π‘οΈ A timed confirmation system for (Li)nux configuration changes with automatic revert capabilities. Designed for remote system administrators to prevent loss of access due to configuration errors.
Revert-IT monitors critical system configuration files and enforces timed confirmations for any changes. If changes are not confirmed within the specified timeout period, or if connectivity is lost, the system automatically reverts to the previous configuration using snapshots.
| Feature | Description |
|---|---|
| π Automatic Configuration Monitoring | Watches critical system files (network, SSH, firewall, services) |
| β° Timed Confirmation System | Requires explicit confirmation of changes within configurable timeouts |
| π Automatic Revert | Reverts changes if not confirmed or if connectivity is lost |
| πΈ TimeShift Integration | Uses TimeShift for system-level snapshots when available |
| π§ Multi-Distribution Support | Works with Ubuntu, Debian, CentOS, RHEL, Fedora, and more |
| π Connectivity Checking | Tests network connectivity before performing reverts |
| βοΈ Flexible Configuration | Customizable timeouts, paths, and behaviors per change type |
βββββββββββββββββββ
β Configuration β
β Change β
ββββββββββ¬βββββββββ
β
βΌ
ββββββββββββββββββββββββ
β ConfigurationMonitor β
ββββββββββββ¬ββββββββββββ
β
βΌ
βββββββββββββββββββββββ
β SnapshotManager β
ββββββββββββ¬βββββββββββ
β
βΌ
βββββββββββββββββββββββ
β TimeoutManager β
ββββββββββββ¬βββββββββββ
β
βΌ
βββββββββββ
βConfirmedβ
β ? β
ββββββ¬βββββ
Yes βββ΄ββ No
ββββ ββββ
βΌ βΌ
ββββββββββββ ββββββββββββ
β Accept β β Revert β
β Change β β Engine β
ββββββββββββ βββββββ¬βββββ
β
βΌ
ββββββββββββββββ
β Restore β
β Snapshot β
ββββββββββββββββ
| Component | Purpose |
|---|---|
| π§ RevertIT Daemon | Main service that monitors system changes |
| ποΈ ConfigurationMonitor | Watches critical system files using filesystem events |
| πΈ SnapshotManager | Manages system snapshots (TimeShift integration + manual snapshots) |
| β±οΈ TimeoutManager | Handles timed confirmations and automatic reverts |
| π RevertEngine | Performs automatic reversion of configuration changes |
| π§ DistroDetector | Detects Linux distribution and provides compatibility information |
| π» CLI Interface | Command-line tools for management |
1. User makes config change
ββ> Monitor detects change
ββ> Create snapshot
ββ> Start timeout timer
ββ> Show confirmation prompt
β
ββ> [User confirms in time]
β ββ> Accept change
β
ββ> [Timeout expires/Connection lost]
ββ> Trigger revert
ββ> Restore previous state
- π§ Linux system with systemd (Ubuntu 18.04+, Debian 10+, CentOS 7+, RHEL 7+, Fedora 28+)
- π Python 3.8 or higher
- π Root privileges for installation and operation
- πΈ TimeShift (optional & recommended, for enhanced snapshot capabilities)
# π₯ Clone the repository
git clone https://github.com/chrisnelsonok/revertit.git
cd RevertIT
# π Run installation script
sudo ./scripts/install.sh# π¦ Install system dependencies
sudo apt update && sudo apt install python3-pip python3-dev build-essential rsync inotify-tools
# π Install Python package
sudo pip3 install -e .
# π Create directories
sudo mkdir -p /etc/RevertIT /var/lib/RevertIT
# βοΈ Copy configuration
sudo cp config/revertit.yaml /etc/revertit/config.yaml
# π§ Install systemd service
sudo cp systemd/revertit.service /etc/systemd/system/
sudo systemctl daemon-reloadπ The main configuration file is located at
/etc/revertit/config.yaml.
# π Global settings
global:
default_timeout: 300 # β° Default timeout (5 minutes)
max_timeout: 1800 # β° Maximum timeout (30 minutes)
log_level: INFO
log_file: /var/log/revertit.log
# πΈ Snapshot settings
snapshot:
enable_timeshift: true
snapshot_location: /var/lib/revertit/snapshots
max_snapshots: 10
# ποΈ Monitoring paths
monitoring:
network_configs:
- /etc/network/interfaces
- /etc/netplan/*.yaml
- /etc/NetworkManager/system-connections/*
ssh_configs:
- /etc/ssh/sshd_config
- /etc/ssh/ssh_config.d/*
firewall_configs:
- /etc/iptables/rules.v4
- /etc/ufw/*
# β±οΈ Timeout behavior
timeout:
timeout_action: revert
connectivity_check: true
connectivity_endpoints:
- 8.8.8.8
- 1.1.1.1
revert_grace_period: 30# β
Enable and start the service
sudo systemctl enable revertit
sudo systemctl start revertit
# π Check status
sudo systemctl status revertit# π Show system status
revertit status
# β° List active timeouts
revertit timeouts
# β
Confirm a configuration change
revertit confirm <change-id>
# πΈ Manage snapshots
revertit snapshots list
revertit snapshots create --description "Manual backup before major changes"
# π§ͺ Test system compatibility
revertit testββββββββββββββββββ βββββββββββββββββββββ βββββββββββββββββββ
β π§ Make Config β ββ> β π System Detects β ββ> β πΈ Create β
β Change β β Change β β Snapshot β
ββββββββββββββββββ βββββββββββββββββββββ ββββββββββ¬βββββββββ
β
βΌ
ββββββββββββββββββ βββββββββββββββββββββ βββββββββββββββββββ
β β
Accept β <ββ β User Action? β <ββ β β° Start β
β Change β β β β Timeout β
ββββββββββββββββββ βββββββββββ¬ββββββββββ ββββββββββ¬βββββββββ
β β
β Timeout/Lost βΌ
β Connection βββββββββββββββββββ
β β β οΈ Show Warning β
βΌ βββββββββββββββββββ
ββββββββββββββββββ
β π Auto-Revert β
ββββββββββββββββββ
- π§ Make a configuration change (e.g., edit
/etc/ssh/sshd_config) - π System detects change and creates a snapshot
- β° Timeout starts (default 5 minutes for SSH changes)
β οΈ System shows warning about pending timeout- β
Confirm the change:
revertit confirm ssh_1234567890 - π Or let it auto-revert if you lose connectivity or forget to confirm
| Category | Files | Timeout |
|---|---|---|
| π Network | /etc/network/*, /etc/netplan/* |
10 minutes |
| π SSH | /etc/ssh/* |
15 minutes |
| π‘οΈ Firewall | /etc/iptables/*, /etc/ufw/* |
5 minutes |
| π§ Services | /etc/systemd/system/* |
5 minutes |
| π Other | Various system files | 5 minutes |
Before reverting network changes, the system tests connectivity to configured endpoints (8.8.8.8, 1.1.1.1, google.com by default).
