[CentOS] Recommended Configuration Control Software?

[Les Mikesell]

Sean Carolan wrote:
> We have several dozen production Linux servers and I would like to
> have better control over what files are changed, by whom, when they
> were changed, etc.  Because these are all production servers that are
> in use 24x7, we do not have the luxury of simply doing a clean build,
> taking md5sums of each file, and then doing fresh installations.  I
> need a system that can take in-place snapshots of each server's
> configuration files, store them in some kind of database or text file,
> and notify me whenever something changes.

Anything that is installed via RPM is already databased and tracked.  if 
you edit something you have to track it yourself.  I don't know of a 
good tool for this.  For the things I edit frequently and the changes 
aren't obvious (like DNS zone files), I commit the changes to a CVS 
server that has viewcvs for easy browsing and diff-ing against earlier 
versions.

> I've used tripwire in the past - do you have any other recommendations
> for this type of project?

Tripwire doesn't help when you need to put things back the way they were 
a version or two back.  Backups are always a good thing and a 
brute-force approach would be to rsync your /etc directories off to some 
other machine, perhaps using the backup-dir option to keep some old 
versions around.  Running rsync with the -v and -n options will tell you 
if anything changed compared to the last copy. I'm surprised that there 
isn't a good tool built on top of one of the version control systems 
that could treat similar machines as branches, though.  What needs to be 
done is very similar to other version control concepts and everyone 
needs it.

-- 
   Les Mikesell
    lesmikesell at gmail.com