30 Ways to Validate Configuration Files or Scripts in Linux

Configuration syntax checking and/or testing is a key step to perform after making changes to an application’s or service’s configuration file or even after running updates. This helps to reduce the chances of the service failing to restart due to configuration errors.

Several applications/programs or service daemons ship with commands to check configuration files for syntax correctness. We have put together a list of common applications and services on Linux systems and how to test or validate their configuration files.

Note: Use if you are not logged on a server as the root user, remember to use the sudo command where necessary while invoking a command because some services run with root privileges, and checking their configuration files requires root user permissions.

1. Sudo Command

You can check the sudo configuration file syntax using the visudo command, which supports a --check or -c command line option to only validate a file without an edit. The -f option displays the error message and opens the file for editing:

# visudo -c /etc/sudoers
# visudo -c /etc/sudoers.d/my_config
# visudo -f /etc/sudoers.d/my_config
Check Suders ConfigurationCheck Suders Configuration
Check Suders Configuration

2. Bash Script

You can check Bash scripts for syntax errors as follows:

# bash -n /path/to/scriptname.sh
Check Bash Script Syntax ErrorsCheck Bash Script Syntax Errors
Check Bash Script Syntax Errors

3. Perl Scripts

To check Perl scripts for syntax errors, use the following command:

# perl -c /path/to/scriptname

4. Systemd Unit Files

The “systemd-analyze verify” command allows for testing the systemd unit file for syntax errors. It loads unit files and prints warnings if any errors are detected.

By default, it loads files specified on the command line as an argument, and any other units referenced by them:

# systemd-analyze verify /etc/systemd/system/test.service
Check Systemd Unit Files ConfigurationCheck Systemd Unit Files Configuration
Check Systemd Unit Files Configuration

5. OpenSSH Server

To check the validity of the sshd configuration file and the sanity of the keys, issue the following command. To check a particular configuration file, specify it using the -f flag:

# sshd -t

6. NGINX Web Server

To check the NGINX configuration file, run the nginx command with the -t flag. To specify a different configuration file, use the -c flag:

# nginx -t
# nginx -t -c /etc/nginx/conf.d/example.com.conf
Check Nginx ConfigurationCheck Nginx Configuration
Check Nginx Configuration


To check the php-fpm configuration file, run the following command. Note that calling the -t flag twice (-tt) causes the configuration to be dumped before exiting:

# php-fpm -t
# php-fpm -tt

8. Apache Web Server

You can then check the Apache web server configuration file using the following command:

# apachectl configtest

Alternatively, you can use the following commands on RedHat-based distributions:

# httpd -t

On Debian-based distributions, run:

# apache2ctl -t

9. HAProxy TCP/HTTP Load Balancer

HAProxy’s configuration can be tested using the following command where the -f option specifies the file and -c enables test mode:

# haproxy -f /etc/haproxy/haproxy.cfg -c
Check HAProxy ConfigurationCheck HAProxy Configuration
Check HAProxy Configuration

10. Lighttpd HTTP Server

Run the following command to test Lighttpd’s configuration file syntax. The -t command line option enables Lighttpd to test the default configuration file for syntax errors and exit. Use the -f flag to specify a custom configuration file:

# lighttpd -t
# lighttpd -t -f /path/to/config/file

11. Apache Tomcat

Tomcat web server allows for basic configuration syntax check. First, move into your tomcat installation directory and issue the following command:

# ./bin/catalina.sh configtest
# $TOMCAT_HOME/bin/catalina.sh configtest

12. Pound Reverse Proxy

You can parse the Pound server configuration file before starting the server. Run the pound command with the -c flag without any other argument to check the default configuration file. You can specify a different configuration file using the -f command line option:

# pound -c
# pound -f /path/to/config/file -c

13. Varnishd HTTP Accelerator

To check the varnishdVCL (Varnish Configuration Language) file syntax for any errors, use the following command. If all is OK, the varnish will dump out the generated configuration, otherwise, it will display a specific line number in the file which has an error:

