diff --git a/modules/services/unix/ftp/proftpd/manifests/configure.pp b/modules/services/unix/ftp/proftpd/manifests/configure.pp
new file mode 100644
index 000000000..e20341a8a
--- /dev/null
+++ b/modules/services/unix/ftp/proftpd/manifests/configure.pp
@@ -0,0 +1,9 @@
+class proftpd::configure {
+ file { '/etc/proftpd/proftpd.conf':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ content => template('proftpd/proftpd.erb')
+ }
+}
\ No newline at end of file
diff --git a/modules/services/unix/ftp/proftpd/manifests/init.pp b/modules/services/unix/ftp/proftpd/manifests/init.pp
new file mode 100644
index 000000000..3d74a37f1
--- /dev/null
+++ b/modules/services/unix/ftp/proftpd/manifests/init.pp
@@ -0,0 +1,5 @@
+class proftpd {
+ require proftpd::install
+ require proftpd::configure
+ require proftpd::service
+}
diff --git a/modules/services/unix/ftp/proftpd/manifests/install.pp b/modules/services/unix/ftp/proftpd/manifests/install.pp
new file mode 100644
index 000000000..535b3559c
--- /dev/null
+++ b/modules/services/unix/ftp/proftpd/manifests/install.pp
@@ -0,0 +1,6 @@
+class proftpd::install {
+ package { 'proftpd':
+ ensure => installed,
+ name => 'proftpd',
+ }
+}
\ No newline at end of file
diff --git a/modules/services/unix/ftp/proftpd/manifests/service.pp b/modules/services/unix/ftp/proftpd/manifests/service.pp
new file mode 100644
index 000000000..9215ef51a
--- /dev/null
+++ b/modules/services/unix/ftp/proftpd/manifests/service.pp
@@ -0,0 +1,7 @@
+class proftpd::service {
+ service { 'proftpd':
+ ensure => running,
+ enable => true,
+ require => File['/etc/proftpd/proftpd.conf'],
+ }
+}
\ No newline at end of file
diff --git a/modules/services/unix/ftp/proftpd/proftpd.pp b/modules/services/unix/ftp/proftpd/proftpd.pp
new file mode 100644
index 000000000..6e8bf8be3
--- /dev/null
+++ b/modules/services/unix/ftp/proftpd/proftpd.pp
@@ -0,0 +1 @@
+include proftpd
\ No newline at end of file
diff --git a/modules/services/unix/ftp/proftpd/secgen_metadata.xml b/modules/services/unix/ftp/proftpd/secgen_metadata.xml
new file mode 100644
index 000000000..35d4d0daa
--- /dev/null
+++ b/modules/services/unix/ftp/proftpd/secgen_metadata.xml
@@ -0,0 +1,25 @@
+
+
+
+ vsftpd Server
+ Thomas Shaw
+ Adam J. Low
+ Apache v2
+ An installation of proftpd
+
+ ftp
+ linux
+
+
+ https://security.appspot.com/vsftpd.html
+ https://forge.puppet.com/adamjlow/proftpd
+ proftpd
+ Apache v2
+
+
+ vsftpd
+
+
+
\ No newline at end of file
diff --git a/modules/services/unix/ftp/proftpd/templates/proftpd.erb b/modules/services/unix/ftp/proftpd/templates/proftpd.erb
new file mode 100644
index 000000000..ffc87637c
--- /dev/null
+++ b/modules/services/unix/ftp/proftpd/templates/proftpd.erb
@@ -0,0 +1,189 @@
+#
+# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
+# To really apply changes, reload proftpd after modifications, if
+# it runs in daemon mode. It is not required in inetd/xinetd mode.
+#
+
+# Includes DSO modules
+Include /etc/proftpd/modules.conf
+
+# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
+UseIPv6 off
+# If set on you can experience a longer connection delay in many cases.
+IdentLookups off
+
+ServerName "Debian"
+ServerType standalone
+DeferWelcome off
+
+MultilineRFC2228 on
+DefaultServer on
+ShowSymlinks on
+
+TimeoutNoTransfer 600
+TimeoutStalled 600
+TimeoutIdle 1200
+
+DisplayLogin welcome.msg
+DisplayChdir .message true
+ListOptions "-l"
+
+DenyFilter \*.*/
+
+# Use this to jail all users in their homes
+# DefaultRoot ~
+
+# Users require a valid shell listed in /etc/shells to login.
+# Use this directive to release that constrain.
+# RequireValidShell off
+
+# Port 21 is the standard FTP port.
+Port 21
+
+# In some cases you have to specify passive ports range to by-pass
+# firewall limitations. Ephemeral ports can be used for that, but
+# feel free to use a more narrow range.
