Forge Home

vsftpd

Manage vsftpd

11,367 downloads

1,152 latest version

3.1 quality score

Version information

  • 7.6.0 (latest)
  • 7.5.0
  • 7.4.0
  • 7.3.0
  • 7.2.1
  • 7.2.0
  • 7.1.0
  • 7.0.1
  • 7.0.0
  • 5.0.7
  • 5.0.6
  • 5.0.5 (deleted)
released Jul 12th 2021
This version is compatible with:
  • Puppet Enterprise 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.22.1 < 8.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-vsftpd', '7.6.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-vsftpd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-vsftpd --version 7.6.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

simp/vsftpd — version 7.6.0 Jul 12th 2021

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents

Overview

This module manages vsftpd on supported systems.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
  • If used independently, all SIMP-managed security subsystems will be disabled by default and must be explicitly opted into by administrators. Please review simp_options for details.

Module Description

This module can be used for the configuration of vsftpd and includes support for setting up TLS protected servers.

Usage

A Basic Anonymous FTP Server

# If you're not using the SIMP iptables module, you'll need to make sure the
# PASV ports are accessiable using your preferred method.

class { 'vsftpd':
  ssl_enable    => false,
  pasv_min_port => 10000,
  pasv_max_port => 20000
}

A TLS Protected FTP Server with Local Accounts

# If you're not using the SIMP iptables module, you'll need to make sure the
# PASV ports are accessiable using your preferred method.

# If you decide not to use the SIMP PKI module, you'll need to manage the
# certificate locations on the filesystem yourself using the options in
# vsftpd::config

# You may need to flip one or more SELinux booleans depending on your setup.
# This really depends on your system so it cannot be automated cleanly.

class { 'vsftpd':
  local_enable  => true,
  ssl_enable    => true,
  pasv_min_port => 10000,
  pasv_max_port => 20000
}

Development

Please read our Contribution Guide

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle exec rake beaker:suites

Some environment variables may be useful:

BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes
BEAKER_fips=yes
  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.
  • BEAKER_fips=yes: enable FIPS-mode on the virtual instances. This can take a very long time, because it must enable FIPS in the kernel command-line, rebuild the initramfs, then reboot.

Please refer to the SIMP Beaker Helpers documentation for more information.