Installing the Sensor on Linux Host having a Container Runtime

You can install the Qualys Container Sensor on Linux using a Docker runtime and Podman runtime.

This topic explains sensor installations using 'Sensor Installation Shell Script' (installSensor.sh).

To install the Sensor without persistent storage, exclude the 'Storage' option, and include the '--sensor-without-persistent-storage' option in the Sensor Installation Shell Script.
It is recommended to use the '--enable-console-logs' option along with '--sensor-without-persistent-storage' to preserve the logs as data is not available on host but stored at the /usr/local/qualys/qpa/data folder relative to the Sensor.

Pre-requisites

  1. Download the QualysContainerSensor.tar.xz file using the 'Download Container Sensor' button on the Home page or from the Configurations > Sensors tab on Qualys Cloud Platform.
  2. Copy the file to the target Linux host.
  3. Perform the following actions in sequence.
    1. Extract the Sensor tar file:
      sudo tar -xvf QualysContainerSensor.tar.xz
    2. Create a directory where the sensor data like configuration, manifest, logs, and setup is stored:
      sudo mkdir -p /usr/local/qualys/sensor/data
    3. Provide the required permissions to storage:
      sudo chmod 777 /usr/local/qualys/sensor/data

Docker Runtime on a Linux Host

To install any sensor (General, or CI/CD, or Registry) on a Linux Host having Docker Runtime,

  1. Perform the steps mentioned above (Step 1 to Step 3 mentioned in Pre-requisites).
  2. Run the following commands.

The CS sensor installation command includes the Activation ID and your Customer ID, both generated based on your subscription.
The Storage parameter specifies where to install the sensor.

  • Use the following command to install a General Sensor:
    sudo ./installsensor.sh ActivationId=d5814d5f-5fd2-****-8969-e03c****4ef5 CustomerId=6f35826e-4430-****-8356-c444a0ab**** Storage=/usr/local/qualys/sensor/data -s StorageDriverType=overlay2
  • Use the following command to install a Registry Sensor:
    sudo ./installsensor.sh ActivationId=d5814d5f-5fd2-****-8969-e03c****4ef5 CustomerId=6f35826e-4430-****-8356-c444a0ab**** Storage=/usr/local/qualys/sensor/data -s -r StorageDriverType=overlay2
  • Use the following command to install a CI/CD Sensor:
    sudo ./installsensor.sh ActivationId=5fd2-****-8969-e03c****4ef5 CustomerId=6f35826e-4430-****-8356-c444a0ab**** Storage=/usr/local/qualys/sensor/data -s -c StorageDriverType=overlay2

Podman Runtime on a Linux Host

This section explains General and Registry sensor installation on a Linux host having Podman runtime. 

Currently, Qualys Container Security supports only General and Registry Sensors on a Linux Host with Podman Runtime.

Install General Sensor on Linux with Podman Runtime

This section explains how to install a General Sensor on a Linux Host having Podman Runtime.

Qualys General Sensor with Podman Runtime supports,
- Only Static scan for images
- Containers are not scanned but are listed and sent to your Qualys Enterprise TruRisk™ Platform account

Pre-requisites

  • Sensor needs Podman.socket. Run the following commands.
    • To create a Podman Socket: systemctl --user enable podman.socket
    • To start the newly created Podman Socket: systemctl --user start podman.socket

To install General sensor on a Linux host having Podman Runtime, 

  1. Perform the Step 1 to Step 3 mentioned in Pre-requisites.
  2. Run the following commands.
    sudo ./installsensor.sh ActivationId=5fd2-****-8969-e03c****4ef5 CustomerId=6f35826e-4430-****-8356-c444a0ab**** Storage=/usr/local/qualys/sensor/data -s LogLevel=5 POD_URL=<Qualys_Pod_URL>/ContainerSensor ContainerRuntime=podman StorageDriverType=overlay

The CS sensor installation command includes the 'Activation ID' and your 'Customer ID', both generated based on your subscription.
The Storage parameter specifies where to install the sensor.

Install Registry Sensor on Linux with Podman Runtime

Pre-requisites

  • Sensor needs Podman.socket
    • sudo systemctl enable --now podman.socket
    • sudo systemctl start --now podman.socket
  • Sensor needs to be run as a root (sudo) user
  • Minimum Podman version: 4.9.4 and above 

To install Registry sensor on a Linux host having Podman Runtime,

  1. Perform the Step 1 to Step 3 mentioned in Pre-requisites.
  2. Run the following commands.
    sudo ./installsensor.sh ActivationId=5fd2-****-8969-e03c****4ef5 CustomerId=6f35826e-4430-****-8356-c444a0ab**** Storage=/usr/local/qualys/sensor/data -s -r ContainerRuntime=podman StorageDriverType=overlay

The CS sensor installation command includes the 'Activation ID' and your 'Customer ID', both generated based on your subscription.
The Storage parameter specifies where to install the sensor.

 

To know about InstallSensor shell script parameters, refer to Installsensor Shell Script Command Line Parameters.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: September, 2025