What is the best way to identify changes from the default configuration in Raspbian systems?
I've got a Raspberry Pi running Raspbian, which I'd like to reinstall from scratch. However over time I've made many changes to the configuration (installed new packages, changed the name of the default user, created a new user account, and probably a lot of things I tweaked but forgot about), and unfortunately I usually didn't think of documenting those changes.
What would be the best strategy to figure out as many of those changes as possible before reinstallation, so I don't have to figure out them afterwards through things no longer working the way I want them?
In particular, I'd be interested in the following things.
-
How does the list of packages differ from that in a fresh install?
-
Are there any changes to configuration files that were not done by package installation/update, and to which files?
Methods that work also on other Debian-based distributions are preferred.
1 answer
How does the list of packages differ from that in a fresh install?
The easiest way, if you have the data for it, would probably be to parse the APT logs (particularly /var/log/apt/history.log*) to see what's been installed and removed, respectively. However, those only go back so far, so unless you've been diligent about archiving logs (which seems unlikely if you don't have any documentation for how the system has been set up and configured over time), will only give you recent changes.
However, you should be able to get something very close to what you want from a combination of dpkg --get-selections filtering for output that ends with the word install (which will tell you what's currently selected for installation) and filtering out packages which have a Priority value of required or important (which should match a default installation fairly closely). For example:
dpkg --get-selections |
grep '\binstall$' |
cut -f 1 |
while read package; do
apt-cache show "$package" |
grep '^Priority:' |
grep -vq -e 'required$' -e 'important$' &&
printf '%s\n' "$package"
done
will give you a list of all packages that are currently installed, but which are not either required or important.
(There's probably a better way to get the data in a machine-readable form, but I was unable to find one that worked with a reasonably quick perusal of the apt-cache and dpkg man pages.)
The list given by the above command certainly won't be perfect (for example, it doesn't handle the fact that packages might be pulled in as dependencies of required packages), but it should give you a reasonable starting point.
Are there any changes to configuration files that were not done by package installation/update, and to which files?
You can use dpkg -V to verify the status of a package's installed files against the package metadata.
Another tool that can also be used is debsums (offered by the debsums package on ordinary Debian and, I would expect, on Raspian as well) with the -a/--all switch.
This isn't perfect either; for example, I doubt either method will capture files which were generated during package installation and then later modified. (SSH host keys would be an example of that.) It also won't tell you what has changed, only that the file now has a different hash. Still, for the majority of packages, it should provide a reasonable starting point.
For dpkg, only files that are different will be listed. For example:
# dpkg -V openssh-client
??5?????? c /etc/ssh/ssh_config
#
For debsums, unmodified files will show as OK (similar to *sum --check), so to get a list of what's changed, use your favorite tool to only see those that aren't OK. For example:
# debsums -a openssh-client | grep -v 'OK$'
/etc/ssh/ssh_config FAILED
#
Both of these tell me that on the system I'm running them on, /etc/ssh/ssh_config has been changed compared to the version that is provided by the openssh-client package.
0 comment threads