modules/vsftpd/manifests/init.pp

   1 class vsftpd {
   2
   3         package { 'vsftpd':
   4                 ensure => installed
   5         }
   6         package { 'logtail':
   7                 ensure => installed
   8         }
   9
  10         service { 'vsftpd':
  11                 ensure  => stopped,
  12                 require => Package['vsftpd']
  13         }
  14
  15         file { '/etc/vsftpd.conf':
  16                 content => "listen=NO\n",
  17                 require => Package['vsftpd'],
  18                 notify  => Service['vsftpd']
  19         }
  20
  21         # Mask the vsftpd service as we are using xinetd
  22         file { '/etc/systemd/system/vsftpd.service':
  23                 ensure => 'link',
  24                 target => '/dev/null',
  25                 notify => Exec['systemctl daemon-reload'],
  26         }
  27
  28         # Ensure the empty dir is present, workaround for #789127
  29         file { '/etc/tmpfiles.d/vsftpd.conf':
  30                 content => 'd /var/run/vsftpd/empty 0755 root root -'
  31                 notify => Exec['systemd-tmpfiles --create --exclude-prefix=/dev'],
  32         }
  33
  34         munin::check { 'vsftpd':
  35                 ensure => absent
  36         }
  37         munin::check { 'ps_vsftpd':
  38                 script => 'ps_'
  39         }
  40
  41         @ferm::rule { 'dsa-ftp':
  42                 domain      => '(ip ip6)',
  43                 description => 'Allow ftp access',
  44                 rule        => '&SERVICE(tcp, 21)',
  45         }
  46
  47         file { '/var/log/ftp':
  48                 ensure => directory,
  49                 mode   => '0755'
  50         }
  51         file { '/etc/logrotate.d/vsftpd':
  52                 source  => 'puppet:///modules/vsftpd/logrotate.conf',
  53                 require => [
  54                         Package['vsftpd'],
  55                         Package['debian.org']
  56                 ]
  57         }
  58 }