot_local_userconnect_from_port_20deny_email_enabledirlist_enabledirmessage_enabledownload_enabledual_log_enableforce_dot_filesforce_anon_data_sslforce_anon_logins_sslforce_local_data_sslforce_local_logins_sslguest_enablehide_idslisten_ipv6lock_upload_fileslog_ftp_protocolls_recurse_enablemdtm_writeno_anon_passwordno_log_lockone_process_modelpasswd_chroot_enablepasv_addr_resolvepasv_promiscuousport_enableport_promiscuousreverse_lookup_enablerun_as_launching_usersecure_email_list_enablesession_supportsetproctitle_enablessl_sslv2ssl_sslv3ssl_tlsv1ssl_tlsv1_1ssl_tlsv1_2syslog_enabletext_userdb_namestilde_user_enableuse_localtimeuse_sendfileuserlist_fileuserlist_logvirtual_use_local_privswrite_enablexferlog_enablexferlog_std_formataccept_timeoutanon_max_rateanon_umaskconnect_timeoutdata_connection_timeoutdelay_failed_logindelay_successful_loginfile_open_modeidle_session_timeoutlocal_max_ratelocal_umaskmax_clientsmax_login_failsmax_per_iptrans_chunk_sizeanon_rootbanned_email_filebanner_filechown_usernamechroot_list_filecmds_alloweddeny_filedsa_cert_filedsa_private_key_fileemail_password_filehide_filelisten_address6local_rootmessage_filenopriv_userpasv_addressvalidate_certsecure_chroot_diruser_config_diruser_sub_tokenvsftpd_log_filexferlog_filemin_uid
pki
- If 'simp', include SIMP's pki module and use pki::copy to manage application certs in /etc/pki/simp_apps/vsftpd/x509
- If true, do not include SIMP's pki module, but still use pki::copy to manage certs in /etc/pki/simp_apps/vsftpd/x509
- If false, do not include SIMP's pki module and do not use pki::copy
to manage certs. You will need to appropriately assign a subset of:
- app_pki_dir
- app_pki_key
- app_pki_cert
- app_pki_ca
- app_pki_ca_dir
app_pki_external_source
Data type: String
-
If pki = 'simp' or true, this is the directory from which certs will be copied, via pki::copy. Defaults to /etc/pki/simp/x509.
-
If pki = false, this variable has no effect.
Default value: simplib::lookup('simp_options::pki::source', { 'default_value' => '/etc/pki/simp/x509' })
app_pki_dir
Data type: Stdlib::Absolutepath
This variable controls the basepath of $app_pki_key, $app_pki_cert, $app_pki_ca, $app_pki_ca_dir, and $app_pki_crl. It defaults to /etc/pki/simp_apps/vsftpd/pki.
Default value: '/etc/pki/simp_apps/vsftpd/x509'
app_pki_key
Data type: Stdlib::Absolutepath
Path and name of the private SSL key file
Default value: "${app_pki_dir}/private/${::fqdn}.pem"
app_pki_cert
Data type: Stdlib::Absolutepath
Path and name of the public SSL certificate
Default value: "${app_pki_dir}/public/${::fqdn}.pub"
app_pki_ca
Data type: Stdlib::Absolutepath
Path and name of the CA.
