Version Control for Configuration Files
For safety and ease of recovery when configuration files are corrupted or
incorrectly edited, the use of a version control system is recommended. In
fact, this is considered an industry best practice. Many top-quality version
control systems are available, such as Git, Subversion, Mercurial, and Bazaar.
If you already have a favorite, perhaps one that you use for code projects, you
can do what we describe in this section using that version control system. The
suggestions here are to get you thinking about the idea of using version
control for configuration files and to introduce a few well-used and
documented options for those who are unfamiliar with version control. First,
some background.
Version control systems are designed to make it easy to revert changes made
to a file, even after the file has been saved. Each system does this a little bit
differently, but the basic idea is that not only is the current version of the file
saved, but each and every version that existed previously is also saved. Some
version control systems do this by saving the entire file every time. Some use
metadata to describe just the differences between versions. In any case, it is
possible to roll back to a previous version of the file, to restore a file to a state
before changes were made. Developers who write software are well aware of
the power and benefit to being able to do this quickly and easily; it is no
longer required that the file editor remember the technical details of where,
what, or even how a file has been edited. When a problem occurs, the file is
simply restored to its previous state. The version control system is also able to
inform the user where and how each file has changed at each save.
Using a version control system for configuration files means that every time a
configuration is changed, those changes are recorded and tracked. This
enables easy discovery of intruders (if a configuration has been changed by an
unauthorized person trying to reset, say, the settings for Apache so that the
intruder can allow a rogue web service or site to run on your server), easy
recovery from errors and glitches, and easy discovery of new features or
settings that have been enabled or included in the configuration by software
upgrades.
Many older and well-known tools do this task, such as changetrack,
which is quite a good example. All such tools seek to make the job of tracking
changes to configuration files more easily and quickly, but with the advances
in version control systems, most provide very little extra benefit. Instead of
suggesting any of these tools, we think you are probably better off learning a
modern and good version control system. One exception is worth a bit of
discussion because of its ability to work with your software package manager,