A configurable grace period (default 30 seconds) is provided before performing reverts, allowing for last-minute confirmations.
- π§Ή Automatic cleanup of old snapshots
- π Integration with TimeShift for system-level snapshots
- π― Manual snapshot creation and restoration
- ποΈ Compressed snapshots to save disk space
When snapshots are unavailable, the system can restore sensible default configurations for critical services.
| Distribution | Versions |
|---|---|
| π Ubuntu | 18.04, 20.04, 22.04, 24.04 |
| π΄ Debian | 10, 11, 12 |
| π‘ CentOS | 7, 8, 9 |
| π΄ RHEL | 7, 8, 9 |
| π΅ Fedora | 32+ |
- π΅ Arch Linux
- π’ openSUSE
- ποΈ Alpine Linux
- πͺ Windows WSL
- π MacOS (Coming Soon!)
- πͺ Windows OS (Planned)
- π¦ Automatic detection of package managers (apt, yum, dnf, pacman)
- π§ Service management system detection (systemd, SysV)
- π Network configuration system detection (netplan, NetworkManager, interfaces)
- π‘οΈ Firewall system detection (ufw, firewalld, iptables)
- π Main log:
/var/log/revertit.log - π Automatic log rotation configured
- π Structured logging with timestamps and severity levels
| Level | Description |
|---|---|
| π DEBUG | Detailed operation information |
| βΉοΈ INFO | General operation status |
| Timeout warnings and non-critical issues | |
| β ERROR | Errors during operation |
| π¨ CRITICAL | Critical failures requiring attention |
- π Syslog integration for system logs
- π₯οΈ Desktop notifications (when GUI available)
- π§ Email notifications (configurable)
- π Runs as root (required for system configuration management)
- π Configuration files are root-owned and protected
- π‘οΈ Snapshot directories have restricted permissions
- π Minimal network exposure (only outbound connectivity checks)
- π« No remote management interfaces by default
- π All operations are local to the system
β οΈ Snapshots may contain sensitive configuration data- π§Ή Automatic cleanup prevents accumulation of old snapshots
- π Snapshots are stored in protected directories
# π Check service status and logs
sudo systemctl status revertit
sudo journalctl -u revertit -f
# π§ͺ Test configuration
revertit test# π¦ Install TimeShift
sudo apt install timeshift # Ubuntu/Debian
# βοΈ Configure TimeShift
sudo timeshift --list# π§ Ensure proper permissions
sudo chown -R root:root /etc/revertit
sudo chmod 644 /etc/revertit/config.yaml# π Run in foreground with debug logging
sudo revertit-daemon --config /etc/revertit/config.yaml --foreground- π Python 3.8+
- π¦ pip packages:
psutil,watchdog,pyyaml,croniter
# π₯ Clone repository
git clone https://github.com/ChrisNelsonOK/RevertIT.git
cd RevertIT
# π§ Install in development mode
pip3 install -e .
# π§ͺ Run tests
python -m pytest tests/
# π Run linting
flake8 src/
black src/
mypy src/RevertIT/
βββ π¦ src/revertit/ # Main package code
β βββ π§ daemon/ # Daemon implementation
β βββ πΈ snapshot/ # Snapshot management
β βββ ποΈ monitor/ # Configuration monitoring
β βββ β° timeout/ # Timeout management
β βββ π revert/ # Revert engine
β βββ π§ distro/ # Distribution detection
β βββ π» cli/ # Command-line interface
βββ βοΈ config/ # Default configuration
βββ π§ systemd/ # systemd service files
βββ π scripts/ # Installation scripts
βββ π§ͺ tests/ # Test suite
βββ π docs/ # Documentation
- π΄ Fork the repository
- πΏ Create a feature branch
- βοΈ Make your changes
- π§ͺ Add tests for new functionality
- β Ensure all tests pass
- π€ Submit a pull request
π MIT License - see LICENSE file for details.
| Type | Contact |
|---|---|
| π Issues | GitHub Issues |
| π Documentation | See docs/ directory |
| π Security Issues | Please report privately to [email protected] |
- πΈ TimeShift project for inspiration and integration
- π§ The Linux community for excellent monitoring tools
- π₯ All contributors and users providing feedback
