Sean Carolan wrote:
We have several dozen production Linux servers and I would like to have better control over what files are changed, by whom, when they were changed, etc. Because these are all production servers that are in use 24x7, we do not have the luxury of simply doing a clean build, taking md5sums of each file, and then doing fresh installations. I need a system that can take in-place snapshots of each server's configuration files, store them in some kind of database or text file, and notify me whenever something changes.
Anything that is installed via RPM is already databased and tracked. if you edit something you have to track it yourself. I don't know of a good tool for this. For the things I edit frequently and the changes aren't obvious (like DNS zone files), I commit the changes to a CVS server that has viewcvs for easy browsing and diff-ing against earlier versions.
I've used tripwire in the past - do you have any other recommendations for this type of project?
Tripwire doesn't help when you need to put things back the way they were a version or two back. Backups are always a good thing and a brute-force approach would be to rsync your /etc directories off to some other machine, perhaps using the backup-dir option to keep some old versions around. Running rsync with the -v and -n options will tell you if anything changed compared to the last copy. I'm surprised that there isn't a good tool built on top of one of the version control systems that could treat similar machines as branches, though. What needs to be done is very similar to other version control concepts and everyone needs it.