Issue #1556 has been updated by Kelsey Hightower.
As I am new to puppet, I would like to get some feedback on whether or not I am
heading in the right direction while I attempt to create a new type for
tcpwrappers.
<pre>
Puppet::Type.newtype(:tcpwrapper) do
@doc = "Manages tcpwarppers hosts.allow and hosts.deny entries.
The entry will be placed in /etc/host.allow when 'allow => true' or 'deny
=> false'
The entry will be placed in /etc/host.deny when 'deny => true' or 'allow =>
false'
Default action is to append the entry to /etc/host.allow
Examples::
tcpwrapper { ALL:
allow => true,
daemon => \"ALL\",
except_daemon => [vsftpd, sshd]
host => \"ALL\"
except_host => [cracker.domainname.com, 24.123.45.12],
}
tcpwrapper { vsftpd:
allow => true,
daemon => sshd,
host => [192.168.1.22, 72.13.2.34, trusted.domain.com],
spawn => '/bin/echo $(/bin/date) access from %h >>
/var/log/ftp-access.log'
}
tcpwrapper { vsftpd:
deny => true,
daemon => sshd,
host => [24.123.45.12, cracker.domain.com],
twist => '/bin/echo \"Access to %d has been denied for $a\"'
}
"
ensurable
newparam(:name) do
desc "The name of the resource"
end
newparam(:allow) do
desc "Whether to allow access. Line will be appened to /etc/hosts.allow"
end
newparam(:deny) do
desc "Whether to deny access. Line will be appened to /etc/hosts.deny"
end
newparam(:file) do
desc "The file to examine (and possibly modify) for the acl"
end
newparam(:line) do
desc "The acl to add or remove"
end
newproperty(:daemon, :array_matching => :all) do
desc "A list of one or more service daemons"
end
newproperty(:host, :array_matching => :all) do
desc "A list of one or more hostnames, ipaddresses, or networks"
end
newproperty(:spawn) do
desc "Child process to be launched in the background"
end
newproperty(:twist) do
desc "Command to run in place of the requested service"
end
newproperty(:except_daemon, :array_matching => :all) do
desc "A list of one or more daemons to exclude from wildcard matches"
end
newproperty(:except_host, :array_matching => :all) do
desc "A list of one or more hostnames, ipaddresses, or networks to
exclude from wildcard matches"
end
end
</pre>
----------------------------------------
Feature #1556: A type and provider for editing /etc/hosts.allow
http://projects.reductivelabs.com/issues/1556
Author: John Wiegley
Status: Accepted
Priority: Normal
Assigned to: Kelsey Hightower
Category: newfeature
Target version: unplanned
Complexity: Easy
Affected version: 0.24.5
Keywords:
At the moment I'm doing something like this:
<pre>
exec { "allow-ssh":
command => "echo 'sshd : ALL' >> /etc/hosts.allow",
onlyif => "grep -qv ^sshd /etc/hosts.allow";
}
</pre>
Would much prefer this:
<pre>
tcpwrapper { sshd:
ensure => allow, # default is to allow
hosts => "ALL";
}
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