Default value: "${app_pki_dir}/cacerts/cacerts.pem"
allow_anon_ssl
Data type: Optional[Boolean]
Default value: undef
anon_mkdir_write_enable
Data type: Optional[Boolean]
Default value: undef
anon_other_write_enable
Data type: Optional[Boolean]
Default value: undef
anon_upload_enable
Data type: Boolean
Default value: true
anon_world_readable_only
Data type: Optional[Boolean]
Default value: undef
anonymous_enable
Data type: Boolean
Default value: true
ascii_download_enable
Data type: Optional[Boolean]
Default value: undef
ascii_upload_enable
Data type: Optional[Boolean]
Default value: undef
async_abor_enable
Data type: Optional[Boolean]
Default value: undef
background
Data type: Optional[Boolean]
Default value: undef
check_shell
Data type: Optional[Boolean]
Default value: undef
chmod_enable
Data type: Optional[Boolean]
Default value: undef
chown_uploads
Data type: Optional[Boolean]
Default value: undef
chroot_list_enable
Data type: Optional[Boolean]
Default value: undef
chroot_local_user
Data type: Optional[Boolean]
Default value: undef
connect_from_port_20
Data type: Boolean
Default value: true
deny_email_enable
Data type: Optional[Boolean]
Default value: undef
dirlist_enable
Data type: Optional[Boolean]
Default value: undef
dirmessage_enable
Data type: Boolean
Default value: true
download_enable
Data type: Optional[Boolean]
Default value: undef
dual_log_enable
Data type: Optional[Boolean]
Default value: undef
force_dot_files
Data type: Optional[Boolean]
Default value: undef
force_anon_data_ssl
Data type: Optional[Boolean]
Default value: undef
force_anon_logins_ssl
Data type: Optional[Boolean]
Default value: undef
force_local_data_ssl
Data type: Boolean
Default value: true
force_local_logins_ssl
Data type: Boolean
Default value: true
guest_enable
Data type: Optional[Boolean]
Default value: undef
hide_ids
Data type: Optional[Boolean]
Default value: undef
listen_ipv6
Data type: Optional[Boolean]
Default value: undef
lock_upload_files
Data type: Optional[Boolean]
Default value: undef
log_ftp_protocol
Data type: Optional[Boolean]
Default value: undef
ls_recurse_enable
Data type: Optional[Boolean]
Default value: undef
mdtm_write
Data type: Optional[Boolean]
Default value: undef
no_anon_password
Data type: Optional[Boolean]
Default value: undef
no_log_lock
Data type: Optional[Boolean]
Default value: undef
one_process_model
Data type: Optional[Boolean]
Default value: undef
passwd_chroot_enable
Data type: Optional[Boolean]
Default value: undef
pasv_addr_resolve
Data type: Optional[Boolean]
Default value: undef
pasv_promiscuous
Data type: Optional[Boolean]
Default value: undef
port_enable
Data type: Optional[Boolean]
Default value: undef
port_promiscuous
Data type: Optional[Boolean]
Default value: undef
reverse_lookup_enable
Data type: Optional[Boolean]
Default value: undef
run_as_launching_user
Data type: Optional[Boolean]
Default value: undef
secure_email_list_enable
Data type: Optional[Boolean]
Default value: undef
session_support
Data type: Optional[Boolean]
Default value: undef
setproctitle_enable
Data type: Optional[Boolean]
Default value: undef
ssl_sslv2
Data type: Boolean
Default value: false
ssl_sslv3
Data type: Boolean
Default value: false
ssl_tlsv1
Data type: Boolean
Default value: false
ssl_tlsv1_1
Data type: Boolean
Default value: false
ssl_tlsv1_2
Data type: Boolean
Default value: true
syslog_enable
Data type: Boolean
Default value: true
text_userdb_names
Data type: Optional[Boolean]
Default value: undef
tilde_user_enable
Data type: Optional[Boolean]
Default value: undef
use_localtime
Data type: Optional[Boolean]
Default value: undef
use_sendfile
Data type: Optional[Boolean]
Default value: undef
userlist_file
Data type: Stdlib::Absolutepath
Default value: '/etc/vsftpd/user_list'
userlist_log
Data type: Boolean
Default value: true
virtual_use_local_privs
Data type: Optional[Boolean]
Default value: undef
write_enable
Data type: Boolean
Default value: true
xferlog_enable
Data type: Boolean
Default value: true
xferlog_std_format
Data type: Boolean
Default value: true
accept_timeout
Data type: Optional[Integer]
Default value: undef
anon_max_rate
Data type: Optional[Integer]
Default value: undef
anon_umask
Data type: Optional[Simplib::Umask]
Default value: undef
connect_timeout
Data type: Optional[Integer]
Default value: undef
data_connection_timeout
Data type: Optional[Integer]
Default value: undef
delay_failed_login
Data type: Optional[Integer]
