OpenBSD manual page server

Manual Page Search Parameters
CHANGELIST(5) File Formats Manual CHANGELIST(5)

changelistlist of backup files

The /etc/changelist file is a simple text file containing the names of files to be backed up and checked for modification by the system security script, security(8). It is checked daily by the /etc/daily script. See daily(8) for further details.

Each line of the file contains the name of a file, specified by its absolute pathname, one per line. By default, configuration files in /etc, /root, and /var are added during system install. Administrators may add additional files at their discretion. Shell globbing is supported in pathnames.

Backup files are held in the directory /var/backups. A backup of the current version of a file is kept in this directory, marked "current". When the file is altered, the old version is marked as "backup" and the new version becomes "current".

For example, the system shell database, /etc/shells, is held as /var/backups/etc_shells.current. When this file is modified, it is renamed to /var/backups/etc_shells.backup and the new version becomes /var/backups/etc_shells.current. Thereafter, these files are rotated.

Diffs are mailed to the root administrator, in unified diff(1) format, via daily(8), in the following format:

=====
/etc/shells diffs (-OLD  +NEW)
=====

Files in /etc/changelist beginning with a ‘+’ character (generally non-text files) are stored as sha256(1) checksums. Results are mailed in the following format:

======
/etc/ssh/ssh_host_key SHA-256 checksums
======
OLD:
NEW:

Lines beginning with the comment character (‘#’), blank lines, and non-existent files are all silently ignored.

/etc/changelist
Default changelist.
/etc/daily
Maintenance script which runs security(8).
/var/backups/
Directory containing file backups.

diff(1), sha256(1), daily(8), security(8)

The changelist manual page first appeared in OpenBSD 3.5.

Anyone with the privileges to alter system configuration files could also alter the backup files in /var/backups. It is important that this directory be owned by root:wheel and have permissions 0700 set.

Removal of the /etc/changelist file itself could cause confusion.

changelist cannot warn about files being added to the system, although security(8) will pick up on any files listed in /etc/changelist being added or deleted. Removals are only noticed for files listed explicitly, but not for files matched by globbing.

If you hose your system configuration files, you just might be able to find the information you need in /var/backups. This is not a CAVEAT, but we had to let you know somehow!

July 13, 2017 OpenBSD-current