From 2251aaa709cd1d08869b68ac301ca72db2a1bdc7 Mon Sep 17 00:00:00 2001 From: thomashaw Date: Thu, 8 Feb 2018 00:10:58 +0000 Subject: [PATCH] wip --- .../unix/ftp/proftpd/manifests/configure.pp | 12 -- .../unix/ftp/proftpd/manifests/init.pp | 5 - .../unix/ftp/proftpd/manifests/install.pp | 6 - .../unix/ftp/proftpd/manifests/service.pp | 9 - modules/services/unix/ftp/proftpd/proftpd.pp | 1 - .../unix/ftp/proftpd/secgen_metadata.xml | 35 ---- .../unix/ftp/proftpd/templates/proftpd.erb | 192 ------------------ 7 files changed, 260 deletions(-) delete mode 100644 modules/services/unix/ftp/proftpd/manifests/configure.pp delete mode 100644 modules/services/unix/ftp/proftpd/manifests/init.pp delete mode 100644 modules/services/unix/ftp/proftpd/manifests/install.pp delete mode 100644 modules/services/unix/ftp/proftpd/manifests/service.pp delete mode 100644 modules/services/unix/ftp/proftpd/proftpd.pp delete mode 100644 modules/services/unix/ftp/proftpd/secgen_metadata.xml delete mode 100644 modules/services/unix/ftp/proftpd/templates/proftpd.erb diff --git a/modules/services/unix/ftp/proftpd/manifests/configure.pp b/modules/services/unix/ftp/proftpd/manifests/configure.pp deleted file mode 100644 index 695870576..000000000 --- a/modules/services/unix/ftp/proftpd/manifests/configure.pp +++ /dev/null @@ -1,12 +0,0 @@ -class proftpd::configure { - $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) - - file { '/etc/proftpd/proftpd.conf': - notify => Service['proftpd'], - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('proftpd/proftpd.erb'), - } -} \ No newline at end of file diff --git a/modules/services/unix/ftp/proftpd/manifests/init.pp b/modules/services/unix/ftp/proftpd/manifests/init.pp deleted file mode 100644 index d9bcb2727..000000000 --- a/modules/services/unix/ftp/proftpd/manifests/init.pp +++ /dev/null @@ -1,5 +0,0 @@ -class proftpd { - class { 'proftpd::install': } - class { 'proftpd::configure': } ~> - class { 'proftpd::service': } -} diff --git a/modules/services/unix/ftp/proftpd/manifests/install.pp b/modules/services/unix/ftp/proftpd/manifests/install.pp deleted file mode 100644 index 535b3559c..000000000 --- a/modules/services/unix/ftp/proftpd/manifests/install.pp +++ /dev/null @@ -1,6 +0,0 @@ -class proftpd::install { - package { 'proftpd': - ensure => installed, - name => 'proftpd', - } -} \ No newline at end of file diff --git a/modules/services/unix/ftp/proftpd/manifests/service.pp b/modules/services/unix/ftp/proftpd/manifests/service.pp deleted file mode 100644 index a838143cc..000000000 --- a/modules/services/unix/ftp/proftpd/manifests/service.pp +++ /dev/null @@ -1,9 +0,0 @@ -class proftpd::service { - service { 'proftpd': - ensure => running, - enable => true, - hasrestart => true, - require => File['/etc/proftpd/proftpd.conf'], - subscribe => File['/etc/proftpd/proftpd.conf'], - } -} \ No newline at end of file diff --git a/modules/services/unix/ftp/proftpd/proftpd.pp b/modules/services/unix/ftp/proftpd/proftpd.pp deleted file mode 100644 index 6e8bf8be3..000000000 --- a/modules/services/unix/ftp/proftpd/proftpd.pp +++ /dev/null @@ -1 +0,0 @@ -include proftpd \ No newline at end of file diff --git a/modules/services/unix/ftp/proftpd/secgen_metadata.xml b/modules/services/unix/ftp/proftpd/secgen_metadata.xml deleted file mode 100644 index 183ea91b2..000000000 --- a/modules/services/unix/ftp/proftpd/secgen_metadata.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - - vsftpd Server - Thomas Shaw - Adam J. Low - Apache v2 - An installation of proftpd - - ftp - linux - - port - - - 21 - - - - https://security.appspot.com/vsftpd.html - https://forge.puppet.com/adamjlow/proftpd - proftpd - Apache v2 - - - vsftpd - - - - utilities/unix/system/accounts - - - \ No newline at end of file diff --git a/modules/services/unix/ftp/proftpd/templates/proftpd.erb b/modules/services/unix/ftp/proftpd/templates/proftpd.erb deleted file mode 100644 index c72443f81..000000000 --- a/modules/services/unix/ftp/proftpd/templates/proftpd.erb +++ /dev/null @@ -1,192 +0,0 @@ -<% - $port = $secgen_parameters['port'].first -%> -# -# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. -# To really apply changes, reload proftpd after modifications, if -# it runs in daemon mode. It is not required in inetd/xinetd mode. -# - -# Includes DSO modules -Include /etc/proftpd/modules.conf - -# Set off to disable IPv6 support which is annoying on IPv4 only boxes. -UseIPv6 off -# If set on you can experience a longer connection delay in many cases. -IdentLookups off - -ServerName "Debian" -ServerType standalone -DeferWelcome off - -MultilineRFC2228 on -DefaultServer on -ShowSymlinks on - -TimeoutNoTransfer 600 -TimeoutStalled 600 -TimeoutIdle 1200 - -DisplayLogin welcome.msg -DisplayChdir .message true -ListOptions "-l" - -DenyFilter \*.