Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.22.1 < 8.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-xinetd', '4.3.0'
Learn more about managing modules with a PuppetfileDocumentation
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
Please read our Contribution Guide.
Module Description
This module provides for configuration of the xinetd
daemon and allows users
manage services to run under xinetd
.
Examples
Set up an 'uptime' service
xinetd::service { 'uptime':
server => '/usr/bin/uptime',
port => 12345,
protocol => 'tcp',
user => 'nobody',
x_type => 'UNLISTED',
x_wait => 'no',
socket_type => 'stream',
trusted_nets => ['ALL']
Set up VNC forwarding
For this example, an SSH tunnel is expected to be used.
xinetd::service { 'my_vnc':
banner => '/dev/null',
flags => ['REUSE','IPv4'],
protocol => 'tcp',
socket_type => 'stream',
x_wait => 'no',
x_type => 'UNLISTED',
user => 'nobody',
server => '/usr/bin/Xvnc',
server_args => "-inetd -localhost -audit 4 -s 15 -query localhost -NeverShared -once -SecurityTypes None -desktop my_vnc -geometry 800x600 -depth 16"
disable => 'no',
trusted_nets => ['127.0.0.1'],
port => 23456
}
Reference
Plesae see REFERENCE.md for a full details.
Development
Please read our Contribution Guide.
Visit the project homepage and look at our issues on JIRA.
Reference
Table of Contents
Classes
xinetd
: Set up xinetd
Defined types
xinetd::service
: Configure the xinetd service
Functions
xinetd::validate_log_type
: Perform validation on the log_type variable, as described in the man page of xinetd.conf(5)
Data types
Xinetd::AccessTimes
: Valid access_times from xinetd.conf(5)Xinetd::DenyTime
: Valid deny_time values from xinetd.conf(5)Xinetd::FailureLogOption
: Valid failure_log_option values from xinetd.conf(5)Xinetd::Flags
: Valid flags values from xinetd.conf(5)Xinetd::RpcVersion
: Valid rpc_version values from xinetd.conf(5)Xinetd::SocketType
: Valid socket_type values from xinetd.conf(5)Xinetd::SuccessLogOption
: Valid success_log_option values from xinetd.conf(5)Xinetd::Type
: Valid type values from xinetd.conf(5)Xinetd::UnlimitedInt
: Entries that may be either 'UNLIMITED' or an Integer TODO rlimit_as regex should accept K or M qualifiers
Classes
xinetd
This is incomplete but should suffice for most purposes.
NOTE: Items prefixed with 'x_' were reserved words in ERB.
- xinetd/xinetd.conf.erb
Explanations of the options can be found in the xinetd.conf(5) man page.
Parameters
The following parameters are available in the xinetd
class.
log_type
Data type: String[1]
Default value: 'SYSLOG authpriv'
x_bind
Data type: Optional[String[1]]
Default value: undef
per_source
Data type: Optional[Xinetd::UnlimitedInt]
Default value: undef
x_umask
Data type: Optional[Simplib::Umask]
Default value: undef
log_on_success
Data type: Array[Xinetd::SuccessLogOption]
Default value: ['HOST','PID','DURATION']
log_on_failure
Data type: Array[Xinetd::FailureLogOption]
Default value: ['HOST']
trusted_nets
Data type: Simplib::Netlist
Default value: lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1', '::1'] })
no_access
Data type: Optional[Array[String[1]]]
Default value: undef
passenv
Data type: Optional[String[1]]
Default value: undef
instances
Data type: Xinetd::UnlimitedInt
Default value: '60'
disabled
Data type: Optional[Array[String[1]]]
Default value: undef
disable
Data type: Optional[Enum['yes','no']]
Default value: undef
enabled
Data type: Optional[Array[String[1]]]
Default value: undef
banner
Data type: Stdlib::Absolutepath
Default value: '/etc/issue.net'
banner_success
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
banner_fail
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
groups
Data type: Enum['yes','no']
Default value: 'no'
cps
Data type: Tuple[Integer[1],Integer[1]]
Default value: [25,30]
max_load
Data type: Optional[Float[0]]
Default value: undef
purge
Data type: Boolean
Purge all unmanaged services
Default value: false
package_ensure
Data type: String[1]
The package
resource ensure to apply to all included package resources
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
Defined types
xinetd::service
For the identification of what these options should be, consult the xinetd.conf(5) man page.
