Chapter 15: Detect and Fix Config Drift Across Linux Servers
In this chapter, you'll learn how to use Claude Code to compare configs across multiple servers, spot configuration drift, and generate plain-English drift reports.
In the previous chapter, we learned how to harden the sshd_config file on a single server by making one change at a time and testing each step carefully. That approach works well for one server, but what happens when you have five, ten, or even hundreds of servers?
In real-world environments, it's almost impossible to keep every server configured exactly the same, because sooner or later, configuration drift starts to happen.
Maybe someone applied an emergency fix to web-01 at 2 a.m., but forgot to make the same change on web-02.
Perhaps the database primary received a performance tuning update that never reached the replica, or maybe a security setting was updated on three servers, but one was accidentally missed.
The tricky part is that configuration drift usually goes unnoticed. All the servers are still running, so everything looks fine, but the problems only show up later when different servers start behaving differently.
When a load balancer sends traffic to a server with an outdated configuration, or when an audit requires proof that every server is configured the same. At that point, finding out what changed, where it changed, and when it changed can take a lot of time.
Claude Code makes this much easier, as it can compare configuration files from multiple servers at the same time and clearly explain every difference in plain English.
By the end of this chapter, you'll learn how to collect configuration files from multiple servers, compare them with Claude Code, and create a configuration drift report that helps you quickly spot and fix inconsistencies.