list of backup files
file is a simple text file
containing the names of files to be backed up and checked for modification by
the system security script,
. It is checked
daily by the /etc/daily
for further details.
Each line of the file contains the name of a file, specified by its absolute
pathname, one per line. By default, configuration files in
are added during system install.
Administrators may add additional files at their discretion. Shell globbing is
supported in pathnames.
Backup files are held in the directory
. A backup of the current version of
a file is kept in this directory, marked “current”. When the
file is altered, the old version is marked as “backup” and the
new version becomes “current”.
For example, the system shell database,
, is held as
. When this file
is modified, it is renamed to
and the new
version becomes /var/backups/etc_shells.current
Thereafter, these files are rotated.
Diffs are mailed to the root administrator, in unified
, in the following
/etc/shells diffs (-OLD +NEW)
Files in /etc/changelist
beginning with a
‘+’ character (generally non-text files) are stored as
checksums. Results are
mailed in the following format:
/etc/ssh/ssh_host_key SHA-256 checksums
Lines beginning with the comment character (‘#’), blank lines, and
non-existent files are all silently ignored.
- Default changelist.
- Maintenance script which runs
- Directory containing file backups.
manual page first appeared in
Anyone with the privileges to alter system configuration files could also alter
the backup files in /var/backups
. It is important
that this directory be owned by root:wheel and have permissions 0700 set.
Removal of the /etc/changelist
file itself could
cannot warn about files being added to
the system, although
will pick up on
any files listed in /etc/changelist
or deleted. Removals are only noticed for files listed explicitly, but not for
files matched by globbing.
If you hose your system configuration files, you just might be able to find the
information you need in /var/backups
. This is not
a CAVEAT, but we had to let you know somehow!