Items prefixed with 'x_' were reserved words in ERB.
- xinetd/xinetd.service.erb
Parameters
The following parameters are available in the xinetd::service
defined type.
server
Data type: String
port
Data type: Simplib::Port
protocol
Data type: String
x_wait
Data type: Enum['yes','no']
socket_type
Data type: Xinetd::SocketType
disable
Data type: Enum['yes','no']
Default value: 'no'
libwrap_name
Data type: Optional[String]
Default value: undef
libwrap
Data type: Optional[String]
Default value: undef
user
Data type: String
Default value: 'root'
x_umask
Data type: Simplib::Umask
Default value: '027'
log_type
Data type: String
Default value: 'SYSLOG authpriv'
log_on_success
Data type: Array[Xinetd::SuccessLogOption]
Default value: ['HOST','PID','DURATION']
log_on_failure
Data type: Array[Xinetd::FailureLogOption]
Default value: ['HOST']
x_id
Data type: Optional[String]
Default value: undef
x_type
Data type: Optional[Xinetd::Type]
Default value: undef
flags
Data type: Optional[Array[Xinetd::Flags]]
Default value: undef
group
Data type: Optional[String]
Default value: undef
instances
Data type: Optional[Xinetd::UnlimitedInt]
Default value: undef
nice
Data type: Optional[Integer]
Default value: undef
server_args
Data type: Optional[String]
Default value: undef
trusted_nets
Data type: Simplib::Netlist
Default value: simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1', '::1'] })
access_times
Data type: Optional[Xinetd::AccessTimes]
Default value: undef
rpc_version
Data type: Optional[Xinetd::RpcVersion]
Default value: undef
rpc_number
Data type: Optional[Integer]
Default value: undef
env
Data type: Optional[String]
Default value: undef
passenv
Data type: Optional[String]
Default value: undef
redirect_ip
Data type: Optional[Simplib::IP]
Default value: undef
redirect_port
Data type: Optional[Simplib::Port]
Default value: undef
x_bind
Data type: Optional[String]
Default value: undef
banner
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
banner_success
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
banner_fail
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
per_source
Data type: Optional[Xinetd::UnlimitedInt]
Default value: undef
cps
Data type: Optional[Tuple[Integer,Integer]]
Default value: undef
max_load
Data type: Optional[Float]
Default value: undef
groups
Data type: Optional[Enum['yes','no']]
Default value: undef
mdns
Data type: Optional[Enum['yes','no']]
Default value: undef
enabled
Data type: Optional[Array[String]]
Default value: undef
include
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
includedir
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
rlimit_as
Data type: Optional[Xinetd::UnlimitedInt]
Default value: undef
rlimit_cpu
Data type: Optional[Xinetd::UnlimitedInt]
Default value: undef
rlimit_data
Data type: Optional[Xinetd::UnlimitedInt]
Default value: undef
rlimit_rss
Data type: Optional[Xinetd::UnlimitedInt]
Default value: undef
rlimit_stack
Data type: Optional[Xinetd::UnlimitedInt]
Default value: undef
deny_time
Data type: Optional[Xinetd::DenyTime]
Default value: undef
firewall
Data type: Boolean
Enable the SIMP firewall module functionality
Default value: simplib::lookup('simp_options::firewall', { 'default_value' => false })
tcpwrappers
Data type: Boolean
Enable the SIMP tcpwrappers module functionality
Default value: simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })
Functions
xinetd::validate_log_type
Type: Ruby 4.x API
Perform validation on the log_type variable, as described in the man page of xinetd.conf(5)
xinetd::validate_log_type(String $log_type)
Perform validation on the log_type variable, as described in the man page of xinetd.conf(5)
Returns: Any
true upon validation success
Raises:
upon
validation failure
log_type
Data type: String
Log specification for xinetd.conf log_type variable
Data types