+# PassivePorts 49152 65534
+
+# If your host was NATted, this option is useful in order to
+# allow passive tranfers to work. You have to use your public
+# address and opening the passive ports used on your firewall as well.
+# MasqueradeAddress 1.2.3.4
+
+# This is useful for masquerading address with dynamic IPs:
+# refresh any configured MasqueradeAddress directives every 8 hours
+
+ # DynMasqRefresh 28800
+
+
+# To prevent DoS attacks, set the maximum number of child processes
+# to 30. If you need to allow more than 30 concurrent connections
+# at once, simply increase this value. Note that this ONLY works
+# in standalone mode, in inetd mode you should use an inetd server
+# that allows you to limit maximum number of processes per service
+# (such as xinetd)
+MaxInstances 30
+
+# Set the user and group that the server normally runs at.
+User root
+Group nogroup
+
+# Umask 022 is a good standard umask to prevent new files and dirs
+# (second parm) from being group and world writable.
+Umask 022 022
+# Normally, we want files to be overwriteable.
+AllowOverwrite on
+
+# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
+# PersistentPasswd off
+
+# This is required to use both PAM-based authentication and local passwords
+# AuthOrder mod_auth_pam.c* mod_auth_unix.c
+
+# Be warned: use of this directive impacts CPU average load!
+# Uncomment this if you like to see progress and transfer rate with ftpwho
+# in downloads. That is not needed for uploads rates.
+#
+# UseSendFile off
+
+TransferLog /var/log/proftpd/xferlog
+SystemLog /var/log/proftpd/proftpd.log
+
+# Logging onto /var/log/lastlog is enabled but set to off by default
+#UseLastlog on
+
+# In order to keep log file dates consistent after chroot, use timezone info
+# from /etc/localtime. If this is not set, and proftpd is configured to
+# chroot (e.g. DefaultRoot or Anonymous-->), it will use the non-daylight
+ # savings timezone regardless of whether DST is in effect.
+ #SetEnv TZ :/etc/localtime
+
+
+ QuotaEngine off
+
+
+
+ Ratios off
+
+
+
+ # Delay engine reduces impact of the so-called Timing Attack described in
+ # http://www.securityfocus.com/bid/11430/discuss
+ # It is on by default.
+
+ DelayEngine on
+
+
+
+ ControlsEngine off
+ ControlsMaxClients 2
+ ControlsLog /var/log/proftpd/controls.log
+ ControlsInterval 5
+ ControlsSocket /var/run/proftpd/proftpd.sock
+
+
+
+ AdminControlsEngine off
+
+
+ #
+ # Alternative authentication frameworks
+ #
+ #Include /etc/proftpd/ldap.conf
+ #Include /etc/proftpd/sql.conf
+
+ #
+ # This is used for FTPS connections
+ #
+ #Include /etc/proftpd/tls.conf
+
+ #
+ # Useful to keep VirtualHost/VirtualRoot directives separated
+ #
+ #Include /etc/proftpd/virtuals.conf
+
+ # A basic anonymous configuration, no upload directories.
+
+ #
+ # User ftp
+ # Group nogroup
+ # # We want clients to be able to login with "anonymous" as well as "ftp"
+ # UserAlias anonymous ftp
+ # # Cosmetic changes, all files belongs to ftp user
+ # DirFakeUser on ftp
+ # DirFakeGroup on ftp
+ #
+ # RequireValidShell off
+ #
+ # # Limit the maximum number of anonymous logins
+ # MaxClients 10
+ #
+ # # We want 'welcome.msg' displayed at login, and '.message' displayed
+ # # in each newly chdired directory.
+ # DisplayLogin welcome.msg
+ # DisplayChdir .message
+ #
+ # # Limit WRITE everywhere in the anonymous chroot
+ #
+ #
+ # DenyAll
+ #
+ #
+ #
+ # # Uncomment this if you're brave.
+ # #
+ # # # Umask 022 is a good standard umask to prevent new files and dirs
+ # # # (second parm) from being group and world writable.
+ # # Umask 022 022
+ # #
+ # # DenyAll
+ # #
+ # #
+ # # AllowAll
+ # #
+ # #
+ #
+ #
+
+ # Include other custom configuration files
+ Include /etc/proftpd/conf.d/
diff --git a/scenarios/simple_examples/proftpd_service.xml b/scenarios/simple_examples/proftpd_service.xml
new file mode 100644
index 000000000..3542cfd5c
--- /dev/null
+++ b/scenarios/simple_examples/proftpd_service.xml
@@ -0,0 +1,17 @@
+
+
+
+
+
+
+ proftpd_server
+
+
+
+
+
+
+
+