TRACK CONFIGURATION CHANGES WITH CVS

Concurrent Versions System (CVS) is an extremely versatile and useful tool for programmers to keep track of changes between various revisions of source code. However, CVS can be used to track revisions between any text files, whether they are text documents or text configuration files.

Since most configuration files are located in /etc and nearly all are text-based, you can take advantage of CVS's many features to track differences between configuration files. For instance, you can use CVS to track differences between password files, Apache configuration files, BIND configuration files, etc.

This is extremely useful if you are experimenting with a new software version and must modify the configuration file in order to work with it. All you need to do is make sure the configuration file is in CVS and up-to-date prior to the upgrade before making your modifications. If anything goes wrong, you can downgrade the software, check out the previous configuration file revision, and get the same configuration file back without any loss. Using CVS to track revisions of configuration files can also help you track changes to your system.

If you are ever successfully attacked, having a copy of your configuration files in CVS will help by providing you with a base against which you can compare your current system. This will help you determine what, if anything, the attacker changed in terms of configuration files and will also help you quickly remedy any changes they've made. As a last-ditch effort, having your configuration files in CVS will help you re-create the state of your system, should you be forced to perform a complete reinstall.