Versioning Configuration Files
This topic has been discussed on other websites, however I have not read them yet I just remember seeing them. I have, in the past, changed configuration values and then later found I had better performance before I changed what I did. Rolling back can be difficult when you are doing a lot at once. A way around this is to start a subversion repository for system directories. This is something you will want to do as root to so that security is very restrictive. Also keep in mind this is the directory structure on a CentOS/RHEL 5 Box your distro may be different.
svn create /root/repo/config svn co file:///root/repo/config /etc cd /etc svn add -N httpd/ svn add httpd/conf/ svn add httpd/conf.d/ svn add postfix/ svn add hosts svn add hosts.deny svn add hosts.allow svn add php.d svn add pear.conf svn add my.cnf svn add php.ini svn commit chmod 700 /root/repo/config
When adding the httpd directory you need to add the -N so that run, modules, and logs symlinks to not get added, then you add the conf and conf.d directories manually. The hosts files may seem strange, but if someone was to get in that might be a file they would want to modify. If it is modified you can simply do a svn status on the directory and see what has gone on. The last entry is so that only the root user can access any of the files. That means unless you are root or you can sudo you cannot check out or commit to that repository.
It might be a good idea to run a svn commit as a cron on the directory so any changes that are made will be updated and can be compared later. I would also recommend not adding any files that include passwords, for obvious reasons. If for some reason you submit a file with a password by accident run the svnadmin dump command, then do a search and replace in the dump file. After you have done that delete the repository on the server and create a new version off the dump file.
