# etc keeper `etckeeper` is a small toolkit that puts `/etc` under version control (git by default, also hg, bzr, darcs). It is not just a wrapper around `git init /etc` — its value comes from the hooks it installs into the package manager (pacman, apt, dnf, zypper), so that every package install, upgrade, or removal triggers an automatic commit. The result is a complete, auditable history of how a system's configuration drifted over time, attributed to the operation that caused it. Why it matters: configuration drift is invisible until something breaks. Most sysadmins discover that `sshd_config` changed only after a failed login. With `etckeeper`, the diff is already committed. It also preserves file metadata (permissions, ownership) that plain git ignores — critical for `/etc`, where mode `0600` on a private key is not optional. It runs daily via a systemd timer or cron to catch manual edits that bypass the package manager. Push the repo to a private remote and `/etc` becomes recoverable from anywhere, which is closer to the spirit of infrastructure-as-code than most ad-hoc Ansible setups on a personal machine. The contrarian read: for a single workstation, `etckeeper` gives you 80% of what a configuration management tool gives you, with 5% of the operational weight. The right default for any Linux box you actually care about. ## References - https://etckeeper.branchable.com/ - `man etckeeper` ## Related -