Change Management Patterns

Change management patterns from real production changes. Every entry has a date and context.

2026-03: Verify Before AND After Every Change

Situation: Made a config change without checking the before state — couldn’t prove what changed when things broke

Context: sed in-place editing, SSH config modifications, ISE policy changes

The Pattern:

# ALWAYS: verify -> change -> verify
sudo awk 'NR==73' /etc/ssh/sshd_config                    # BEFORE
sudo sed -i '73s/#GSSAPIAuthentication no/GSSAPIAuthentication yes/' /etc/ssh/sshd_config  # CHANGE
sudo awk 'NR==73' /etc/ssh/sshd_config                    # AFTER

Principle: If you don’t capture the before state, you can’t prove what you changed. Verify-change-verify is non-negotiable. This applies to CLI commands, ISE policies, firewall rules — everything.

Source: Multiple incidents, formalized as standard practice