Need Tool to Manage Configuration Changes

[sgharp]

Hi Guys,

Is there a tool that can monitor a specified set of configuration files (such as my.cnf, vhosts.conf, php.ini, etc.) and log any changes made to these files (diff?) with a datetime stamp of when the change occurred?

We recently had a situation where one of our admins changed a file which later caused Apache to crash. It took us a few hours to figure out what had been changed. If the change had been automatically logged somewhere, it would have taken only a few minutes to get the server running again.

Is there such a tool? Any suggestions or comments would be greatly appreciated.

[HROAdmin26]

What you need is a process for change control. If you want to monitor files for changes (originally designed for security purposes), tripwire is one app.

[Irithori]

HROAdmin26 is right, monitoring file changes and managing configs are two different topics.

What we do at my workplace:
- The team of sysadmins commits config changes to a svn repository.
- The changes in there are enforced on hundreds of machines via Puppet
- Manual changes are against policy. If the OnCall admin is forced to do so (say, an emergency at 3am), then he needs to set things right in the svn repo/puppet the very next day

If learning puppet (or any other config management system like cfengine) seems like an unneccessary step:
- any change is documented. commented and logged
- rollback is trivial
- all machines are *guaranteed* to be setup equal
- redeploy of a machine or adding machines to a pool is trivial as well

[Irithori]

Additionally: with all configs in a svn repo
- everyone is sure to work on the latest copy
- setup of CVSTrac for that svn repo provides further visibilty

[sgharp]

Thanks for your responses. This gives me someplace to start looking.