Xinetd::AccessTimes
Valid access_times from xinetd.conf(5)
Alias of Pattern[/^([01]?[0-9]|2[0-3]):[0-5][0-9]-([01]?[0-9]|2[0-3]):[0-5][0-9]$/]
Xinetd::DenyTime
Valid deny_time values from xinetd.conf(5)
Alias of Pattern[/^((\d+)|(FOREVER|NEVER))$/]
Xinetd::FailureLogOption
Valid failure_log_option values from xinetd.conf(5)
Alias of Enum['HOST', 'USERID', 'ATTEMPT']
Xinetd::Flags
Valid flags values from xinetd.conf(5)
Alias of Enum['INTERCEPT', 'NORETRY', 'IDONLY', 'NAMEINARGS', 'NODELAY', 'KEEPALIVE', 'NOLIBWRAP', 'SENSOR', 'IPv4', 'IPv6', 'LABELED', 'REUSE']
Xinetd::RpcVersion
Valid rpc_version values from xinetd.conf(5)
Alias of Pattern[/^\d+(-\d)*$/]
Xinetd::SocketType
Valid socket_type values from xinetd.conf(5)
Alias of Enum['stream', 'dgram', 'raw', 'seqpacket']
Xinetd::SuccessLogOption
Valid success_log_option values from xinetd.conf(5)
Alias of Enum['PID', 'HOST', 'USERID', 'EXIT', 'DURATION', 'TRAFFIC']
Xinetd::Type
Valid type values from xinetd.conf(5)
Alias of Enum['RPC', 'INTERNAL', 'TCPMUX', 'TCPMUXPLUS', 'UNLISTED']
Xinetd::UnlimitedInt
Entries that may be either 'UNLIMITED' or an Integer
TODO rlimit_as regex should accept K or M qualifiers
Alias of Variant[Integer, Pattern[/(^\d+$|UNLIMITED)/]]
- Thu Jun 17 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 4.3.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Sat Dec 19 2020 Chris Tessmer chris.tessmer@onyxpoint.com - 4.2.2
- Removed EL6 support
- Mon Feb 24 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.2.1-0
- Add support for EL8
- Update README.md
- Add REFERENCE.md
- Added acceptance tests
- Removed
TRAFFIC
from the defaultlog_on_success
list since it may cause information leakage and is not supported by all service types.
- Fri Aug 02 2019 Robert Vincent pillarsdotnet@gmail.com - 4.2.1-0
- Support puppetlabs/stdlib 6.x.
- Mon Jun 03 2019 Steven Pritchard steven.pritchard@onyxpoint.com - 4.2.0-0
- Add v2 compliance_markup data
- Add compliance engine unit tests
- Thu Mar 07 2019 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.1-0
- Allow users to purge unmanaged xinetd services
- Add support for Puppet 6
- Tue Feb 12 2019 Liz Nemsick lnemsick.simp@gmail.com - 4.1.1-0
- Fixed bug in which the xinetd::disabled parameter would only be included in xinetd.conf if the xinetd::no_access parameter was not empty.
- Use Simplib::Umask data type in lieu of validate_umask(), a deprecated simplib Puppet 3 function.
- Use simplib::validate_net_list() in lieu of validate_net_list(), a deprecated simplib Puppet 3 function.
- Use simplib::nets2cidr() in lieu of nets2cidr(), a deprecated simplib Puppet 3 function.
- Expanded the upper limits of the stdlib Puppet module version
- Fri Aug 24 2018 Nick Miller nick.miller@onyxpoint.com - 4.1.0-0
- Add support for Puppet 5 and OEL
- Added $package_ensure parameter
- Changed the package from 'latest' to 'installed'
- It will also respect
simp_options::package_ensure
- Fri Jun 16 2017 Liz Nemsick lnemsick.simp@gmail.com - 4.0.2-0
- Update to Puppet 4 custom functions
- Update puppet requirement and remove OBE pe requirement in metadata.json
- Tue Jan 24 2017 Nick Miller nick.miller@onyxpoint.com - 4.0.1-0
- Updated data types to use new Simplib types
- Corrected simp_options lookups to not have a context prefix of '::'
- Wed Dec 07 2016 Liz Nemsick lnemsick.simp@gmail.com - 4.0.0-0
- Use simp_options module for global catalysts
- Fix bug in xinetd.service.erb that caused an inadvertant newline between the IP address and port in a redirect configuration line in the generated file.
- Fix bug in xinetd.service.erb in which the instances and mdns configuration lines were omitted from the generated file.
- Fixed bug in xinetd.service.erb in which includedir and include were specified within a service declaration and formatted incorrectly.
