Ideally you keep your configs in a git repo (like github). You know what’s modified because you’re the one who modified them. If you modify them - put that config file in the git repo.
As for “put down” I just meant copied to the system (from github) by your automation (like ansible)
That, and:
Basically: put everything back as it was right before the ransomware encrypted your system on you.
Then of course - fix what you did wrong that got you compromised. ;-)
How would you determine the configs that were modified? What do you mean put down?
Ideally you keep your configs in a git repo (like github). You know what’s modified because you’re the one who modified them. If you modify them - put that config file in the git repo.
As for “put down” I just meant copied to the system (from github) by your automation (like ansible)
https://docs.ansible.com/ansible/latest/getting_started/index.html