0

Being tasked to put several machines under configuration management I was wondering how I could go about comparing the configuration files from all installed packages with the contents of /etc and any other places containing files marked as configuration files. The goal is to be able to discern any changes and be able to document those and translate them into Ansible playbooks, for example.

For this question it's alright to assume that all the packages are up-to-date and are available from the package repository and partially still cached locally.

My main interest is to get this to run on Debian-based machines (mainly Debian itself and Ubuntu), but it would be good to know the approach for CentOS (or RHEL) as well, as that will be the next target.

In essence I'm interested in an approach that takes this quite a bit further. I'm aware of dpkg -c and I am also an avid user of etckeeper, but etckeeper won't help you to compare against exactly the baseline installed by the latest packages. Probably a combination of debsums -e with apt-file and apt-get will get the job done, but I don't suffer from NIH syndrome and would like to avoid reinventing the wheel.

0xC0000022L
  • 16,593

1 Answers1

3

Speaking of RPM world:

rpm -qc SOMEINSTALLEDPACKAGE

will give you list of configuration files of that package.

You can verify the file against original package using:

# sudo rpm -V chrony
S.5....T.  c /etc/chrony.conf

This is example of list for chrony package where I modified the config file.

Additionaly rpm can during installation produce .rpmsave and .rpmnew packages. See https://serverfault.com/a/48819 And you can merge those files using rpmconf.

msuchy
  • 1,470