# varnishd -C
# varnishd -f /etc/varnish/default.vcl -C

14. Squid Proxy Caching Server

To pass the squid configuration file for the Squid proxy caching server, issue the following command. The -k option together with the parse or debug subcommands, tell the squid daemon to parse the configuration file or enable debugging mode respectively:

# squid -k parse
# squid -k debug

15. Caddy Web Server

To expose any errors in the Caddy web server configuration, issue the following command. The first one checks the default configuration, alternatively, use the --config command line option to specify a configuration file:

# caddy validate
# caddy validate --config /path/to/config/file

16. vsftpd FTP Server

Run the following command to test the configuration file for the vsftpd FTP server:

# vsftpd
# vsftpd -olisten=NO /path/to/vsftpd.testing.conf

17. DHCPD Server

Run the dhcpd command with the -t flag to check the configuration syntax of the dhcpd server:

# dhcpd -t
# dhcpd -t -cf /path/to/dhcpd.conf

18. MySQL Database Server

Use the following command to test the MySQL database server configuration file syntax. After running the command, if there are no errors, the server terminates with an exit code of 0, otherwise, it displays a diagnostic message and terminates with an exit code of 1:

# mysqld --validate-config

19. MariaDB Database Server

The same command used for the MariaDB database server also works for checking the Mariadb database server configuration file syntax:

# mysqld --validate-config

20. PostgreSQL Server

The following screenshot shows an error in the PostgreSQL configuration file.

PostgreSQL Configuration FilePostgreSQL Configuration File
PostgreSQL Configuration File

To detect such an error, switch to the postgres database user account and access the psql shell. Then run the command to identify errors in your configuration file:

postgres=# select sourcefile, name,sourceline,error from pg_file_settings where error is not null;
Check PostgreSQL ErrorsCheck PostgreSQL Errors
Check PostgreSQL Errors

21. Nagios Monitoring Tool

To verify your Nagios configuration, run the nagios command with the -v flag.

# nagios -v /usr/local/nagios/etc/nagios.cfg

22. Monit Monitoring Tool

Run the monit command with the -t flag to perform a syntax check for the default Monit control file. You can specify a particular control file, use the -c flag:

# monit -t
# monit -t -c path/to/control/file

23. Postfix Mail Server

The following command will help you check Postfix’s configuration files for syntax errors.

# postfix check

This second command is more verbose than the first:

# postfix -vvv
Check Postfix ConfigurationCheck Postfix Configuration
Check Postfix Configuration

24. Dovecot IMAP Server

Check the Dovecot IMAP server configuration syntax using the doveconf command. It will exit with a zero error code if all is OK, otherwise, it exits with a non-zero error code and displays the error message:

# doveconf 1>/dev/null
# echo $?

25. Samba File Server

You can check the Samba file server configuration file using the following command:

# testparm -v

26. Syslogd/Rsyslogd

When you invoke the rsyslod command with the -N1 option, it will enable debug mode and also checks the default configuration file for syntax errors. Use the -f flag to read a custom configuration file:

# rsyslogd -N1
Check Rsyslod ConfigurationCheck Rsyslod Configuration
Check Rsyslod Configuration

27. DNS (BIND) Server

You can check the DNS named configuration file as follows:

# named-checkconf /etc/named.conf

28. NTP – Network Time Protocol

The ntpd configuration syntax can be tested using the following command, where the -d flag enables verbose debug mode, -f specifies the frequency drift filename, and -n implies no fork:

# ntpd -d -f /etc/ntp.conf -n

29. OpenStack-Ansible

Run the following command to check the syntax of an OpenStack-ansible configuration file:

# openstack-ansible setup-infrastructure.yml --syntax-check

30. Logrotate

To debug a logroate (log rotation facility) configuration file, run the logrotate command with the -d option and specify the configuration file:

# logrotate -d /etc/logrotate.d/nginx

That’s all we had for you in this guide. Share your thoughts with us or ask questions via the feedback form below. You can as well share more examples of how to check the configuration syntax of any applications or services not listed here. We shall gladly add your examples to the guide.

Leave a Comment