Keep Track Of Configuration Changes Using etckeeper

The official etckeeper website says:

etckeeper is a collection of tools to let /etc be stored in a git, mercurial, darcs, or bzr repository. It hooks into apt (and other package managers including yum and pacman-g2) to automatically commit changes made to /etc during package upgrades. It tracks file metadata that revison control systems do not normally support, but that is important for /etc, such as the permissions of /etc/shadow. It’s quite modular and configurable, while also being simple to use if you understand the basics of working with revision control.

Install etckeeper:

Debian/Ubuntu users can install etckeeper and git using apt.

$ sudo apt-get install etckeeper git-core

Configure etckeeper:

Open /etc/etckeeper/etckeeper.conf in your favorite text editor. The first option that you need to look at is VCS, which is the version control system you want to use. By default it’s set to git, but you can change it to hg or bzr depending on your preference.

If you want to specify some git commit options look ‘GIT_COMMIT_OPTIONS’

Another option that you may want to look is AVOID_COMMIT_BEFORE_INSTALL. By default, etckeeper will automatically commit any pending changes when you install packages. You can disable it by setting AVOID_COMMIT_BEFORE_INSTALL to 1.

Also set AVOID_DAILY_AUTOCOMMITS to 1 for avoiding daily auto commit.

Using etckeeper:

Initialize etckeeper:

$ sudo etckeeper init
Initialized empty Git repository in /etc/.git/
$ sudo etckeeper commit -m "Initial import"

This will create a  git repository for /etc, add all files below /etc (except etckeeper ignore list) to that repository and commit (save) the current contents .

Whenever you make a coherent change to your configuration files, you can commit it by calling etckeeper commit:

$ sudo vi /etc/mysql/my.cnf
$ sudo etckeeper commit -m "mysql conf change"

You can view your commits(saves) using simple git commands:

$ cd /etc/
$ sudo git log

or use a git front-end to see the commits:

$ cd /etc/
$ sudo gitk


Do try it out!


EvanCarroll March 16, 2010

In your eyes, does this totally replace tripwire which just, afaik, keeps checksums of files and notifies you of modifications?

vinodvm March 17, 2010

no. etckeeper is for putting /etc under version control. main use is for troubleshooting server configurations.

geekQ May 10, 2010

At least on Ubuntu 10.04 Lucid and according to `man etckeeper` you should not use `-m` in `sudo etckeeper commit`. Otherwise you do not get the commit message you want (“initial commit”) but “-m” instead.