I’ve just found an awesome tool to automate linux configs fine-tuning!
I’m glad it exists because I had to write very similar tool few years ago and it was less capable. Couple days ago I wanted to edit another config and I felt like the world moved on and most probably solved this puzzle long ago and I should just learn how to do it proper way. So, my gut feeling was right! Fasten your seat belts!! Here you go:
Augeas is a configuration editing tool. It parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native config files.
After taking a “quick tour” let’s try to modify fail2ban configuration (fail2ban is another awesome tool which stops bruteforce attacks). The default configuration makes fail2ban to write it’s log to some file under /var/log. Let us change it so fail2ban uses syslog (see also: How To Centralize Logs with Rsyslog, Logstash, and Elasticsearch).
It happens that by default Augeas does not understand fail2ban configs, but we can fix that by adding Augeas “lenses”. Just to get a feeling of Augeas’s mega powers see the huge list of “stock lenses” which comes installed with Augeas! And there’s even more unofficial ones (like fail2ban.aug which we gonna use).
Let’s install augeas and get fail2ban lenses copied to the proper place:
First we’ll try augtool manually:
Check out the difference: (see last highlighted line) (one on the left is new value SYSLOG, one on the right is old file content):
Now let’s wrap it into stand-alone script:
# see this stackoverflow for couple examples: one is ruby binding, other is native augtool script!
# let’s put it all together as a ruby script:
# running the above script and grepping real config before and after: