Ideally you keep your configs in a git repo (like github). You know what’s modified because you’re the one who modified them. If you modify them - put that config file in the git repo.
As for “put down” I just meant copied to the system (from github) by your automation (like ansible)
For the automating of reinstalls what do you mean?
Is it just a playbook that installs the distro, them installs the same packages, and then restores things like /home from backup?
That, and:
Basically: put everything back as it was right before the ransomware encrypted your system on you.
Then of course - fix what you did wrong that got you compromised. ;-)
How would you determine the configs that were modified? What do you mean put down?
Ideally you keep your configs in a git repo (like github). You know what’s modified because you’re the one who modified them. If you modify them - put that config file in the git repo.
As for “put down” I just meant copied to the system (from github) by your automation (like ansible)
https://docs.ansible.com/ansible/latest/getting_started/index.html