This guide explains various methods to recover default configuration files on Linux.
Debian/Ubuntu :#
For many cases, the default configuration file is provided by a package directly. In such cases, you can extract the specific file from the package, thus easily recovering the file.
To check if a package provides the file, run dpkg -S on the full path of the file. For example:
$ dpkg -S /etc/ssh/sshd_config /etc/ssh/ssh_config /etc/sudoers
dpkg-query: no path found matching pattern /etc/ssh/sshd_config
openssh-client: /etc/ssh/ssh_config
sudo: /etc/sudoers
Provided by a package#
Method 1#
As we can see, /etc/ssh/sshd_config is not directly provided by any package, but the other two are provided by openssh-client and sudo respectively. So, if you wished to recover /etc/ssh/ssh_config, first get the package:
- Download the package:
apt-get download openssh-client
- Then extract its file system tree data to a
.tarfile:
dpkg-deb --fsys-tarfile openssh-client_1%3a7.9p1-10+deb10u4_amd64.deb > pkg.tar
- Finally extract only that exact configuration anywhere you want it to be:
tar -Oxf pkg.tar ./etc/ssh/ssh_config | sudo tee /etc/ssh/sshd_config
./etc/lightdm/unity-greeter.confis the file name in our archive./etc/lightdm/unity-greeter.confis where I’m sending it to be stored.
Or we can do steps 2 and 3 with a one-liner:
dpkg-deb --fsys-tarfile sudo_1.9.13p3-1+deb12u1_amd64.deb | sudo tar -x -C / ./etc/sudoers
Method 2#
- Find out [what package installed the config file:
$ dpkg -S /etc/nginx
nginx-common: /etc/nginx
As you can see, the name of the package is nginx-common.
If you deleted a directory, like /etc/pam.d, you can list every package that added to it by using the directory path:
$ dpkg -S /etc/pam.d
login, sudo, libpam-runtime, cups-daemon, openssh-server, cron, policykit-1, at, samba-common, ppp, accountsservice, dovecot-core, passwd: /etc/pam.d
- Run the following command, replacing
<package-name>with the name of the package:
sudo apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" <package-name>
Or run combine it with dpkg -S
sudo apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" $(dpkg -S /etc/some/directory | sed 's/,//g; s/:.*//')
- If everything worked as expected, you should get a message:
Preparing to unpack .../sudo_1.9.13p3-1+deb12u1_amd64.deb ...
Unpacking sudo (1.9.13p3-1+deb12u1) over (1.9.13p3-1+deb12u1) ...
Setting up sudo (1.9.13p3-1+deb12u1) ...
Configuration file '/etc/pam.d/sudo', does not exist on system.
Installing new config file as you requested.
Configuration file '/etc/pam.d/sudo-i', does not exist on system.
Installing new config file as you requested.
Configuration file '/etc/sudoers', does not exist on system.
Installing new config file as you requested.
Processing triggers for libc-bin (2.36-9+deb12u7) ...
CentOS/RHEL :#
Method 1: Using RPM to Verify and Restore Files#
First, identify which package provides the configuration file:
rpm -qf /path/to/config/file
Verify the package to see what files are missing or modified:
rpm -V package_name
Restore the specific configuration file:
rpm --restore package_name /path/to/config/file
For older versions of RPM where the above command doesn’t work:
# Find which package owns the file
rpm -qf /path/to/config/file
# List all files in the package to confirm it's included
rpm -ql package_name
# Reinstall the package
rpm --reinstall package_name
Method 2: Extract Configuration Files from RPM Packages#
Download the package if needed:
yum reinstall package_name --downloadonly --downloaddir=/tmp
Extract the configuration file from the RPM package:
rpm2cpio /tmp/package_name.rpm | cpio -idv ./path/to/config/file
Copy the extracted file to the correct location:
cp ./path/to/config/file /path/to/config/file
Method 3: Using yum to Reinstall Packages#
If you need to reinstall a package with its default configuration:
sudo yum reinstall package_name
When prompted, choose to replace the configuration file.
For Configuration Files in /etc#
Many configuration files are marked as “config” files in RPM. To list all configuration files in a package:
rpm -qc package_name
Then use the reinstall method:
sudo yum reinstall package_name
Handling SELinux Context#
After restoring configuration files, restore the proper SELinux context:
restorecon -v /path/to/config/file
Example : Restoring SSH configuration#
# Find which package owns the SSH config
rpm -qf /etc/ssh/sshd_config
# Output: openssh-server-8.0p1-4.el8_1.x86_64
# Reinstall the package
sudo yum reinstall openssh-server
# Restore SELinux context
sudo restorecon -v /etc/ssh/sshd_config