Doc-Overdue – An Automated Configuration File State Finder for Debian Systems

Abstract: Configuration files are a vital part of any server setup. Knowing what configuration files have been manipulated is vital in knowing what services are running and how they are configured on a system. Changes made to these configuration files must be manually documented or collected using some automated documentation tool. Both these methods rely on being implemented early for the changes to be sufficiently documented. If a system didn’t implement these methods of documentation then there is no absolute way of knowing what changes have been made to that system without doing a manual search through potentially hundreds of files to find changes. Finding all changes made to a system lacking documentation is a time-consuming and arduous task. What if the search for changes could be automated once the documentation is long overdue? This thesis aims to create an implementation that finds changes made to configuration files on a Debian system as well as Linux distributions based on Debian such as Ubuntu. The resulting implementation created is called Doc-Overdue. Doc-Overdue consists of a script written in Python and utilizes the Debian Package Management System to find reference files to compare to the configuration files on the system. The script also runs tests to aid in finding new and/or modified configuration files without a reference file available. The results are presented in a formatted comprehensive report automatically created by Doc-Overdue. The report will include change reports created by the Diff-utility that makes it easy to find exactly what changes have been made to each changed configuration file. This approach finds changes made to systems without the need for any prior documentation of the system. The implementation was tested with a custom-made script that made modifications to configuration files for Doc-Overdue to find. The test showed Doc-Overdue to have an accuracy of 87.5% in finding changed configuration files on the system. This result shows that this approach for finding configuration file changes has a lot of promise. The thesis ends with a discussion and a list of potential future work that could hopefully lead to further improvements in the field of configuration detection.