What tool do you recommend to track changes on a Linux/Unix server
Solution 1:
I've got etckeeper on my personal workstation, but I've not had to do much with it yet (other than have it track all my changes). Seems like it does a reasonable job of making sure you at least know what's been fiddled with.
I wouldn't write off Puppet as a solution -- as long as some of the services on the machine are your responsibility to maintain, then a system that makes sure that if someone jiggles your config that it gets put back the way you want it is a godsend.
On the other hand, if others make changes regularly (and they don't usually screw it up), you might have to resort to just tracking what other people have done for later disaster recovery. Don't forget that things will be changed all over the place, so a full-machine checkpoint tool might be better. I'd perhaps even consider going full-disk incremental backup on it (like rdiff-backup or something) to be sure you're tracking everything (maybe drop /home and other user-level areas out of the backup, if you just want to track administrative changes).
Solution 2:
You may want to look at Tripwire or AIDE
Both will track config file changes on your machines.
Solution 3:
I've looked at etckeeper, but I haven't used it. However, I have used Changetrack. I've been using it on all of my home machines for many years, and at my previous job it was part of our standard server install. We used it there for the last five years, and had it installed on about 200 boxes.
The setup is trivial (I created an RPM for it at my last job), and the configuration is really simple. I generally set it up to monitor all of /etc/.
Solution 4:
For tracking package changes (installs, upgrades, etc) on RPM-based systems, as long as all changes are done with yum
or yumex
, each package change is logged in /var/log/yum.log
.
Other people have already answered tracking changes in /etc
. Don't forget that you also want to track configuration changes to bind
which are partially in /var
(at least on many Linux distributions) and that web pages are under /var/www
on many Linux distributions. There will be directories outside /etc
that have important configuration information on them.
Depending on how things are managed, you may also want to track /usr/local/etc
and other directory trees (/opt
, some trees under /var
, and anything else that is specific to your customers).