How to Check Configuration File Changes
Check configuration file changes on Linux servers. Monitor config file modifications, detect unauthorized changes, track configuration history, and set up automated config monitoring with Zuzia.app.
How to Check Configuration File Changes
Need to check configuration file changes on your Linux server? Want to monitor config file modifications, detect unauthorized changes, and track configuration history? This guide shows you how to check configuration file changes using built-in commands and automated monitoring with Zuzia.app.
For comprehensive configuration monitoring strategies, see Server Configuration Drift Monitoring Guide. For troubleshooting configuration issues, see Configuration Drift Causing Issues.
Why Checking Configuration Changes Matters
Configuration files control system and application behavior. When configuration files change unexpectedly, services can malfunction, security settings can be altered, and system behavior can change. Checking configuration file changes helps you detect unauthorized modifications, track configuration history, maintain configuration integrity, and ensure configurations remain correct.
Method 1: Check File Modification Times
Check file modification times to detect when files were changed:
View File Modification Times
# Check file modification time
stat /etc/ssh/sshd_config
# View modification time for config files
find /etc -type f -mtime -1 -ls
# Check for recently modified files
find /etc -type f -newer /tmp/reference-time -ls
# View configuration file history
ls -lt /etc/ssh/ | head -10
Detect Recent Changes
# Find recently modified config files
find /etc -type f -mtime -1
# Check for files modified today
find /etc -type f -newermt "$(date +%Y-%m-%d)" -ls
# View modification times
stat /etc/ssh/sshd_config /etc/nginx/nginx.conf | grep Modify
Method 2: Compare Configuration Files
Compare configuration files with previous versions to detect changes:
Compare with Previous Versions
# Compare current config with previous
diff /etc/ssh/sshd_config /backup/sshd_config.baseline
# Compare multiple config files
diff -r /etc/nginx/ /backup/nginx-baseline/
# Check for configuration differences
diff /etc/ssh/sshd_config /backup/sshd_config.baseline | head -20
# Compare with last known good state
diff /etc/ssh/sshd_config /backup/sshd_config-$(date +%Y%m%d).txt
Detect Configuration Changes
# Check if config matches expected configuration
diff /etc/ssh/sshd_config /policies/ssh-policy.conf
# Verify configuration consistency
md5sum /etc/ssh/sshd_config /backup/sshd_config.baseline
# Check for unexpected modifications
find /etc -type f -newer /tmp/last-check -exec diff {} /backup/{}.baseline \;
Method 3: Monitor Configuration File Integrity
Monitor configuration file integrity to detect unauthorized changes:
Check File Checksums
# View file checksums
md5sum /etc/ssh/sshd_config
# Compare checksums
md5sum /etc/ssh/sshd_config /backup/sshd_config.baseline
# Verify configuration file integrity
md5sum -c /backup/config-checksums.txt
# Track checksum changes
md5sum /etc/ssh/sshd_config > /tmp/checksum-current.txt
diff /tmp/checksum-baseline.txt /tmp/checksum-current.txt
Use AIDE for File Integrity
# Check for configuration changes
sudo aide --check
# Update AIDE database after authorized changes
sudo aide --update
# Verify file integrity
sudo aide --check | grep -i "changed\|added\|removed"
Method 4: Automated Configuration Change Monitoring with Zuzia.app
While manual configuration checks work for audits, production Linux servers require automated configuration change monitoring that continuously tracks file modifications, detects unauthorized changes, and alerts you when configurations are altered.
How Zuzia.app Configuration Change Monitoring Works
Zuzia.app automatically monitors configuration files through scheduled command execution and file comparison. The platform checks file modification times, compares with baselines, detects changes, and sends alerts when modifications are detected.
Setting Up Configuration Change Monitoring
-
Add Scheduled Task for File Monitoring
- Command:
find /etc -type f -mtime -1 | wc -l - Frequency: Every 6 hours
- Alert when: Configuration files modified
- Command:
-
Configure Critical File Monitoring
- Command:
md5sum /etc/ssh/sshd_config /etc/sudoers | diff - /backup/config-checksums.txt - Frequency: Every 12 hours
- Alert when: Critical files changed
- Command:
-
Set Up Configuration Comparison
- Command:
diff /etc/ssh/sshd_config /backup/sshd_config.baseline | head -20 - Frequency: Once daily
- Alert when: Configuration differences detected
- Command:
Custom Configuration Monitoring Commands
Add these commands as scheduled tasks:
# Check for configuration changes
find /etc -type f -mtime -1
# Compare critical configurations
diff /etc/ssh/sshd_config /backup/sshd_config.baseline
# Verify configuration checksums
md5sum /etc/ssh/sshd_config /etc/sudoers
# Monitor system configuration
sysctl -a | diff - /backup/sysctl-baseline.txt
Best Practices
1. Monitor Configurations Regularly
Use Zuzia.app for continuous configuration monitoring. Set up alerts before configuration issues become critical. Review configuration changes regularly.
2. Maintain Configuration Baselines
Keep accurate configuration baselines. Store baselines in version control. Update baselines when authorized changes occur.
3. Track All Configuration Changes
Monitor all configuration modifications. Track authorized changes. Detect unauthorized changes. Document change procedures.
Troubleshooting
Unauthorized Changes Detected
When unauthorized changes are detected:
- Review current configuration:
cat /etc/ssh/sshd_config - Compare with baseline:
diff /backup/sshd_config.baseline /etc/ssh/sshd_config - Restore from backup if needed:
cp /backup/sshd_config.baseline /etc/ssh/sshd_config
Configuration File Modified
When configuration files are modified:
- Check modification time:
stat /etc/ssh/sshd_config | grep Modify - Review changes:
diff /backup/sshd_config.baseline /etc/ssh/sshd_config - Verify changes are authorized
- Restore if unauthorized
FAQ
Related guides, recipes, and problems
-
Related guides
-
Related recipes
-
Related problems