add sudoers check with visudo as proposed here: https://blog.afoolishmanifesto.com/posts/checking-sudoers-with-visudo-in-saltstack/

8 years ago · 8d3f4d9894
parent 2045591a9d
commit 8d3f4d9894
2 changed files with 2 additions and 0 deletions
--- a/sudoers/included.sls
+++ b/sudoers/included.sls
@ -13,6 +13,7 @@ include:
    - mode: 440
    - template: jinja
    - source: salt://sudoers/files/sudoers
+    - check_cmd: /usr/sbin/visudo -c -f
    - context:
        included: True
        sudoers: {{ spec|json }}
--- a/sudoers/init.sls
+++ b/sudoers/init.sls
@ -11,6 +11,7 @@ sudo:
    - mode: 440
    - template: jinja
    - source: salt://sudoers/files/sudoers
+    - check_cmd: /usr/sbin/visudo -c -f
    - context:
        included: False
    - require: