How to check what files have been customised in /etc?

Tom H tomh0665 at gmail.com
Mon Dec 14 11:00:13 UTC 2020 

On Sun, Dec 13, 2020 at 12:55 PM Colin Watson <cjwatson at ubuntu.com>
wrote:
> On Sun, Dec 13, 2020 at 09:58:48AM +0000, Chris Green wrote:
>>
>> However there are inevitably a few global customisations in /etc
>> and I'd like to track them as well if possible. I can configure
>> ways to track them now but can anyone suggest a way to find all
>> the changes I have done over the years in /etc?
>
> It's not possible in general, because a number of files in /etc
> are handled programmatically such that a base "unmodified" version
> of the file isn't really recorded. However, you can at least in
> principle do it for all the files in /etc that are shipped in
> packages, referred to as "conffiles". I don't know of a way that
> isn't still quite cumbersome, but something like "grep-status
> -sPackage,Conffiles -FStatus 'install ok installed' --and
> -FConffiles ." will show all the installed packages with
> conffiles, and then you can download each of the relevant packages,
> unpack them into a temporary directory, and compare.

1) Can't you compare the md5sum that's displayed by "grep-status ..."
for a package's "<etc-file>" with the output of "md5sum
<actual-etc-file>"?

2) AFAIK, there are two categories files that are handled programmatically.

a) "/etc/nsswitch.conf" and "/etc/profile" are copied via postinst
from "/usr/share/libc-bin/nsswitch.conf" and
"/usr/share/base-files/profile" respectively and the latter files have
their md5sums recorded.

b) "/etc/hosts.allow" and "/etc/hosts.deny" are created via postinst
with here-file statements.

I wish that the latter method were disallowed by Ubuntu (and Debian)
packaging policies and that the copied files were recorded as owned by
the package that installs them. It's weird that, if you run "dpkg -S
nsswitch.conf", it returns "/usr/share/libc-bin/nsswitch.conf", and if
you run "dpkg -S /etc/nsswitch.conf", it returns nothing. We could
even have a new category of files,
"/var/lib/dpkg/info/<package>.etcfiles" to record their
existence/installation.

More information about the ubuntu-users mailing list