Stop and Re-run Containerized Scanner
Running Containerized Scanner can be stopped, killed, and recreated.
To stop the running Containerized Scanner, use the command #docker container stop <Containerized Scanner Name/Containerized Scanner Container ID>.
Use the following example:
Sample
[root@localhost ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 75e4b6c3e253 art-hq.intranet.qualys.com:5001/dev-docker/QCSA:1.0.30-1 default 6 seconds ago Up 6 seconds Qualys_Container [root@localhost ~]# [root@localhost ~]# docker container stop Qualys_Container Qualys_Container [root@localhost ~]# [root@localhost ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]#
If the Containerized Scanner is not stopped/killed totally and exited, remove the exited Containerized Scanner using the command #docker container rm <Containerized Scanner Name/Containerized Scanner Container ID>.
Use the following example:
Sample
[root@bhp-docker ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dad6468a865b art-hq.intranet.qualys.com:5001/dev-docker/QCSA "/usr/bin/docker-ent…" 8 seconds ago Up 7 seconds QCSA-test-1 [root@bhp-docker ~]# [root@bhp-docker ~]# docker container stop QCSA-test-1 QCSA-test-1 [root@bhp-docker ~]# [root@bhp-docker ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dad6468a865b art-hq.intranet.qualys.com:5001/dev-docker/QCSA "/usr/bin/docker-ent…" 20 seconds ago Exited (0) 4 seconds ago QCSA-test-1 [root@bhp-docker ~]# [root@bhp-docker ~]# docker container rm QCSA-test-1 QCSA-test-1 [root@bhp-docker ~]# [root@bhp-docker ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@bhp-docker ~]#
- A containerized scanner cannot be Re-run if it is in an exited state. It must be removed entirely.
- Re-running an existing containerized scanner does not require a new code; the same personalization code can be reused.
Once the Containerized Scanner is stopped, it can be restarted without providing the Environment Variables PERSONALIZATION_CODE=$PERSONALIZATION_CODE & QUALYS_URL.
Use the following example.
Sample
[root@localhost ~]# PERSONALIZATION_CODE=xxx5xxx1xxx0xx; NAME=Qualys_Container; docker run -d -v /usr/qualys/common:/usr/local/qualys:z -v /usr/qualys/private/$PERSONALIZATION_CODE:/usr/local/qualys/admin/etc:z --name "$NAME" 6715167e4412 fa81afa51370f228838939c9fa395dba0015bfb6bfd282357f72ae68a587d8c5 [root@localhost ~]#
Any recreation of the Containerized Scanner requires custom parameters for existing configurations, such as a custom root CA, proxy, and many more.
-
Qualys strongly recommends against running a containerized scanner in rootless mode, as it may impact scan performance and the consistency of vulnerability results.
-
The sample commands utilize Docker Engine as the container runtime, but can also be executed using Podman.
-
A low cgroups PID limit (total number of processes and threads to run inside a container) on a Linux host may prevent the QCSA containerized scanner from executing larger scans. Running Containerized scanner with option
'--pids-limit -1'
, this pids limit can be removed, or running Containerized scanner with option'-e DISREGARD_PID_LIMIT=yes'
will override the pids limit check.
For detailed information on the QCSA command parameters used in examples, refer to Containerized Command Components.
Related Topics
Understand the logs in Containerized Scanner