1. Overview
2. Module Description - A Puppet module for managing stunnel
3. Setup - The basics of getting started with pupmod-simp-stunnel
   • What pupmod-simp-stunnel affects
   • Setup requirements
   • Beginning with stunnel
4. Usage - Configuration options and additional functionality
5. Reference - An under-the-hood peek at what the module is doing and how
6. Limitations - OS compatibility, etc.
7. Development - Guide for contributing to the module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide and visit our developer wiki.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

• When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.

• All SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review simp/simp_options for details.

This module sets up stunnel and allows the creation of stunnel connections for services.

IMPORTANT

| Please use the stunnel::connection define instead of including the | stunnel class directly. | | The main stunnel class is deprecated and will be removed in a future release. | | The main stunnel class manages the global stunnel configuration and | this was deemed to be too risky for use across services that are not related.

simp::stunnel will manage:

• The latest version of stunnel
• Ensure the service is running
• Stunnel configuration files and daemons for each of your services
• A stunnel chroot directory for each of your services
• If $firewall is set to true, will manage the simp/iptables firewall settings required for stunnel.

There are no special requirements for using this module.

You can set up stunnel for a particular service using the following code:

stunnel::instance { 'service_name':
  accept => 873,
  connect => ['1.2.3.4:8730']
}

This will create /etc/stunnel/stunnel_service_name.conf and spawn a system service stunnel_service_name.

stunnel::instance { 'my_service':
  connect => ['stunnel.server.int:8730'],
  accept  => '127.0.0.1:873'
}

stunnel::connection { 'my_service':
  client  => false,
  connect => [873],
  accept  => 8730
}

Please see the puppet strings generated documentation for a full reference.

This module is only designed to work in RHEL or CentOS 6 and 7. Any other operating systems have not been tested and results cannot be guaranteed.

Please see the SIMP Contribution Guidelines.

General developer documentation can be found on Confluence. Visit the project homepage on GitHub, chat with us on our HipChat, and look at our issues on JIRA.