Hi all, I have a question about merging default configurations with own changes. As an example, take an apache configuration. The default configuration may change, according to best practice(e.g. which encryption protocols are safe to use etc). so you are happy to use whatever the package provides (if it is well-maintained) However, some things you may not like, say: the "PermitRootLogin yes" line. [Okay, the example has a bit of a "design fault" because Apache configs have include statements etc. - but there are examples without, as ntp.conf, and some do not like to have two lines of the same key which are conflicting - so you really have to replace the default with yours. I just wanted to give this as an example you may familiar with] So, for the sake of this example, assume all is written in one httpd.conf (no includes) and you are not allowed to have two lines as PermitRootLogin yes PermitRootLogin no How do you keep track of the "latest changes" in default configuration while making the changes you really want? I wonder especially in the context of automation where you may run it on many instances without manual invervention. My solution at the moment is: 1st install: - backup default (copies etc/htttpd.conf to httpd.conf.defaults) - update_config (e.g. parses the defaults with awk and replaces PermitRootLogin "yes by "no"[simplified]: awk '{if $1=="PermitRootLogin") print $1" no"; else print}' Update: - backup $version (just in case..) - restore default (copies etc/htttpd.conf.default to httpd.conf so the upgrade finds a pristine config) - package upgrade - update_config (as before) The advantage of this: update_config can do a lot of things, including using system-specific variables (e.g. getting an IP address from the system so you tell the system to listen on this IP only - no localhost: "Listen IPAddress:80"). A "diff" can be used to monitor unexpected changes afterwards (the diff should oonly show the xpected lines) , to alarm me if things are not right. I wonder whether there is any better support from configuration management tools you are using. Thank you Peter