CHANGELIST(5) OpenBSD Programmer's Manual CHANGELIST(5)
changelist - list of backup files
The /etc/changelist file is a simple text file containing the names of
files to be backed up and checked for modification by the system security
script, security(8). It is checked daily by the /etc/daily script. See
daily(8) for further details.
Each line of the file contains the name of a file, specified by its abso-
lute pathname, one per line. By default, configuration files in /etc,
/root, and /var are added during system install. Administrators may add
additional files at their discretion.
Backup files are held in the directory /var/backups. A backup of the
current version of a file is kept in this directory, marked "current".
When the file is altered, the old version is marked as "backup" and the
new version becomes "current".
For example, the system shell database, /etc/shells, is held as
/var/backups/etc_shells.current. When this file is modified, it is re-
named to /var/backups/etc_shells.backup and the new version becomes
/var/backups/etc_shells.current. Thereafter, these files are rotated.
Diffs are mailed to the root administrator, in unified diff(1) format,
via daily(8), in the following format:
/etc/shells diffs (-OLD -NEW)
Files in /etc/changelist beginning with a `+' character (generally non-
text files) are stored as md5(1) checksums. Results are mailed in the
/etc/ssh/ssh_host_key MD5 checksums
Lines beginning with the comment character (`#'), blank lines, and non-
existent files are all silently ignored.
/etc/changelist Default changelist.
/etc/daily Maintenance script which runs security(8).
/etc/security Shell script which reads /etc/changelist.
/var/backups/ Directory containing file backups.
diff(1), md5(1), daily(8), security(8)
The changelist manual page first appeared in OpenBSD 3.5.
Anyone with the privileges to alter system configuration files could also
alter the backup files in /var/backups. It is important that this direc-
tory be owned by root:wheel and have permissions 0700 set.
Removal of the /etc/changelist file itself could cause confusion.
changelist cannot warn about files being added to the system.
If you hose your system configuration files, you just might be able to
find the information you need in /var/backups. This is not a CAVEAT, but
we had to warn you somehow!
OpenBSD 3.6 September 11, 2003 2