check_bundle_audit

Submit review Recommend Print

Rating

0 votes

Favoured:

Current Version

0.6.0

Last Release Date

2017-10-29

Compatible With

Nagios 1.x
Nagios 2.x
Nagios 3.x

Owner

tommarshall

Download URL

github.com/tommarshall/nagios-check-bundle-audit

License

MIT

Hits

7291

Files:

File	Description
check_bundle_audit.sh	check_bundle_audit.sh

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Download Now

Monitoring Made Magically Better

Nagios Core on Overdrive
Powerful Monitoring Dashboards
Time-Saving Configuration Wizards
Open Source Powered Monitoring On Steroids
And So Much More!

Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit, written in bash.

Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit.

Usage:

./check_bundle_audit -p [options]

Examples:

# 'Unknown' or 'High' CVEs exit CRITICAL; 'Medium' or 'Low' exit WARNING
./check_bundle_audit -p /var/www/app

# exit CRITICAL if any CVE(s) are present
./check_bundle_audit -p /var/www/app -c all

# exit WARNING if any CVE(s) (including high) are present
./check_bundle_audit -p /var/www/app -c '' -w all

# 'High' CVEs exit CRITICAL; 'Unknown' or 'Medium' exit WARNING; 'Low' exit OK
./check_bundle_audit -p /var/www/app -c high -w medium,unknown

# 'High' CVEs exit CRITICAL; 'Medium', 'Low' or 'Unknown' exit WARNING
./check_bundle_audit -p /var/www/app -c high -w medium,low,unknown

# set full path to bundle-audit
./check_bundle_audit -p /var/www/app -b /usr/local/bin/bundle-audit

# ignore advisories CVE-2016-4658 and CVE-2014-0083
./check_bundle_audit -p /var/www/app -i "CVE-2016-4658 CVE-2014-0083"

Options:

-p, --path path to project
-b --bundle-audit-path path to `bundle-audit` gem
-w, --warning comma seperated CVE criticalities to treat as WARNING
-c, --critical comma seperated CVE criticalities to treat as CRITICAL
-i, --ignore space seperated advisories to ignore
-V, --version output version
-h, --help output help information
Criticalities:

* -c/--critical takes priority over -w/--warning.
* -c/--critical default is high,unknown.
* -w/--warning default is low,medium,high,unknown.

* Criticality levels:
- low
- medium
- high
- unknown
- all (alias for low,medium,high,unknown)

Troubleshooting:

UNKNOWN: Unable to update ruby-advisory-db

bundler-audit downloads a copy of the Ruby Advisory Database inside the user's home directory. This can cause issues if the user running the script does not have a writable home directory. See https://github.com/tommarshall/nagios-check-bundle-audit/issues/2 for details on how to resolve this.

Dependencies:

* bash
* bundler-audit (https://github.com/rubysec/bundler-audit)

Reviews (0)

Be the first to review this listing!

Nagios, the Nagios logo, and Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises. All other servicemarks and trademarks are the property of their respective owner. The files and information on this site are the property of their respective owner(s). Nagios Enterprises makes no claims or warranties as to the fitness of any file or information on this website, for any purpose whatsoever. In fact, we officially disclaim all liability. We do, however, think these community contributions are pretty damn cool. Website Copyright © 2009-2024 Nagios Enterprises, LLC. All rights reserved.