tcpwrappers

manages /etc/hosts.allow (/etc/hosts.deny is ALL:ALL by default)

Project URL RSS Feed Report issues

Module Stats

14,737 downloads

361 latest version

4.7 quality score

Version information

released Oct 12th 2023

This version is compatible with:

Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
Puppet >= 7.0.0 < 9.0.0
, , ,

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'simp-tcpwrappers', '6.5.0'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-tcpwrappers

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-tcpwrappers --version 6.5.0

Tags: tcpwrappers, simp

Documentation

simp/tcpwrappers — version 6.5.0 Oct 12th 2023

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our [Contribution Guide] (https://simp.readthedocs.io/en/stable/contributors_guide/index.html).

Work in Progress

Please excuse us as we transition this code into the public domain.

Downloads, discussion, and patches are still welcome!

Reference

Classes

tcpwrappers: Set up tcpwrappers

Defined types

tcpwrappers::allow

Classes

`tcpwrappers`

Set up tcpwrappers

Parameters

The following parameters are available in the tcpwrappers class:

default_deny
allow_all_local
package_ensure

`default_deny`

Data type: Boolean

Add a default ALL: ALL to /etc/hosts.deny

Default value: true

`allow_all_local`

Data type: Boolean

Allow connections to all services from the local system

This includes all representations of the local system that are available via facter and shortcut notation, such as LOCAL.

Default value: true

`package_ensure`

Data type: String

The ensure status of packages to be managed

Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })

Defined types

`tcpwrappers::allow`

The tcpwrappers::allow class.

Parameters

The following parameters are available in the tcpwrappers::allow defined type:

pattern
order
svc

`pattern`

Data type: Variant[String,Array[String]]

The allow pattern based on the content of the man page

`order`

Data type: Integer

The order in which you want this rule to appear

IF you don't specify an order, the rules will be listed in alphabetical order

Default value: 1000

`svc`

Data type: Optional[String]

The name of the service

This is useful if you wish to use the same service name more than once

Default value: undef

Wed Oct 11 2023 Steven Pritchard steve@sicura.us - 6.5.0

[puppetsync] Updates for Puppet 8
- These updates may include the following:
  - Update Gemfile
  - Add support for Puppet 8
  - Drop support for Puppet 6
  - Update module dependencies

Mon Jul 17 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 6.4.0

Add RockyLinux 8 support

Thu Jun 17 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 6.3.0

Removed support for Puppet 5
Ensured support for Puppet 7 in requirements and stdlib

Sat Dec 19 2020 Chris Tessmer chris.tessmer@onyxpoint.com - 6.2.1

Removed EL6 support

Tue Oct 08 2019 Robert Vincent pillarsdotnet@gmail.com - 6.2.0-0

Drop Puppet 4 support
Add Puppet 6 support
Add puppetlabs-stdlib 6 support
Add puppetlabs-concat 6 support

Tue Sep 24 2019 Jeanne Greulich jeanne.greulich@onyxpoint.com - 6.2.0-0

Change metadata OS version check to use new simplib check that returns false or true if the OS is supported according to metadata.json. If it is not supported, do nothing (instead of failing).

Mon Sep 02 2019 Jeanne Greulich jeanne.greulich@onyxpoint.com - 6.2.0-0

RedHat 8 does not support TCP Wrappers
Add call to simplib:assert_metadata to check the OS is supported.
Update upperbound of simplib.

Fri Mar 22 2019 Joseph Sharkey shark.bruhaha@gmail.com - 6.1.2-0

Use simplib::bracketize in lieu of deprecated Puppet 3 bracketize
Fix template bug that prevented some IPv6 addresses from being properly formatted in /etc/hosts.allow.

Tue Mar 19 2019 Liz Nemsick lnemsick.simp@gmail.com - 6.1.2-0

Use simplib::nets2ddq in lieu of deprecated Puppet 3 nets2ddq

Thu Feb 14 2019 Liz Nemsick lnemsick.simp@gmail.com - 6.1.1-0

Use simplib::ipaddresses() in lieu of ipaddresses(), a deprecated simplib Puppet 3 function.
Expanded the upper limit of the concat and stdlib Puppet module versions
Fixed URLs in the README.md

Fri Aug 24 2018 Nick Miller nick.miller@onypoint.com - 6.1.0-0

Add support for Puppet 5 and OEL
Added $package_ensure parameter
- Changed the package from 'latest' to 'installed'
- It will also respect simp_options::package_ensure

