Unable to update ruby-advisory-db with nagios-nrpe-server

[tommarshall]

bundler-audit downloads a copy of the Ruby Advisory Database inside the user's home directory. This can cause issues if the user running the script does not have a writable home directory.

Some environments (Ubuntu/Debian confirmed) create a home directory for the nagios user, but do not set it as $HOME when running the nagios-nrpe-server daemon.

$HOME is either /root or undefined. In both cases this will cause bundler-audit to fail to update the advisory DB, which leads to false positives.

[tommarshall]

To fix this you can define $HOME by adding the following to /etc/default/nagios-nrpe-server and restarting the service:

export HOME=/var/lib/nagios

Or by explicitly defining it for the command in the nrpe.cfg:

command[check_bundle_audit]=HOME=/var/lib/nagios /etc/nagios/check_bundle_audit.sh -p /var/www/app

$HOME does not have to be /var/lib/nagios, but this is the home directory for the nagios user on Ubuntu 14.04.

$ sudo -H -u nagios env | grep ^HOME
HOME=/var/lib/nagios

/tmp should work if the nagios user does not have a home directory.