Another idea for a project I may or may never get around to completing (or in this case, starting):

  • list of configuration files/binaries to “check”
  • in the case of text-based configuration files, read the file into the database
  • nightly, check the files to see if they’ve been modified (MD5sum)
  • if the configuration file has been modified, diff it and the file already in the database
  • put the output of diff into a database

This would allow an admin quick and easy access to view any changes made to the configuration structure of their machine.

Advantages over using CVS for monitoring

  • automated, no chance of “forgetting” to check a change into CVS
  • non-intrusive
  • easy to view changes
  • easier configuration, easier to roll out onto multiple servers
  • “server roles” automatically selecting default packages - eg “Apache web server” would automatically add /etc/apache/httpd.conf, /usr/sbin/httpd, etc.
  • all done via a central database, eg select samba_config from db_machinename;

update

I’ve been doing some more thinking about this. Here’s one proposed database structure and what each column should store:

db_machinename

  • file_name (name of the config file we’re backing up)
  • config_orig (config file as it was originally)
  • date_orig (date the config file was read in)
  • config_cur (config file as it is today)

db_machinename_diffs

  • file_id (id of the config file we’re dealing with)
  • diff_date (date we took the diff)
  • diff_text (text of the actual diff)