*/ - -# Use this to jail all users in their homes -# DefaultRoot ~ - -# Users require a valid shell listed in /etc/shells to login. -# Use this directive to release that constrain. -# RequireValidShell off - -# Port 21 is the standard FTP port. -Port <%=$port%> - -# In some cases you have to specify passive ports range to by-pass -# firewall limitations. Ephemeral ports can be used for that, but -# feel free to use a more narrow range. -# PassivePorts 49152 65534 - -# If your host was NATted, this option is useful in order to -# allow passive tranfers to work. You have to use your public -# address and opening the passive ports used on your firewall as well. -# MasqueradeAddress 1.2.3.4 - -# This is useful for masquerading address with dynamic IPs: -# refresh any configured MasqueradeAddress directives every 8 hours - - # DynMasqRefresh 28800 - - -# To prevent DoS attacks, set the maximum number of child processes -# to 30. If you need to allow more than 30 concurrent connections -# at once, simply increase this value. Note that this ONLY works -# in standalone mode, in inetd mode you should use an inetd server -# that allows you to limit maximum number of processes per service -# (such as xinetd) -MaxInstances 30 - -# Set the user and group that the server normally runs at. -User root -Group nogroup - -# Umask 022 is a good standard umask to prevent new files and dirs -# (second parm) from being group and world writable. -Umask 022 022 -# Normally, we want files to be overwriteable. -AllowOverwrite on - -# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: -# PersistentPasswd off - -# This is required to use both PAM-based authentication and local passwords -# AuthOrder mod_auth_pam.c* mod_auth_unix.c - -# Be warned: use of this directive impacts CPU average load! -# Uncomment this if you like to see progress and transfer rate with ftpwho -# in downloads. That is not needed for uploads rates. -# -# UseSendFile off - -TransferLog /var/log/proftpd/xferlog -SystemLog /var/log/proftpd/proftpd.log - -# Logging onto /var/log/lastlog is enabled but set to off by default -#UseLastlog on - -# In order to keep log file dates consistent after chroot, use timezone info -# from /etc/localtime. If this is not set, and proftpd is configured to -# chroot (e.g. DefaultRoot or Anonymous-->), it will use the non-daylight - # savings timezone regardless of whether DST is in effect. - #SetEnv TZ :/etc/localtime - - - QuotaEngine off - - - - Ratios off - - - - # Delay engine reduces impact of the so-called Timing Attack described in - # http://www.securityfocus.com/bid/11430/discuss - # It is on by default. - - DelayEngine on - - - - ControlsEngine off - ControlsMaxClients 2 - ControlsLog /var/log/proftpd/controls.log - ControlsInterval 5 - ControlsSocket /var/run/proftpd/proftpd.sock - - - - AdminControlsEngine off - - - # - # Alternative authentication frameworks - # - #Include /etc/proftpd/ldap.conf - #Include /etc/proftpd/sql.conf - - # - # This is used for FTPS connections - # - #Include /etc/proftpd/tls.conf - - # - # Useful to keep VirtualHost/VirtualRoot directives separated - # - #Include /etc/proftpd/virtuals.conf - - # A basic anonymous configuration, no upload directories. - - # - # User ftp - # Group nogroup - # # We want clients to be able to login with "anonymous" as well as "ftp" - # UserAlias anonymous ftp - # # Cosmetic changes, all files belongs to ftp user - # DirFakeUser on ftp - # DirFakeGroup on ftp - # - # RequireValidShell off - # - # # Limit the maximum number of anonymous logins - # MaxClients 10 - # - # # We want 'welcome.msg' displayed at login, and '.message' displayed - # # in each newly chdired directory. - # DisplayLogin welcome.msg - # DisplayChdir .message - # - # # Limit WRITE everywhere in the anonymous chroot - # - # - # DenyAll - # - # - # - # # Uncomment this if you're brave. - # # - # # # Umask 022 is a good standard umask to prevent new files and dirs - # # # (second parm) from being group and world writable. - # # Umask 022 022 - # # - # # DenyAll - # # - # # - # # AllowAll - # # - # # - # - # - - # Include other custom configuration files - Include /etc/proftpd/conf.d/