Default value: undef
delay_successful_login
Data type: Optional[Integer]
Default value: undef
file_open_mode
Data type: Optional[Simplib::Umask]
Default value: undef
idle_session_timeout
Data type: Optional[Integer]
Default value: undef
local_max_rate
Data type: Optional[Integer]
Default value: undef
local_umask
Data type: Simplib::Umask
Default value: '022'
max_clients
Data type: Optional[Integer]
Default value: undef
max_login_fails
Data type: Optional[Integer]
Default value: undef
max_per_ip
Data type: Optional[Integer]
Default value: undef
trans_chunk_size
Data type: Optional[Integer]
Default value: undef
anon_root
Data type: Optional[String]
Default value: undef
banned_email_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
banner_file
Data type: Stdlib::Absolutepath
Default value: '/etc/issue.net'
chown_username
Data type: Optional[String]
Default value: undef
chroot_list_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
cmds_allowed
Data type: Optional[Array[String]]
Default value: undef
deny_file
Data type: Optional[String]
Default value: undef
dsa_cert_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
dsa_private_key_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
email_password_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
hide_file
Data type: Optional[String]
Default value: undef
listen_address6
Data type: Optional[Simplib::IP::V6]
Default value: undef
local_root
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
message_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
nopriv_user
Data type: Optional[String]
Default value: undef
pasv_address
Data type: Optional[Simplib::Host]
Default value: undef
validate_cert
Data type: Boolean
Default value: $::vsftpd::validate_cert
secure_chroot_dir
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
user_config_dir
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
user_sub_token
Data type: Optional[String]
Default value: undef
vsftpd_log_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
xferlog_file
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
min_uid
Data type: String
Default value: '500'
vsftpd::config::firewall
This class sets up the appropriate IPtables rules based on the value of $fw_rules.
By default, it will allow access only to localhost, you will need to define an array at fw_rules to add additional hosts.
Localhost is always listed as a host that is allowed to access the system.
vsftpd::config::tcpwrappers
Sets up tcpwrappers for vsfptd.
vsftpd::install
Installs vsftpd and optionally manages the vsftpd group and user.
vsftpd::service
Ensures the vsftpd service is running.
vsftpd::users
Manages the vsftpd group and user.
- Thu Jun 17 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 7.6.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Wed Jan 20 2021 Trevor Vaughan tvaughan@onyxpoint.com - 7.5.0
- Add puppet 7 support
- Fix sysctl updates on service restart
- Sat Dec 19 2020 Chris Tessmer chris.tessmer@onyxpoint.com - 7.5.0
- Removed EL6 support
- Fri Apr 10 2020 Trevor Vaughan tvaughan@onyxpoint.com - 7.4.0-0
- Add EL8 support
- The following dependencies are now optional
- simp/haveged
- simp/iptables
- simp/pki
- simp/tcpwrappers
- Updated acceptance tests to use lftp in TLS mode and fixed SELinux issues
- Updated the README
- Tue Jun 04 2019 Steven Pritchard steven.pritchard@onyxpoint.com - 7.3.0-0
- Add v2 compliance_markup data
- Wed Apr 10 2019 Joseph Sharkey shark.bruhaha@gmail.com - 7.2.1-0
- Fixed ordering issue between the kernel module loading for iptables and the service being started
- Updated tests in support of puppet6, and removed puppet4 support
- Mon Oct 29 2018 Liz Nemsick lnemsick.simp@gmail.com - 7.2.1-0
- Fixed a bad URL in the README.md
- Mon Oct 29 2018 Liz Nemsick lnemsick.simp@gmail.com - 7.2.0-0
- Updated badges and contribution guide URL in README.md
- Thu Sep 13 2018 Nick Miller Nick.miller@onyxpoint.com - 7.2.0-0
- Added support for Puppet 5
- Added reference.md
- Moved user/group management to it's own manifest, allowing for easier ordering
- Added $package_ensure parameter
- Changed the package from 'latest' to 'installed'
- It will also respect
simp_options::package_ensure
- Added some OEL content but not declaring support for it yet
- Tue Sep 11 2018 Nicholas Markowski nicholas.markowski@onyxpoint.com - 7.2.0-0
- Updated $app_pki_external_source to accept any string. This matches the functionality of pki::copy.
