check_bundle_audit

New Listings Recently Updated Listings Most Favored Listings Most Popular Listings Most Rated Listings Most Reviewed Listings

Random Project

Conditions File age is

RSS Feed

Newest Listings Updated Listings

Top Contributors

Yoann LAMY (7)Julien DESMAREST (6)Davide Lemma (4)deskwork_itunes142 (4)Chad Columbus (3)

Newest Contributors

Sanna Glue (2)fisherrs (1)juanfertor (1)zsoltaire (1)RavuAlHemio (1)

Security

0 (0)

8,418

Download Copy Page Link

Thank you for your review!

Your review has been submitted and is pending approval.

Description

Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit, written in bash.

Project Details

Current Version

0.6.0

Last Release Date

2017-10-29

Owner

tommarshall

Download URL

https://github.com/tommarshall/nagios-check-bundle-audit

License

MIT

Compatible With

Nagios 1.x
Nagios 2.x
Nagios 3.x

File	Description
check_bundle_audit.sh

Project Notes

Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit.

Usage:

./check_bundle_audit -p <path> [options]

Examples:

# 'Unknown' or 'High' CVEs exit CRITICAL; 'Medium' or 'Low' exit WARNING
./check_bundle_audit -p /var/www/app

# exit CRITICAL if any CVE(s) are present
./check_bundle_audit -p /var/www/app -c all

# exit WARNING if any CVE(s) (including high) are present
./check_bundle_audit -p /var/www/app -c '' -w all

# 'High' CVEs exit CRITICAL; 'Unknown' or 'Medium' exit WARNING; 'Low' exit OK
./check_bundle_audit -p /var/www/app -c high -w medium,unknown

# 'High' CVEs exit CRITICAL; 'Medium', 'Low' or 'Unknown' exit WARNING
./check_bundle_audit -p /var/www/app -c high -w medium,low,unknown

# set full path to bundle-audit
./check_bundle_audit -p /var/www/app -b /usr/local/bin/bundle-audit

# ignore advisories CVE-2016-4658 and CVE-2014-0083
./check_bundle_audit -p /var/www/app -i "CVE-2016-4658 CVE-2014-0083"

Options:

-p, --path <path> path to project
-b --bundle-audit-path path to `bundle-audit` gem
-w, --warning <criticalities> comma seperated CVE criticalities to treat as WARNING
-c, --critical <criticalities> comma seperated CVE criticalities to treat as CRITICAL
-i, --ignore <advisory ID(s)> space seperated advisories to ignore
-V, --version output version
-h, --help output help information
Criticalities:

* -c/--critical takes priority over -w/--warning.
* -c/--critical default is high,unknown.
* -w/--warning default is low,medium,high,unknown.

* Criticality levels:
- low
- medium
- high
- unknown
- all (alias for low,medium,high,unknown)

Troubleshooting:

UNKNOWN: Unable to update ruby-advisory-db

bundler-audit downloads a copy of the Ruby Advisory Database inside the user's home directory. This can cause issues if the user running the script does not have a writable home directory. See https://github.com/tommarshall/nagios-check-bundle-audit/issues/2 for details on how to resolve this.

Dependencies:

* bash
* bundler-audit (https://github.com/rubysec/bundler-audit)

Thank you for your review!

Description

Project Details

Project Files

Project Notes

User Reviews (0)

Add a Review

check_bundle_audit

Thank you for your review!

Description

Project Details

Project Files

Project Notes

User Reviews (0)

Add a Review

Recommend