Etckeeper: Back Your/etc/Files to Git for Safekeeping

Etckeeper: Back Your/etc/Files to Git for Safekeeping

In Linux, the /etc directory is of critical importance because it houses your system configuration files, such as hosts, crontabs, fstab, inittab, passwords, profiles, timezone data and so much more.

Simply put, without /etc, Linux wouldn’t function.

That’s why it’s important to treat that directory with the importance that it deserves. You could accidentally delete or configure a file in /etc/ and find your system behaving in an undesired way. Or maybe a bad actor has injected a malicious program onto your system that changes one or more configurations in /etc. If you are unaware that something has happened, the consequences could be catastrophic.

Because of this, you should keep a constant watch on the changes that occur in /etc. Of course, if your Linux system uses the Btrfs file system, you could always roll back the changes. Unfortunately, not every system makes use of Btrfs. If that describes your Linux servers or desktops, then you’ll want to know about etckeeper.

Etckeeper is a collection of tools used to monitor changes that occur within /etc. Etckeeper can use a Git, Mercurial, Bazaar or Darcs repository that is housed on your local machine (in /etc/.git) and is automatically updated daily.

I’ll show you how to install and use etckeeper so you, too, can keep tabs on the comings and goings of your /etc/ directory.

What You’ll Need

I’m going to demonstrate this on Ubuntu Server 22.04, but you can install the application on most Linux distributions from the standard repository. To follow along, you’ll need a running instance of Ubuntu server and a user with sudo privileges.

See also  Linux: Synchronize Local and Remote Directories With Rsync

That’s it. Let’s install.

Installing etckeeper

Log in to your Ubuntu instance and open a terminal window (if necessary). Install the application with the command:

sudo apt-get install etckeeper git -y

If you’re using a Fedora-based distribution, the installation command would be:

sudo dnf install etckeeper git -y

For distributions based on Arch Linux, the command would be:

sudo pacman -Sy etckeeper git

We’ve installed Git alongside etckeeper because that’s the tool we’ll use to monitor changes.

Configure Git

You’ll next need to configure your username and email address for Git so the system knows who you are.

First, configure your full name with:

git config --global user.name "YOUR NAME"

Where YOUR NAME is your full name.

Next, configure your email address with:

git config --global user.email "EMAIL"

Where EMAIL is your email address.

You can verify the configurations with:

git config --global --list

The output should include the full name and email address you just configured.

Configure etckeeper

We can now configure etckeeper. Open the configuration file with the command:

sudo nano /etc/etckeeper/etckeeper.conf

In that file, look for the following section:

# The VCS to use.
#VCS=”hg”
VCS=”git”
#VCS=”bzr”
#VCS=”darcs”

Make sure the line VCS=”git” is uncommitted (doesn’t contain a leading # character). Once you’ve taken care of that, save and close the file with the Ctrl+X keyboard combination.

Initialize etckeeper

The next step is to initialize etckeeper with the command:

sudo etckeeper init

You may or may not see any output. If you do see output, it will be:

Initialized empty Git repository in /etc/.git/

Next, you’ll need to make an initial commit with the command:

See also  Deploy a Virtual Machine With Oracle’s Open Source VirtualBox

sudo etckeeper commit "Initial commit."

You will most likely see output from the above command that looks like this:

6 files changed, 6 insertions(+), 6 deletions(-)
delete mode 120000 systemd/system/multi-user.target.wants/snap-core22-1380.mount
create mode 120000 systemd/system/multi-user.target.wants/snap-core22-1612.mount
rename systemd/system/{snap-core22-1380.mount => snap-core22-1612.mount} (64%)
delete mode 120000 systemd/system/snapd.mounts.target.wants/snap-core22-1380.mount
create mode 120000 systemd/system/snapd.mounts.target.wants/snap-core22-1612.mount

Test the System

We’re now going to test etckeeper to see how it works. Let’s run a quick update/upgrade and see what happens.

Back at the terminal window, issue the command:

sudo apt-get update && sudo apt-get upgrade -y

After the above commands are completed, let’s check the git log with the command:

sudo git log --summary -1

The output from the above command should include any changes that were made to the /etc/ directory in diff format, such as:

Packages with configuration changes:

-base-files 12ubuntu4.6 amd64
+base-files 12ubuntu4.7 amd64

etc…

Let’s try something else. Edit the /etc/hosts file with the command:

sudo nano /etc/hosts

At the bottom of that file, add a new line mapping an IP address to a hostname of a machine on your network like this:

192.168.1.176 hive

Make sure to use an IP address and hostname from a computer on your LAN.

Save and close the file.

Create another commit like this:

sudo etckeeper commit "Edited hosts file"

Run the log command again:

sudo git log --summary -1

This time you should see the following in the output:

Edited hosts file

You don’t have to run the commit if you don’t want to. You can also check the status with:

sudo git status

You should see something like modified: ../hosts in the output.

See also  Linux: Sync Files Between Servers With Syncthing

I would, however, suggest that every time you make a change to anything in /etc/ that you issue a commit so Git knows about everything that’s gone on.

And that’s all there is to keeping a revision history of your Linux machine’s /etc directory. Given how crucial this directory is to the functioning of your server and all of the installed services, it should be clear why this should be considered a necessity.

The post Etckeeper: Back Your/etc/Files to Git for Safekeeping appeared first on The New Stack.

RECENT POSTS

Leave a Reply

Your email address will not be published. Required fields are marked *