- Wed Nov 15 2017 Liz Nemsick lnemsick.simp@gmail.com - 7.1.0-0
- By default, use TLS 1.2 instead of TLS 1.0.
- Eliminated the use of deprecated validate_net_list() through better strongly-typed parameters for IP addresses and hosts.
- Added CentOS 6 acceptance tests.
- Tue Nov 14 2017 Liz Nemsick lnemsick.simp@gmail.com - 7.1.0-0
- Updated acceptance test to work on server with selinux enforcing
- Thu Jul 06 2017 Liz Nemsick lnemsick.simp@gmail.com - 7.0.1-0
- Confined puppet version in metadata.json
- Mon Jan 09 2017 Nick Markowski nmarkowski@keywcorp.com - 7.0.0-0
- New pki scheme
- Real integers and simplib types implemented
- Application certs now managed in /etc/pki/simp_apps/vsftpd/x509
- Tue Dec 20 2016 Nick Miller nick.miller@onyxpoint.com 7.0.0-0
- Added management of the /etc/ftpusers file
- Mon Dec 12 2016 Liz Nemsick lnemsick.simp@gmail.com - 7.0.0-0
- Use simp_options module for global catalysts
- Fixed bug whereby manifest would fail to compile if the force_dot_files parameter of ::vsftpd::config was set
- Fixed bug whereby vsftpd.conf configuration values to be set to 'NO' were not written out to that file
- Fixed bug whereby listen configuration parameter for vsftpd.conf was not set based on $listen_ipv4 parameter of ::vsftpd
- Convert to explicit parameter types
- Wed Nov 23 2016 Jeanne Greulich jgreulich@onyxpoint.com - 6.0.0-0
- Fix dependancies for simp 6 bump
- Mon Nov 21 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 6.0.0-0
- Remove compliance map and General Housekeeping
- Wed Nov 16 2016 Liz Nemsick lnemsick.simp@gmail.com - 5.0.8-0
- Updated iptables dependency version
- Wed Sep 28 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 5.0.5-0
- Fix Forge
havegeddependency name
- Mon Jul 11 2016 Trevor Vaughan tvaughan@onyxpoint.com - 5.0.4-0
- Migration to semantic versioning and fix of the build system
- Thu Jun 30 2016 Nick Markowski nmarkowski@keywcorp.com - 5.0.3-0
- Use_haveged is now a global catalyst.
- Mon Jun 27 2016 Nick Markowski nmarkowski@keywcorp.com - 5.0.2-0
- Pupmod-haveged included by default to assist with entropy generation.
- Wed May 18 2016 Chris Tessmer chris.tessmer@onypoint.com - 5.0.1-0
- Sanitize code for
STRICT_VARIABLES=yes
- Tue Mar 01 2016 Ralph Wright ralph.wright@onyxpoint.com - 5.0.0-2
- Added compliance function support
- Mon Nov 09 2015 Chris Tessmer chris.tessmer@onypoint.com - 5.0.0-1
- migration to simplib and simpcat (lib/ only)
- Fri Jul 17 2015 Nick Markowski nmarkowski@keywcorp.com - 5.0.0-0
- Refactored module to new layout, to better conform with Puppetlabs.
- Vsftpd user and group mutable.
- Package requires user and group to be set before installation.
- Thu Feb 19 2015 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-8
- Migrated to the new 'simp' environment.
