What tool do you recommend to track changes on a Linux/Unix server

linux configuration-management

Solution 1:

I've got etckeeper on my personal workstation, but I've not had to do much with it yet (other than have it track all my changes). Seems like it does a reasonable job of making sure you at least know what's been fiddled with.

I wouldn't write off Puppet as a solution -- as long as some of the services on the machine are your responsibility to maintain, then a system that makes sure that if someone jiggles your config that it gets put back the way you want it is a godsend.

On the other hand, if others make changes regularly (and they don't usually screw it up), you might have to resort to just tracking what other people have done for later disaster recovery. Don't forget that things will be changed all over the place, so a full-machine checkpoint tool might be better. I'd perhaps even consider going full-disk incremental backup on it (like rdiff-backup or something) to be sure you're tracking everything (maybe drop /home and other user-level areas out of the backup, if you just want to track administrative changes).

Solution 2:

You may want to look at Tripwire or AIDE

Both will track config file changes on your machines.

Solution 3:

I've looked at etckeeper, but I haven't used it. However, I have used Changetrack. I've been using it on all of my home machines for many years, and at my previous job it was part of our standard server install. We used it there for the last five years, and had it installed on about 200 boxes.

The setup is trivial (I created an RPM for it at my last job), and the configuration is really simple. I generally set it up to monitor all of /etc/.

Solution 4:

For tracking package changes (installs, upgrades, etc) on RPM-based systems, as long as all changes are done with yum or yumex, each package change is logged in /var/log/yum.log.

Other people have already answered tracking changes in /etc. Don't forget that you also want to track configuration changes to bind which are partially in /var (at least on many Linux distributions) and that web pages are under /var/www on many Linux distributions. There will be directories outside /etc that have important configuration information on them.

Depending on how things are managed, you may also want to track /usr/local/etc and other directory trees (/opt, some trees under /var, and anything else that is specific to your customers).

Related

Multiple data centers and HTTP traffic: DNS Round Robin is the ONLY way to assure instant fail-over?
Generating a self-signed cert with openssl that works in Chrome 58
Allow SFTP but disallow SSH?
iptables Tips & Tricks [closed]
ssh delay when connecting
3rd party SSD drive in HP Proliant server only shows 3G transfer speed
Redirecting from http to https in Apache
Can I SSH into my Amazon EC2 server instance if I don't have .pem file from when instance was created?
What is Apache's equivalent of Nginx's try_files?
CNAME for top of domain?
How can I chroot ssh connections?
VMware Linux Server -- how can you tell if you are a vm or real hardware?