Follow

Need to find a way to keep track of history of config changes.

Like wiki + vim combination in one place

@superruserr I keep this under homeshick github.com/andsens/homeshick but I push it a bit further making it commit once every hour so things are always tracked

@superruserr Config changes to what? etckeeper places all of /etc under git or mercurial ... and if you integrate it with package management, it's a great way to manage a traditional multi-admin static server.

@superruserr Unless the answer was simpler, and you actually just need to integrate git into your text editor 🙂

There are lots of plugins for vim to do that, but at their heart they're often just using 'autocommands'.
The basic form is :-

:autocmd BufWritePost * execute 'command args'

So, every time a buffer has completed a write operation, run an external command.

You could make that command check in your change to git ...

'!git add % && git commit -m %'

Now, that's very simple, and although your git history will now track each saved edit, there won't be any sensible comment in the logs, and sometimes you'll be making intermediate saves on something that isn't logically completed yet, resulting in too many checkins and possibly ones that just reverse previous ones and so on ...

If that's a concern, go for one of the plugins out there that help you keep track of the status of your work. Developers have to do this a lot, and their tools are complete but often overly complex for what sounded more like a sysadmin concern that you had; but their lessons are worth learning about anyway.

@yojimbo @bamfic @jalcine

I use git and git diff. But for other things and other editors.

Scenario: I make very small tweaks (ie a line or a new character) and then apply the change directly, locally.
Even testing out permissions.

I then overlook some tiny detail and I realize I need to revert back, maybe 3 or 5 or 10 changes earlier or something.

Yes so I guess git is the way in this scenario, I was thinking more like historical ie time ordered list of changes to this file available

@superruserr @yojimbo @jalcine Git is pretty handy for that. I habitually "sudo su; cd /etc; git init; git add -A; git commit -a -m 'first' " on any new system I have to manage (if it isn't in Ansible/Terraform/CloudInit/Ignition and the like).

@bamfic @jalcine @superruserr When using config management (Salt, in the last job) the first action is a check that will block if /etc isn't completely checked in. So if someone has had to make manual changes, cfg mgmt won't just overwrite it. But we still get an alertable event, so someone can check what's happening.

I once watched a beginning sysadmin trying to deploy changes to iptables to support a new app he'd installed. Every 15 minutes his changes were silently reverted, lol.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.