Puppet Class: tcpwrappers

Defined in:

manifests/init.pp

Summary

Main class which will install tcpwrappers and begin management of hosts.allow and hosts.deny. The hosts.allow and hosts.deny files are set up by the class to emulate the files as they would be installed initially. Any tcpwrappers rules already existing in those files will be removed by the class when first applied to a system.

Overview

Class: tcpwrappers

Main class which will install tcpwrappers and begin management of hosts.allow and hosts.deny. The hosts.allow and hosts.deny files are set up by the class to emulate the files as they would be installed initially. Any tcpwrappers rules already existing in those files will be removed by the class when first applied to a system.

Examples:

include tcpwrappers

Parameters:

• allow_header (Boolean) (defaults to: true) —

  Whether or not to include a header for hosts.allow with order of 0_header.

• allow_header_source (String) (defaults to: "tcpwrappers/allow_header_${::operatingsystem}") —

  File to use as header for hosts.allow in the form of /path/to/file which is then used by the source parameter of the fragment. As such, "files" should not appear in the path. This allows for replacing the module provided header with a locally generated one.

• allow_localhost_ipv4 (Boolean) (defaults to: false) —

  Include the concat fragment to allow localhost ipv4 address (127.0.0.1) to access all daemons.

• allow_localhost_ipv6 (Boolean) (defaults to: false) —

  Include the concat fragment to allow localhost ipv6 address (::1) to access all daemons.

• config_dir (String) (defaults to: '/etc') —

  Specifies the directory for where the tcpwrappers configuration files are located.

• default_deny (Boolean) (defaults to: false) —

  Whether or not to include 'ALL : ALL' in the hosts.deny file.

• deny_header (Boolean) (defaults to: true) —

  Whether or not to include a header for hosts.deny with order of ZZ_deny_all.

• deny_header_source (String) (defaults to: "tcpwrappers/deny_header_${::operatingsystem}") —

  File to use as header for hosts.deny in the for of /path/to/file which is then used by the source parameter of the fragment. As such, "files" should not appear in the path. This allows for replacing the module provided header with a locally generated one.

• file_allow (String) (defaults to: 'hosts.allow') —

  Name for the hosts.allow file configuration file.

• file_deny (String) (defaults to: 'hosts.deny') —

  Name for the hosts.deny configuration file.

• package_ensure (String) (defaults to: 'present') —

  Whether to install the tcpwrappers package, and what version. Suggested values: 'present', 'latest', or a specific version number. No validation of the String provided is done.

• package_name (String) (defaults to: 'tcp_wrappers') —

  Specified the name of the package to install.

• allow_sshd_all (Boolean) (defaults to: false)

# File 'manifests/init.pp', line 24

class tcpwrappers (
  Boolean         $allow_header         = true,
  String          $allow_header_source  = "tcpwrappers/allow_header_${::operatingsystem}",
  Boolean         $allow_localhost_ipv4 = false,
  Boolean         $allow_localhost_ipv6 = false,
  Boolean         $allow_sshd_all       = false,
  String          $config_dir           = '/etc',
  Boolean         $default_deny         = false,
  Boolean         $deny_header          = true,
  String          $deny_header_source   = "tcpwrappers/deny_header_${::operatingsystem}",
  String          $file_allow           = 'hosts.allow',
  String          $file_deny            = 'hosts.deny',
  String          $package_ensure       = 'present',
  String          $package_name         = 'tcp_wrappers',
  ) {
  case $::operatingsystem {
    'RedHat', 'CentOS': {
      contain tcpwrappers::install
      contain tcpwrappers::config

      Class['tcpwrappers::install']
      -> Class['tcpwrappers::config']
    }
    default: {
      fail("${::operatingsystem} not supported")
    }
  }
}