Skip to content

tommarshall/nagios-check-bundle-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits

test

test

 
 

.editorconfig

.editorconfig

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

check_bundle_audit

check_bundle_audit

 
 

Repository files navigation

Nagios check_bundle_audit

Build Status

Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit.

Installation

Install the bundler-audit gem.

Download the check_bundle_audit script and make it executable.

Define a new command in the Nagios config, e.g.

define command {
    command_name    check_bundle_audit
    command_line    $USER1$/check_bundle_audit -p /var/www/app
}

Usage

./check_bundle_audit -p <path> [options]

Examples

# 'Unknown' or 'High' CVEs exit CRITICAL; 'Medium' or 'Low' exit WARNING
./check_bundle_audit -p /var/www/app

# exit CRITICAL if any CVE(s) are present
./check_bundle_audit -p /var/www/app -c all

# exit WARNING if any CVE(s) (including high) are present
./check_bundle_audit -p /var/www/app -c '' -w all

# 'High' CVEs exit CRITICAL; 'Unknown' or 'Medium' exit WARNING; 'Low' exit OK
./check_bundle_audit -p /var/www/app -c high -w medium,unknown

# 'High' CVEs exit CRITICAL; 'Medium', 'Low' or 'Unknown' exit WARNING
./check_bundle_audit -p /var/www/app -c high -w medium,low,unknown

# set full path to bundle-audit
./check_bundle_audit -p /var/www/app -b /usr/local/bin/bundle-audit

# ignore advisories CVE-2016-4658 and CVE-2014-0083
./check_bundle_audit -p /var/www/app -i "CVE-2016-4658 CVE-2014-0083"

Options

-p, --path <path>              path to project
-b  --bundle-audit-path        path to `bundle-audit` gem
-w, --warning <criticalities>  comma seperated CVE criticalities to treat as WARNING
-c, --critical <criticalities> comma seperated CVE criticalities to treat as CRITICAL
-i, --ignore <advisory ID(s)>  space seperated advisories to ignore
-V, --version                  output version
-h, --help                     output help information

Criticalities

  • -c/--critical takes priority over -w/--warning.
  • -c/--critical default is high,unknown.
  • -w/--warning default is low,medium,high,unknown.
  • Criticality levels:
    • low
    • medium
    • high
    • unknown
    • all (alias for low,medium,high,unknown)

Troubleshooting

UNKNOWN: Unable to update ruby-advisory-db

bundler-audit downloads a copy of the Ruby Advisory Database inside the user's home directory. This can cause issues if the user running the script does not have a writable home directory. See #2 for details on how to resolve this.

Dependencies

About

Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit.

exchange.nagios.org/directory/Plugins/Security/check_bundle_audit/details

Topics

monitoring nagios nagios-plugins security-vulnerability bundler-audit monitor-ruby-applications

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

6 tags

Packages

No packages published

Languages