Manage vsftpd




1,293 latest version

5.0 quality score

Version information

  • 7.4.0 (latest)
  • 7.3.0
  • 7.2.1
  • 7.2.0
  • 7.1.0
  • 7.0.1
  • 7.0.0
  • 5.0.7
  • 5.0.6
  • 5.0.5
released Jul 22nd 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x
  • Puppet >= 5.0.0 < 7.0.0
  • CentOS

Start using this module


simp/vsftpd — version 7.4.0 Jul 22nd 2020

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents


This module manages vsftpd on supported systems.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
  • If used independently, all SIMP-managed security subsystems will be disabled by default and must be explicitly opted into by administrators. Please review simp_options for details.

Module Description

This module can be used for the configuration of vsftpd and includes support for setting up TLS protected servers.


A Basic Anonymous FTP Server

# If you're not using the SIMP iptables module, you'll need to make sure the
# PASV ports are accessiable using your preferred method.

class { 'vsftpd':
  ssl_enable    => false,
  pasv_min_port => 10000,
  pasv_max_port => 20000

A TLS Protected FTP Server with Local Accounts

# If you're not using the SIMP iptables module, you'll need to make sure the
# PASV ports are accessiable using your preferred method.

# If you decide not to use the SIMP PKI module, you'll need to manage the
# certificate locations on the filesystem yourself using the options in
# vsftpd::config

# You may need to flip one or more SELinux booleans depending on your setup.
# This really depends on your system so it cannot be automated cleanly.

class { 'vsftpd':
  local_enable  => true,
  ssl_enable    => true,
  pasv_min_port => 10000,
  pasv_max_port => 20000


Please read our Contribution Guide

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle exec rake beaker:suites

Some environment variables may be useful:

  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.
  • BEAKER_fips=yes: enable FIPS-mode on the virtual instances. This can take a very long time, because it must enable FIPS in the kernel command-line, rebuild the initramfs, then reboot.

Please refer to the SIMP Beaker Helpers documentation for more information.