Re: [tlug] They've changed Apache again.

[Kalin KOZHUHAROV <me.kalin@example.com>]

> On Thu, Oct 14, 2010 at 19:34, Dave M G <dave@example.com> wrote:
>
> Then later, my local web sites weren't working again, and it looks like
> my /etc/hosts got wiped out again. Maybe after a boot.
>
> So it looks like when Apache starts up, it generates /etc/hosts, or
> something, and I need to put my list of domains in some other file... or
> something.
>
We all hate config files being overwritten!

One way to stop this insanity "the brutal way" is to use `chattr +i
/etc/hosts`, assuming your /etc is in ext{2,3,4} filesystem.

Actually Wikipedia seems to have pretty to the point article:
http://en.wikipedia.org/wiki/Chattr

I have done this with files in /etc/ppp/ and
/etc/udev/rules.d/70-persistent-net.rules some time ago.

If you definitely want to find who's messing with the file use
sys-process/audit [1,2]:

[1]  http://people.redhat.com/sgrubb/audit/
[2]  http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html


And report back who was it ;-)

Cheers,
Kalin.