Originally published June 23, 2017 @ 11:04 am

Etckeeper is a handy tool that uses git to keep track of changes to anything in /etc (or any other folder you choose). It’s very simple to use and can help you quickly identify and undo stupid changes. Here’re some quick instructions to help you get started.

Install git and etckeeper on CentOS/RHEL, configure daily autocommit, and run the initial commit of your /etc/directory:

yum -y install git etckeeper >/dev/null 2>&1
if [ -d /etc/etckeeper ]; then
cd /etc
etckeeper init >/dev/null 2>&1
sed -i 's@webmin/webmin/oscache@webmin/*@g' /etc/.gitignore
echo "webmin/*" >> /etc/.gitignore
sed -i "s@daily autocommit@`echo $\(date +\'%Y-%m-%d %H:%M:%S\'\)` daily autocommit@g" /etc/etckeeper/daily
etckeeper commit "$(date +'%Y-%m-%d %H:%M:%S') initial commit of /etc" >/dev/null 2>&1
fi

Here’s how to view history of changes/commits:
cd /etc && git log --pretty=oneline

1b73c942778d38f84715c5a7f458964217d20470 2017-05-14 03:27:01 daily autocommit
7c89dad2a75e3256d73ba8ba07da75d610b254fc saving uncommitted changes in /etc prior to yum run
cca466f4942659c054c279ce36585288d9d866ec 2017-05-13 04:29:01 daily autocommit
d61c58b8a9984962a1dac6ec86f2f73239b7cb88 2017-05-12 03:30:01 daily autocommit
3802880f18a4ba45f7faf74992e2496d197ad2ac 2017-05-11 03:47:01 daily autocommit
bb6858ec8569feb1d466874c2d554a6c7d19213c 2017-05-10 03:38:01 daily autocommit
68220854576358dea58b32c489fce5e20e9f5b1b 2017-05-08 21:34:21 initial commit of /etc

Here’s how to restore a file (/etc/hosts, in this example) from a particular autocommit:
cd /etc && etckeeper vcs checkout d61c58b8a9984962a1dac6ec86f2f73239b7cb88 /etc/hosts

By default, etckeeper keeps track of /etc, but you can specify a different folder or even multiple folders. For example, in addition to /etc I needed to add /var/adm/bin, where I keep most of my system scripts. A force of habit from my Solaris years. Here’s what you need to do:
etckeeper init -d /var/adm/bin
etckeeper commit -d /var/adm/bin "$(date +'%Y-%m-%d %H:%M:%S') $(date +'%Y-%m-%d %H:%M:%S') daily autocommit"
cd /var/adm/bin && git log --pretty=oneline

To schedule a daily auto-commit, edit /etc/etckeeper/daily and make it look something like this. Note the for loop to deal with multiple monitored directories.
#!/bin/sh
# Script that can be run daily to autocommit /etc changes.
set -e
if [ -x /usr/bin/etckeeper ] && [ -e /etc/etckeeper/etckeeper.conf ]; then
        # avoid autocommit if an install run is in progress
        lockfile=/var/cache/etckeeper/packagelist.pre-install
        if [ -e "$lockfile" ] && [ -n "$(find "$lockfile" -mtime +1)" ]; then
                rm -f "$lockfile" # stale
        fi
        if [ ! -e "$lockfile" ]; then
                AVOID_SPECIAL_FILE_WARNING=1
                export AVOID_SPECIAL_FILE_WARNING
                if etckeeper unclean; then
                        for i in /etc /var/adm/bin; do
                                etckeeper commit -d ${i} "$(date +'%Y-%m-%d %H:%M:%S') $(date +'%Y-%m-%d %H:%M:%S') daily autocommit of ${i}" >/dev/null
                        done
                fi
        fi
fi

Searching etckeeper logs is fairly easy. The quick script below can help you with this task. Say, if you need to find commits that contain changes to /etc/sudoers, you would run it like so: etckeeper-track /etc/sudoers.
#!/bin/bash
j="${@}"
if [ -z "${j}" ]; then exit 1; fi
if [ ! -x /usr/bin/etckeeper ]; then exit 1; fi
cd /etc
for i in $(etckeeper vcs log | grep ^commit | awk '{print $NF}'); do
  if [ $(etckeeper vcs show ${i} | grep -c "${j}") -gt 0 ]; then
    a=$(etckeeper vcs show ${i} | grep -m1 ^Author:)
    d=$(etckeeper vcs show ${i} | grep -m1 ^Date:)
    echo "${i}"; echo "${a}"; echo "${d}"
  fi
done