Forge Home

vsftpd

Manage vsftpd

12,671 downloads

154 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 7.9.0 (latest)
  • 7.7.0
  • 7.6.0
  • 7.5.0
  • 7.4.0
  • 7.3.0
  • 7.2.1
  • 7.2.0
  • 7.1.0
  • 7.0.1
  • 7.0.0
  • 5.0.7
  • 5.0.6
  • 5.0.5 (deleted)
released Oct 12th 2023
This version is compatible with:
  • Puppet Enterprise 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-vsftpd', '7.9.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-vsftpd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-vsftpd --version 7.9.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

simp/vsftpd — version 7.9.0 Oct 12th 2023

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents

Overview

This module manages vsftpd on supported systems.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
  • If used independently, all SIMP-managed security subsystems will be disabled by default and must be explicitly opted into by administrators. Please review simp_options for details.

Module Description

This module can be used for the configuration of vsftpd and includes support for setting up TLS protected servers.

Usage

A Basic Anonymous FTP Server

# If you're not using the SIMP iptables module, you'll need to make sure the
# PASV ports are accessiable using your preferred method.

class { 'vsftpd':
  ssl_enable    => false,
  pasv_min_port => 10000,
  pasv_max_port => 20000
}

A TLS Protected FTP Server with Local Accounts

# If you're not using the SIMP iptables module, you'll need to make sure the
# PASV ports are accessiable using your preferred method.

# If you decide not to use the SIMP PKI module, you'll need to manage the
# certificate locations on the filesystem yourself using the options in
# vsftpd::config

# You may need to flip one or more SELinux booleans depending on your setup.
# This really depends on your system so it cannot be automated cleanly.

class { 'vsftpd':
  local_enable  => true,
  ssl_enable    => true,
  pasv_min_port => 10000,
  pasv_max_port => 20000
}

Development

Please read our Contribution Guide

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle exec rake beaker:suites

Some environment variables may be useful:

BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes
BEAKER_fips=yes
  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.
  • BEAKER_fips=yes: enable FIPS-mode on the virtual instances. This can take a very long time, because it must enable FIPS in the kernel command-line, rebuild the initramfs, then reboot.

Please refer to the SIMP Beaker Helpers documentation for more information.