Scenario / Questions

How to find all Debian managed configuration files which have been changed from the default?

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

To find all Debian managed configuration files which have been changed from the default you can use a command like this.

dpkg-query -W -f='${Conffiles}\n' '*' | awk 'OFS="  "{print $2,$1}' | md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK/{print $1}'

Edit (works with localized systems):

dpkg-query -W -f='${Conffiles}\n' '*' | awk 'OFS="  "{print $2,$1}' | LANG=C md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK/{print $1}' | sort | less

Edit (works with packages with OK in the filename):

dpkg-query -W -f='${Conffiles}\n' '*' | awk 'OFS="  "{print $2,$1}' | LANG=C md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK$/{print $1}' | sort | less

Suggestion: 2

from man debsums:

  debsums -ce
          List changed configuration files.

Suggestion: 3

Sorry to necro, but while @naught101’s answer was correct for modified files, it didn’t help for added files. @Graeme’s solution is nice, but depends on etckeeper; I don’t want to modify the filesystem.

find /etc -type f | grep -vFf <(debsums -e -r /etc | sed 's/[[:space:]]*OK$//')

Find files in /etc/ that debsums does not report as valid. This means either untracked files or files that are not “OK” (hashes don’t match).

Suggestion: 4

I generally like to setup etckeeper on the system pretty much immediately. With something like etckeeper I can find not only when the file is different, but I can actually get a diff of exactly how it is different.


Suggestion: 5

Or debsums -e | grep FAILED
which will also show all missing conffiles

(from the debsums package)

Suggestion: 6

This might be overkill but since somebody mentioned etckeeper and while I was investigating that I came across this other gem that might be more useful if you are attempting to figure out things “after the fact”.

Blueprint is a simple configuration management tool that reverse-engineers servers. It figures out what you’ve done manually, stores it locally in a Git repository, generates code that’s able to recreate your efforts, and helps you deploy those changes to production.

Suggestion: 7

This departs a little from the original question in that it will also give ADDED config files as opposed to just those modified. Although files not included in any deb package will also be caught. Both behaviours may well be desirable.

It depends on having used etckeeper with git vcs ideally from the get go, although it should also work if you specifically add and commit previously changed files after the first commit. Note that one gotcha here is that Ubuntu configures etckeeper to use Bazaar by default (Canonical sponsor Bazaar), rather than the git default set by the etckeeper developers.

The idea is to get a list of all commits that aren’t made automatically after and apt run. Then list the files changed in all but the very first commit:

filter_sed="/committing changes in \/etc after apt run\$/d"

etckeeper vcs log --oneline |
  sed "$filter_sed; \$d; s/ .*//" |
  xargs etckeeper vcs show --name-only --format=format: |
  sort |
  uniq |
  sed "/^\$/d"

The filter string could also be extended to encompass other commits if they are named consistently. Might be good for installs directly from a deb file or from source code.

A notable file that this picks up for me is my xorg.conf – you currently have to add this to /etc/X11 yourself if you need it. Also my default/grub changes are picked up, it seems this is copied from /usr/share by a post install script rather than being listed as part of a package. If a change has been made to a file like this, dpkg related methods won’t reveal it.