Fri Feb 09 2018 Liz Nemsick lnemsick.simp@gmail.com - 6.0.3-0

Update upperbound on puppetlabs/concat version to < 5.0.0

Fri Aug 18 2017 Liz Nemsick lnemsick.simp@gmail.com - 6.0.2-0

Update concat version in metadata.json & build/rpm_metadata/requires

Thu Jul 06 2017 Liz Nemsick lnemsick.simp@gmail.com - 6.0.1-0

Update puppet dependency and remove OBE pe dependency in metadata.json

Fri Dec 16 2016 Trevor Vaughan tvaughan@onyxpoinit.com - 6.0.0-0

Puppet 4 update
Added strong typing
Converted to using puppetlabs-concat

Wed Nov 23 2016 Jeanne Greulich jgreulich@onyxpoint.com - 5.0.0-0

Fix dependancies for simp 6 bump

Mon Nov 21 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 5.0.0-0

Minor cleanup

Fri Sep 30 2016 Trevor Vaughan tvaughan@onyxpoint.com - 5.0.0-0

Updated to use the version of 'simpcat' that does not conflict with 'puppetlabs/concat'.

Mon Nov 09 2015 Chris Tessmer chris.tessmer@onypoint.com - 3.0.0-3

migration to simplib and simpcat (lib/ only)

Fri Jan 16 2015 Trevor Vaughan tvaughan@onyxpoint.com - 3.0.0-2

Changed puppet-server requirement to puppet

Sun Jun 22 2014 Kendall Moore kmoore@keywcorp.com - 3.0.0-1

Removed MD5 file checksums for FIPS compliance.

Thu Jun 19 2014 Trevor Vaughan tvaughan@onyxpoint.com - 3.0.0-1

Updated to not cast lpattern to an Array in tcpwrappers.allow.erb for compatibility with Ruby 2.

Wed Apr 30 2014 Trevor Vaughan tvaughan@onyxpoint.com - 3.0.0-0

Updated to use an array for the allow and to use the new ipaddresses function in common to provide all local addresses to the initial line.

Thu Jan 09 2014 Nick Markowski nmarkowski@keywcorp.com - 2.1.0-0

Updated module for puppet3/hiera compatibility, and optimized code for lint tests, and puppet-rspec.
Removed tcpwrappers::tcpwrappers_allow

Tue Oct 08 2013 Kendall Moore kmoore@keywcorp.com - 2.0.0-8

Updated all erb templates to properly scope variables.

Fri Aug 02 2013 Kendall Moore kmoore@keywcorp.com -2.0.0-7

Updated the tcpwrappers.allow template because function calls require an argument of an array rather than allowing for single string arguments.

Wed Apr 10 2013 Maintenance 2.0.0-6

Added 127.0.0.1 to the list of always allowed hosts. Apparently, there was a bug in the way that NFS interacts with tcpwrappers that can occasionally fail if this isn't in place. Honestly, I can't figure out why but it works.

Tue Jan 15 2013 Maintenance 2.0.0-5

Created a Cucumber test which adds a tcpwrapper for nscd and checks /etc/hosts.allow to ensure that an entry is there to reflect the change.

Thu Jun 07 2012 Maintenance 2.0.0-4

Ensure that Arrays in templates are flattened.
Call facts as instance variables.
Moved mit-tests to /usr/share/simp...
Converted the internal nets2ddq code to use the 'common' function.
Updated to work properly with IPv6 addresses.
Updated pp files to better meet Puppet's recommended style guide.

Fri Mar 02 2012 Maintenance 2.0.0-3

Improved test stubs.

Fri Dec 23 2011 Maintenance 2.0.0-2

Updated the spec file to not require a separate file list.
Changed all instances of 'ipaddress' to 'primary_ipaddress'.

Fri Feb 11 2011 Maintenance 2.0.0-1

Updated to use concat_build and concat_fragment types.

Tue Jan 11 2011 Maintenance 2.0.0-0

Refactored for SIMP-2.0.0-alpha release

Tue Oct 26 2010 Maintenance - 1-2

Converting all spec files to check for directories prior to copy.

Mon Oct 04 2010 Maintenance 1.0-1

Support for comma separated entries on the LHS of the hosts.allow file.

Mon May 24 2010 Maintenance 1.0-0

Code refactoring.

Mon Nov 02 2009 Maintenance 0.1-11

Now remove subsequent entries from the list.

pupmod-simp-tcpwrappers - A Puppet Module for managing TCPWrappers

--

Per Section 105 of the Copyright Act of 1976, these works are not entitled to
domestic copyright protection under US Federal law.

The US Government retains the right to pursue copyright protections outside of
the United States.

The United States Government has unlimited rights in this software and all
derivatives thereof, pursuant to the contracts under which it was developed and
the License under which it falls.

---

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started

tcpwrappers

Partner

Version information

This version is compatible with:

Start using this module

Documentation

This is a SIMP module

Work in Progress

Reference

Table of Contents

Classes

Defined types

Classes

`tcpwrappers`

Parameters

`default_deny`

`allow_all_local`

`package_ensure`

Defined types

`tcpwrappers::allow`

Parameters

`pattern`

`order`

`svc`

Dependencies