Control, etc
You will sometimes find yourself looking at a Linux system, wondering why it suddenly started misbehaving. Did someone change a configuration file?
If you have no backups, and no history of your /etc
directory, you may be able to look at file modification times with ls -l
. If someone made a change, you can hope they left a comment. Both of those options are lacking.
A better way
Use git
to control your /etc
directory. Git keeps a time and date for every commit, and a file delta. This is perfect for controlling configuration files.
However, how can you guarantee that “someone” remembers to run git commit
every time they make a change? When there’s an IT emergency and everything is blowing up, it’s easy to forget little details like this.

Your automation helper
To ensure your commits are automatic, use etckeeper. Recent Linux releases make this easy : apt/yum install etckeeper
. Besides adding a daily commit via cron
, etckeeper will also add a commit whenever you install or remove packages!
To be certain things are working, you should run git status
after you install etckeeper. If you don’t see any history, you may need to complete your setup. Run etckeeper init
and etckeeper commit
.
The next time something inexplicably goes wrong on this system, you can now check whether a configuration change is the culprit.
For example
root@trinity:/etc# git log -p -1 commit 3bd9eceaa45fc8884a2555925d55dbbffa845b3d Author: kyoder <kyoder@trinity.greenfly.io> Date: Fri May 15 16:59:54 2020 -0400 Disable sshnuke diff --git a/ssh/sshd_config b/ssh/sshd_config index bcf3ac1..61021da 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -121,3 +121,6 @@ Subsystem sftp /usr/lib/openssh/sftp-server # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server + +ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se +macs hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com