Sean Carolan wrote:
> We have several dozen production Linux servers and I would like to
> have better control over what files are changed, by whom, when they
> were changed, etc. Because these are all production servers that are
> in use 24x7, we do not have the luxury of simply doing a clean build,
> taking md5sums of each file, and then doing fresh installations. I
> need a system that can take in-place snapshots of each server's
> configuration files, store them in some kind of database or text file,
> and notify me whenever something changes.
Anything that is installed via RPM is already databased and tracked. if
you edit something you have to track it yourself. I don't know of a
good tool for this. For the things I edit frequently and the changes
aren't obvious (like DNS zone files), I commit the changes to a CVS
server that has viewcvs for easy browsing and diff-ing against earlier
versions.
> I've used tripwire in the past - do you have any other recommendations
> for this type of project?
Tripwire doesn't help when you need to put things back the way they were
a version or two back. Backups are always a good thing and a
brute-force approach would be to rsync your /etc directories off to some
other machine, perhaps using the backup-dir option to keep some old
versions around. Running rsync with the -v and -n options will tell you
if anything changed compared to the last copy. I'm surprised that there
isn't a good tool built on top of one of the version control systems
that could treat similar machines as branches, though. What needs to be
done is very similar to other version control concepts and everyone
needs it.
--
Les Mikesell
lesmikesell at gmail.com