From 2d355a4c1baadc761d6b12645d0274da8866f722 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Mon, 18 Sep 2017 15:23:36 +0200 Subject: initial commit --- docs/puppet_classes/ferm.html | 297 +++++++++++++++++++++++++++++ docs/puppet_classes/ferm_3A_3Aconfig.html | 195 +++++++++++++++++++ docs/puppet_classes/ferm_3A_3Ainstall.html | 125 ++++++++++++ docs/puppet_classes/ferm_3A_3Aservice.html | 149 +++++++++++++++ 4 files changed, 766 insertions(+) create mode 100644 docs/puppet_classes/ferm.html create mode 100644 docs/puppet_classes/ferm_3A_3Aconfig.html create mode 100644 docs/puppet_classes/ferm_3A_3Ainstall.html create mode 100644 docs/puppet_classes/ferm_3A_3Aservice.html (limited to 'docs/puppet_classes') diff --git a/docs/puppet_classes/ferm.html b/docs/puppet_classes/ferm.html new file mode 100644 index 0000000..74c4b67 --- /dev/null +++ b/docs/puppet_classes/ferm.html @@ -0,0 +1,297 @@ + + + + + + + Puppet Class: ferm + + — Documentation by YARD 0.9.12 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: ferm

+
+ + +
+
Defined in:
+
+ manifests/init.pp +
+
+
+ +

Overview

+
+
+

Class: ferm

+ +

This class manages ferm installation and rule generation on modern linux systems

+ +

class{'ferm': + manage_service => true, +}

+ +
+
+
+ +
+

Examples:

+ + +

deploy ferm and start it

+

+ +
+ +
+

Parameters:

+
    + +
  • + + manage_service + + + (Boolean) + + + + — +

    disable/enable the management of the ferm daemon +Default value: false +Allowed values: (true|false)

    +
    + +
    • + +
  • + + manage_configfile + + + (Boolean) + + + + — +

    disable/enable the management of the ferm default config +Default value: false +Allowed values: (true|false)

    +
    + +
    • + +
  • + + configfile + + + (Stdlib::Absolutepath) + + + + — +

    path to the config file +Default value: /etc/ferm.conf +Allowed values: Stdlib::Absolutepath

    +
    + +
    • + +
  • + + forward_policy + + + (Ferm::Policies) + + + + — +

    default policy for the FORWARD chain +Default value: DROP +Allowed values: (ACCEPT|DROP|REJECT)

    +
    + +
    • + +
  • + + output_policy + + + (Ferm::Policies) + + + + — +

    default policy for the OUTPUT chain +Default value: ACCEPT +Allowed values: (ACCEPT|DROP|REJECT)

    +
    + +
    • + +
  • + + input_policy + + + (Ferm::Policies) + + + + — +

    default policy for the INPUT chain +Default value: DROP +Allowed values: (ACCEPT|DROP|REJECT)

    +
    + +
    • + +
  • + + rules + + + (Hash) + + + + — +

    a hash that holds all data for ferm::rule +Default value: Empty Hash +Allowed value: Any Hash

    +
    + +
    • + +
+ + +
+ + + + + +
+ 
+
+
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+ 		+ 
# File 'manifests/init.pp', line 31
+
+class ferm (
+  Boolean $manage_service,
+  Boolean $manage_configfile,
+  Stdlib::Absolutepath $configfile,
+  Ferm::Policies $forward_policy,
+  Ferm::Policies $output_policy,
+  Ferm::Policies $input_policy,
+  Hash $rules,
+) {
+  contain ferm::install
+  contain ferm::config
+  contain ferm::service
+
+  Class['ferm::install']
+  -> Class['ferm::config']
+  ~> Class['ferm::service']
+
+  $rules.each |$rulename, $attributes| {
+    ferm::rule{$rulename:
+      * => $attributes,
+    }
+  }
+  # import all exported resources with ferm rules for this node
+  Ferm::Rule <<| tag == $trusted['certname'] |>>
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/puppet_classes/ferm_3A_3Aconfig.html b/docs/puppet_classes/ferm_3A_3Aconfig.html new file mode 100644 index 0000000..3d9813e --- /dev/null +++ b/docs/puppet_classes/ferm_3A_3Aconfig.html @@ -0,0 +1,195 @@ + + + + + + + Puppet Class: ferm::config + + — Documentation by YARD 0.9.12 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: ferm::config

+
+ + +
+
Defined in:
+
+ manifests/config.pp +
+
+
+ +

Overview

+
+
+

This class handles the configuration file. Avoid modifying private classes.

