Zuzia.app logo
Get started
Features
For Whom
How It Works
Reviews
Faq
Pricing
Sign up Log In

How to Check Configuration File Changes

Check configuration file changes on Linux servers. Monitor config file modifications, detect unauthorized changes, track configuration history, and set up automated config monitoring with Zuzia.app.

Last updated: 2026-02-13

How to Check Configuration File Changes

Need to check configuration file changes on your Linux server? Want to monitor config file modifications, detect unauthorized changes, and track configuration history? This guide shows you how to check configuration file changes using built-in commands and automated monitoring with Zuzia.app.

For comprehensive configuration monitoring strategies, see Server Configuration Drift Monitoring Guide. For troubleshooting configuration issues, see Configuration Drift Causing Issues.

Why Checking Configuration Changes Matters

Configuration files control system and application behavior. When configuration files change unexpectedly, services can malfunction, security settings can be altered, and system behavior can change. Checking configuration file changes helps you detect unauthorized modifications, track configuration history, maintain configuration integrity, and ensure configurations remain correct.

Method 1: Check File Modification Times

Check file modification times to detect when files were changed:

View File Modification Times

# Check file modification time
stat /etc/ssh/sshd_config

# View modification time for config files
find /etc -type f -mtime -1 -ls

# Check for recently modified files
find /etc -type f -newer /tmp/reference-time -ls

# View configuration file history
ls -lt /etc/ssh/ | head -10

Detect Recent Changes

# Find recently modified config files
find /etc -type f -mtime -1

# Check for files modified today
find /etc -type f -newermt "$(date +%Y-%m-%d)" -ls

# View modification times
stat /etc/ssh/sshd_config /etc/nginx/nginx.conf | grep Modify

Method 2: Compare Configuration Files

Compare configuration files with previous versions to detect changes:

Compare with Previous Versions

# Compare current config with previous
diff /etc/ssh/sshd_config /backup/sshd_config.baseline

# Compare multiple config files
diff -r /etc/nginx/ /backup/nginx-baseline/

# Check for configuration differences
diff /etc/ssh/sshd_config /backup/sshd_config.baseline | head -20

# Compare with last known good state
diff /etc/ssh/sshd_config /backup/sshd_config-$(date +%Y%m%d).txt

Detect Configuration Changes

# Check if config matches expected configuration
diff /etc/ssh/sshd_config /policies/ssh-policy.conf

# Verify configuration consistency
md5sum /etc/ssh/sshd_config /backup/sshd_config.baseline

# Check for unexpected modifications
find /etc -type f -newer /tmp/last-check -exec diff {} /backup/{}.baseline \;

Method 3: Monitor Configuration File Integrity

Monitor configuration file integrity to detect unauthorized changes:

Check File Checksums

# View file checksums
md5sum /etc/ssh/sshd_config

# Compare checksums
md5sum /etc/ssh/sshd_config /backup/sshd_config.baseline

# Verify configuration file integrity
md5sum -c /backup/config-checksums.txt

# Track checksum changes
md5sum /etc/ssh/sshd_config > /tmp/checksum-current.txt
diff /tmp/checksum-baseline.txt /tmp/checksum-current.txt

Use AIDE for File Integrity

# Check for configuration changes
sudo aide --check

# Update AIDE database after authorized changes
sudo aide --update

# Verify file integrity
sudo aide --check | grep -i "changed\|added\|removed"

Method 4: Automated Configuration Change Monitoring with Zuzia.app

While manual configuration checks work for audits, production Linux servers require automated configuration change monitoring that continuously tracks file modifications, detects unauthorized changes, and alerts you when configurations are altered.

How Zuzia.app Configuration Change Monitoring Works

Zuzia.app automatically monitors configuration files through scheduled command execution and file comparison. The platform checks file modification times, compares with baselines, detects changes, and sends alerts when modifications are detected.

Setting Up Configuration Change Monitoring

  1. Add Scheduled Task for File Monitoring

    • Command: find /etc -type f -mtime -1 | wc -l
    • Frequency: Every 6 hours
    • Alert when: Configuration files modified

  2. Configure Critical File Monitoring

    • Command: md5sum /etc/ssh/sshd_config /etc/sudoers | diff - /backup/config-checksums.txt
    • Frequency: Every 12 hours
    • Alert when: Critical files changed

  3. Set Up Configuration Comparison

    • Command: diff /etc/ssh/sshd_config /backup/sshd_config.baseline | head -20
    • Frequency: Once daily
    • Alert when: Configuration differences detected

Custom Configuration Monitoring Commands

Add these commands as scheduled tasks:

# Check for configuration changes
find /etc -type f -mtime -1

# Compare critical configurations
diff /etc/ssh/sshd_config /backup/sshd_config.baseline

# Verify configuration checksums
md5sum /etc/ssh/sshd_config /etc/sudoers

# Monitor system configuration
sysctl -a | diff - /backup/sysctl-baseline.txt

Best Practices

1. Monitor Configurations Regularly

Use Zuzia.app for continuous configuration monitoring. Set up alerts before configuration issues become critical. Review configuration changes regularly.

2. Maintain Configuration Baselines

Keep accurate configuration baselines. Store baselines in version control. Update baselines when authorized changes occur.

3. Track All Configuration Changes

Monitor all configuration modifications. Track authorized changes. Detect unauthorized changes. Document change procedures.

Troubleshooting

Unauthorized Changes Detected

When unauthorized changes are detected:

  1. Review current configuration: cat /etc/ssh/sshd_config
  2. Compare with baseline: diff /backup/sshd_config.baseline /etc/ssh/sshd_config
  3. Restore from backup if needed: cp /backup/sshd_config.baseline /etc/ssh/sshd_config

Configuration File Modified

When configuration files are modified:

  1. Check modification time: stat /etc/ssh/sshd_config | grep Modify
  2. Review changes: diff /backup/sshd_config.baseline /etc/ssh/sshd_config
  3. Verify changes are authorized
  4. Restore if unauthorized

FAQ

For production servers, check configuration changes every 6-12 hours. Zuzia.app can check configurations automatically and alert when changes are detected.

Monitor all production configuration files, especially security configurations (SSH, firewall, sudo), service configurations, and application configurations.

Yes, Zuzia.app can detect unauthorized changes by comparing current configurations with baselines, monitoring file modifications, tracking configuration checksums, and alerting when changes are detected.

Related guides, recipes, and problems

Related Articles

Server Configuration Drift Monitoring Guide
Server Security Events Monitoring and Intrusion Detection Guide
How to Check Apache Virtual Hosts Configuration on Linux
How to Check Firewall Rules Changes
How to Check System Hostname Configuration on Linux Server
How to Check System Hostname and IP Address on Linux

Note: The content above is part of our brainstorming and planning process. Not all described features are yet available in the current version of Zuzia.

If you'd like to achieve what's described in this article, please contact us – we'd be happy to work on it and tailor the solution to your needs.

In the meantime, we invite you to try out Zuzia's current features – server monitoring, SSL checks, task management, and many more.

We use cookies to ensure the proper functioning of our website.