On Mon, Aug 24, 2009 at 11:57:25AM -0400, Maxim Khitrov wrote:
> Hello all,
> 
> I'm setting up a firewall using FreeBSD 7.2 and thought that it may
> not be a bad idea to have a continuous backup for important files like
> pf and dnsmasq configurations.
<snip>
> My initial thought was to create a mercurial repository at the file
> system root and exclude everything except for explicitly added files.
> I'd then run something like "hg commit -m `date`" from cron every 10
> minutes to record the changes automatically. 

Isn't this ass-backwards? Configuration files shouldn't change suddenly.

My system is to keep all configuration files that I have changed from their
defaults in a revision control system repository. That is where I add and
(after testing) commit changes to those files. I then use an install script to
copy changed files (based on SHA1 checksum) to their correct location in /etc
or /usr/local/etc and run restart commands if necessary. So installation is
always done from the repository to the filesystem. If a change doesn't work I
just check out the last good version of the file(s), re-run the install script
and we're back to normal.

Roland
-- 
R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

Attachment: pgpNaMjPLXuPF.pgp
Description: PGP signature

Reply via email to