- Fri Jan 16 2015 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-7
- Changed puppet-server requirement to puppet
- Wed Oct 22 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-6
- Update to account for the stunnel module updates in 4.2.0-0
- Fri Oct 17 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-5
- CVE-2014-3566: Updated protocols to mitigate POODLE.
- Tue Sep 16 2014 Nick Markowski nmarkowski@keywcorp.com - 4.1.0-4
- Updated the module to be compatible with RHEL6 and RHEL7.
- Fri Jul 25 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-3
- Changed ip_conntrack_ftp to nf_conntrack_ftp to properly load the kernel module and not restart iptables every time Puppet runs.
- Sun Jun 22 2014 Kendall Moore kmoore@keywcorp.com - 4.1.0-2
- Removed MD5 file checksums for FIPS compliance.
- Thu Apr 03 2014 Nick Markowski nmarkowski@keywcorp.com - 4.1.0-1
- Updated module for puppet3/hiera and added lint and rspec tests.
- Copied pki to /etc/vsftpd/pki
- Thu Feb 13 2014 Kendall Moore kmoore@keywcorp.com 4.1.0-0
- Update to remove warnings about IPTables not being detected. This is a nuisance when allowing other applications to manage iptables legitimately.
- Converted all string booleans to native booleans.
- Tue Oct 08 2013 Kendall Moore kmoore@keywcorp.com 2.0.0-9
- Updated all erb templates to properly scope variables.
- Tue Feb 05 2013 Maintenance 2.0.0-8
- Edited init.pp from "checksum => 'undef'" to "checksum => undef".
- Thu Jan 31 2013 Maintenance 2.0.0-7
- Created Cucumber tests to setup and configure a vsftpd server and check to make sure that the vsftpd service can run successfully.
- Thu Dec 13 2012 Maintenance 2.0.0-6
- Updated to require pupmod-common >= 2.1.1-2 so that upgrading an old system works properly.
- Wed Apr 11 2012 Maintenance 2.0.0-5
- Moved mit-tests to /usr/share/simp...
- Updated pp files to better meet Puppet's recommended style guide.
- Fri Mar 02 2012 Maintenance 2.0.0-4
- Improved test stubs.
- Mon Dec 26 2011 Maintenance 2.0.0-3
- Updated the spec file to not require a separate file list.
- Mon Oct 10 2011 Maintenance 2.0.0-2
- Updated to put quotes around everything that need it in a comparison statement so that puppet > 2.5 doesn't explode with an undef error.
- Mon Apr 18 2011 Maintenance - 2.0.0-1
- Changed puppet://$puppet_server/ to puppet:///
- vsftpd::conf is now in its own file.
- Added comments so that users know to restart vsftpd if they use alternate certificates.
- Restart vsftpd if any part of the default certs change.
- Changed all instances of defined(Class['foo']) to defined('foo') per the directions from the Puppet mailing list.
- Tue Jan 11 2011 Maintenance 2.0.0-0
- Refactored for SIMP-2.0.0-alpha release
- Tue Oct 26 2010 Maintenance - 1-2
- Converting all spec files to check for directories prior to copy.
- Thu Sep 09 2010 Maintenance 1.0-1
- Replaced tcpwrappers::tcpwrappers_allow with tcpwrappers::allow.
- Mon May 24 2010 Maintenance 1.0-0
- Code refactoring.
- Tue Sep 29 2009 Maintenance 0.1-0
- Initial configuration module
Dependencies
- simp/simplib (>= 3.1.0 < 5.0.0)
- puppetlabs/stdlib (>= 6.6.0 < 8.0.0)
pupmod-simp-vsftpd - A Puppet Module for managing VSFTPD
--
Per Section 105 of the Copyright Act of 1976, these works are not entitled to
domestic copyright protection under US Federal law.
The US Government retains the right to pursue copyright protections outside of
the United States.
The United States Government has unlimited rights in this software and all
derivatives thereof, pursuant to the contracts under which it was developed and
the License under which it falls.
---
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.