- Fixed bug in validation of syslog facility
- Fixed bugs in validation of ::xinetd $passenv and $disable parameters
- Fixed bugs in validation of ::xinetd::service $x_id and $rpc_version parameters
- Minor cleanup
- Thu Dec 01 2016 Trevor Vaughan tvaughan@onyxpoint.com - 3.0.1-0
- Removed unnecessary dependency and call to pupmod-simp-rsync
- Tue Nov 22 2016 Liz Nemsick lnemsick.simp@gmail.com - 3.0.0-0
- Update version to reflect SIMP6 dependencies
- Minor cleanup
- Mon Nov 21 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 2.1.2-0
- Minor cleanup
- Wed Nov 16 2016 Liz Nemsick lnemsick.simp@gmail.com - 2.1.2-0
- Updated iptables dependency version
- Tue Mar 01 2016 Ralph Wright ralph.wright@onyxpoint.com - 2.1.0-5
- Added compliance function support
- Tue Nov 10 2015 Chris Tessmer chris.tessmer@onypoint.com - 2.1.0-4
- migration to simplib and simpcat (lib/ only)
- Mon Apr 06 2015 Trevor Vaughan tvaughan@onyxpoint.com - 2.1.0-3
- Updated the default log_type to 'SYSLOG authpriv'
- Fri Jan 16 2015 Trevor Vaughan tvaughan@onyxpoint.com - 2.1.0-2
- Changed puppet-server requirement to puppet
- Sun Jun 22 2014 Kendall Moore kmoore@keywcorp.com - 2.1.0-1
- Removed MD5 file checksums for FIPS compliance.
- Thu Jun 19 2014 Trevor Vaughan tvaughan@onyxpoint.com - 2.1.0-1
- Ensure that 'lfrom' in xinetd.conf.erb is not converted to an Array explicitly.
- Fri Jan 3 2014 Nick Markowski nmarkowski@keywcorp.com - 2.1.0-0
- Updated module for puppet3/hiera compatibility, and optimized code for lint tests, and puppet-rspec.
- Tue Oct 08 2013 Nick Markowski nmarkowski@keywcorp.com - 2.0.0-7
- Updated template to reference instance variables with @
- Fri Nov 30 2012 Maintenance 2.0.0-6
- Created a Cucumber test to ensure that xinetd installs correctly when adding include xinetd in the puppet server manifest.
- Thu Jun 07 2012 Maintenance 2.0.0-5
- Ensure that Arrays in templates are flattened.
- Call facts as instance variables.
- Moved mit-tests to /usr/share/simp...
- Converted internal nets2cidr code to use the 'common' function.
- Updated pp files to better meet Puppet's recommended style guide.
- Fri Apr 06 2012 Maintenance 2.0.0-4
- Templated xinetd.conf.
- Fri Mar 02 2012 Maintenance 2.0.0-3
- Improved test stubs.
- Mon Dec 26 2011 Maintenance 2.0.0-2
- Updated the spec file to not require a separate file list.
- Fri Feb 04 2011 Maintenance - 2.0.0-1
- Changed all instances of defined(Class['foo']) to defined('foo') per the directions from the Puppet mailing list.
- Updated to use rsync native type
- Tue Jan 11 2011 Maintenance 2.0.0-0
- Refactored for SIMP-2.0.0-alpha release
- Tue Oct 26 2010 Maintenance - 1-2
- Converting all spec files to check for directories prior to copy.
- Thu Sep 09 2010 Maintenance 1.0-1
- Replaced tcpwrappers::tcpwrappers_allow with tcpwrappers::allow.
- Mon May 24 2010 Maintenance 1.0-0
- Code refactoring.
- Thu Oct 1 2009 Maintenance 0.1-11
- Removed much of the unnecessary whitespace from the template file results.
Dependencies
- puppetlabs/stdlib (>= 6.6.0 < 8.0.0)
- simp/simplib (>= 3.7.0 < 5.0.0)
pupmod-simp-xinetd - A Puppet Module for managing xinetd -- Per Section 105 of the Copyright Act of 1976, these works are not entitled to domestic copyright protection under US Federal law. The US Government retains the right to pursue copyright protections outside of the United States. The United States Government has unlimited rights in this software and all derivatives thereof, pursuant to the contracts under which it was developed and the License under which it falls. --- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.