An useful tool for the management of a shared server is etckeeper.
This software is a collection of bash scripts that allow you to control through a distributed revision system our directory
/etc/ where there are the configuration files of most of our Linux daemons. You could do the same thing without etckeeper leaning on a revision system such as darcs or git, but you must remember that for this directory is essential to maintain, for each file, its permissions and also its owner and group as well as the entire structure including empty directory.
Etckeeper helps us in the management, automating many of these tasks.
The package of etckeeper is available for Debian, Ubuntu, Fedora, and many of the most common distribution, so you can install it with your package manager, on Debian and Ubuntu use:
sudo aptitude install etckeeper
If you plan to use another product as revision control system, such as git, reset the initialization of etckeeper with the command:
And install the version control system of your choice, etckeeper supports hg,git,bzr and darcs, to use git just install it
sudo aptitude install git
And change in the configuration file /etc/etckeeper/etckeeper.conf the VCS parameter:
# The VCS to use, I've commented bzr and uncommented git #VCS="hg" VCS="git" #VCS="bzr" #VCS="darcs" # Options passed to git commit when run by etckeeper. GIT_COMMIT_OPTIONS="" # Options passed to hg commit when run by etckeeper. HG_COMMIT_OPTIONS="" # Options passed to bzr commit when run by etckeeper. BZR_COMMIT_OPTIONS="" # Options passed to darcs record when run by etckeeper. DARCS_COMMIT_OPTIONS="-a" # Uncomment to avoid etckeeper committing existing changes # to /etc automatically once per day. #AVOID_DAILY_AUTOCOMMITS=1 # Uncomment the following to avoid special file warning # (the option is enabled automatically by cronjob regardless). #AVOID_SPECIAL_FILE_WARNING=1 # Uncomment to avoid etckeeper committing existing changes to # /etc before installation. It will cancel the installation, # so you can commit the changes by hand. #AVOID_COMMIT_BEFORE_INSTALL=1 # The high-level package manager that's being used. # (apt, pacman-g2, yum etc) HIGHLEVEL_PACKAGE_MANAGER=apt # The low-level package manager that's being used. # (dpkg, rpm, pacman-g2, etc) LOWLEVEL_PACKAGE_MANAGER=dpkg
If you have changed your VCS it’s now time t o do your first commit (you don’t need this if you are using bazar)
This initialises and sets up a git, mercurial, bazaar, or darcs repository (depending on the VCS setting in /etc/etckeeper/etckeeper.conf). Typically this is run in /etc once when starting to use etckeeper on a machine. It can also be used to initialise a clone of the /etc repository located elsewhere.
In the next examples I’ll use Bazaar as VCS .
Now i add the “test” file in /etc/ and after this I commit the change, with the following commands:
$ sudo touch /etc/test $ etckeeper vcs status /etc/ unknown: test $ etckeeper commit "test" Committing to: /etc/ modified .etckeeper added test Committed revision 2. $ etckeeper vcs log --line 2: linuxaria 2012-06-02 test 1: linuxaria 2012-06-02 First Commit
So the options of etckeeper that I’ve used so far are:
vcs status You can use “vcs subcommand” to run any subcommand of the VCS that etckeeper is configured to run. It will be run in /etc. For example, “etckeeper vcs status” will run “bzr status /etc/”, etc.
commit “test” Commits all changes in /etc to the repository. A commit message can be specified, in my example is just “test”. You may also use the underlying VCS to commit manually. (Note that
etckeeper commit will notice if a user has used sudo or su to become root, and record the original username in the commit.)
vcs log –line Here we use again the vcs option that allows us to call a bazar subcommand, in this case
log that shows historical log for a branch or subset of a branch.
Another useful option you can use is
vcs diff that shows the differences in the working tree, between revisions, in this example the changes in my revision 2 (option -c2)
sudo etckeeper vcs diff -c2 [sudo] password for linuxari: === modified file '.etckeeper' --- .etckeeper 2012-06-02 10:03:22 +0000 +++ .etckeeper 2012-06-02 10:08:53 +0000 @@ -1987,6 +1987,7 @@ maybe chmod 0755 './systemd/system/multi-user.target.wants' maybe chmod 0755 './terminfo' maybe chmod 0644 './terminfo/README' +maybe chmod 0644 './test' maybe chmod 0755 './texmf' maybe chmod 0755 './texmf/dvipdfm' maybe chmod 0755 './texmf/dvipdfm/config' === added file 'test'
Another feature of etckeeper is its extensibility, in fact, also in the basic installation you’ll find in the /etc/etckeeper a series of directory with name .d representing the various operations that etckeeper can do, so we have this structure in /etc/etckeeper (output of the command
. ├── commit.d │ ├── 10vcs-test │ ├── 30bzr-add │ ├── 30darcs-add │ ├── 30git-add │ ├── 30hg-addremove │ ├── 50vcs-commit │ └── README ├── etckeeper.conf ├── init.d │ ├── 10restore-metadata │ ├── 20restore-etckeeper │ ├── 40vcs-init │ ├── 50vcs-ignore │ ├── 50vcs-perm │ ├── 50vcs-pre-commit-hook │ ├── 60darcs-deleted-symlinks │ ├── 70vcs-add │ └── README ├── list-installed.d │ └── 50list-installed ├── post-install.d │ ├── 50vcs-commit │ └── README ├── pre-commit.d │ ├── 20warn-problem-files │ ├── 30store-metadata │ └── README ├── pre-install.d │ ├── 10packagelist │ ├── 50uncommitted-changes │ └── README ├── unclean.d │ ├── 50test │ └── README ├── uninit.d │ ├── 01prompt │ ├── 50remove-metadata │ ├── 50vcs-uninit │ └── README ├── update-ignore.d │ ├── 01update-ignore │ └── README └── vcs.d └── 50vcs-cmd
So when we run
etckeeper commit we are asking to etckeeper to run all the script that are present in the directory /etc/etckeeper/commit.d, so it’s easy to add more commands in that directory or create a new command.d directory and put your scripts inside this new directory, to extend etckeeper available options and commands.
Etckeeper it’s an easy to setup software that can save you when something really bad happen to your configuration files.
It has hook with the most common package manager so when you install and remove software it’s aware of this, and out of the box it does a daily commit of your /etc/. You can now relax..a bit more.
- An introduction to systemd for CentOS 7
- Linux Games: Sanctum 2
- What goes around comes around: nearly half of DDoS attacked companies are hit twice or more
- Linux Terminal: An lsof Primer
- How to check if you are vulnerable to shellshock
Find me on Google+