+ +
+
+
+ + +
+ + + + + +
+ 
+
+
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+ 		+ 
# File 'manifests/config.pp', line 3
+
+class ferm::config {
+
+  # this is a private class
+  assert_private("You're not supposed to do that!")
+
+  # copy static files to ferm
+  # on a long term point of view, we want to package this
+  file{'/etc/ferm.d':
+    ensure => 'directory',
+  }
+  -> file{'/etc/ferm.d/definitions':
+    ensure => 'directory',
+  }
+  -> file{'/etc/ferm.d/chains':
+    ensure => 'directory',
+  }
+
+  if $ferm::manage_configfile {
+    concat{$ferm::configfile:
+      ensure  => 'present',
+    }
+    concat::fragment{'ferm_header.conf':
+      target  => $ferm::configfile,
+      content => epp("${module_name}/ferm_header.conf.epp"),
+      order   => '01',
+    }
+
+    concat::fragment{'ferm.conf':
+      target  => $ferm::configfile,
+      content => epp("${module_name}/ferm.conf.epp"),
+      order   => '50',
+    }
+  }
+
+  ferm::chain{'INPUT':
+    policy => $ferm::input_policy,
+  }
+  ferm::chain{'FORWARD':
+    policy => $ferm::forward_policy,
+  }
+  ferm::chain{'OUTPUT':
+    policy => $ferm::output_policy,
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/puppet_classes/ferm_3A_3Ainstall.html b/docs/puppet_classes/ferm_3A_3Ainstall.html new file mode 100644 index 0000000..c6e1b12 --- /dev/null +++ b/docs/puppet_classes/ferm_3A_3Ainstall.html @@ -0,0 +1,125 @@ + + + + + + + Puppet Class: ferm::install + + — Documentation by YARD 0.9.12 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: ferm::install

+
+ + +
+
Defined in:
+
+ manifests/install.pp +
+
+
+ +

Overview

+
+
+

This class handles the configuration file. Avoid modifying private classes.

+ +
+
+
+ + +
+ + + + + +
+ 
+
+
+3
+4
+5
+6
+7
+8
+9
+10
+11
+ 		+ 
# File 'manifests/install.pp', line 3
+
+class ferm::install {
+
+  # this is a private class
+  assert_private("You're not supposed to do that!")
+
+  package{'ferm':
+    ensure => 'latest',
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/puppet_classes/ferm_3A_3Aservice.html b/docs/puppet_classes/ferm_3A_3Aservice.html new file mode 100644 index 0000000..cfa5022 --- /dev/null +++ b/docs/puppet_classes/ferm_3A_3Aservice.html @@ -0,0 +1,149 @@ + + + + + + + Puppet Class: ferm::service + + — Documentation by YARD 0.9.12 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Puppet Class: ferm::service

+
+ + +
+
Defined in:
+
+ manifests/service.pp +
+
+
+ +

Overview

+
+
+

This class handles the configuration file. Avoid modifying private classes.

+ +
+
+
+ + +
+ + + + + +
+ 
+
+
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+ 		+ 
# File 'manifests/service.pp', line 3
+
+class ferm::service {
+
+  # this is a private class
+  assert_private("You're not supposed to do that!")
+
+  if $ferm::manage_service {
+    service{'ferm':
+      ensure => 'running',
+      enable => true,
+    }
+
+    # on Ubuntu, we can't start the service, unless we set ENABLED=true in /etc/default/ferm...
+    if ($facts['os']['name'] == 'Ubuntu') {
+      file_line{'enable_ferm':
+        path  => '/etc/default/ferm',
+        line  => 'ENABLED="yes"',
+        match => 'ENABLED=',
+      }
+    }
+  }
+}
+
+
+
+ + + +
+ + \ No newline at end of file -- cgit v1.2.3