Stop and Re-run Containerized Scanner

Running Containerized Scanner can be stopped, killed, and recreated.

To stop the running Containerized Scanner, use the command #docker container stop <Containerized Scanner Name/Containerized Scanner Container ID>.

Use the following example:

Sample

[root@localhost ~]# docker container ls -a
CONTAINER ID  IMAGE                                                     COMMAND     CREATED        STATUS        PORTS       NAMES
75e4b6c3e253  art-hq.intranet.qualys.com:5001/dev-docker/QCSA:1.0.30-1  default     6 seconds ago  Up 6 seconds              Qualys_Container
[root@localhost ~]#
[root@localhost ~]# docker container stop Qualys_Container
Qualys_Container
[root@localhost ~]#
[root@localhost ~]# docker container ls -a
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
[root@localhost ~]#

If the Containerized Scanner is not stopped/killed totally and exited, remove the exited Containerized Scanner using the command #docker container rm <Containerized Scanner Name/Containerized Scanner Container ID>.

Use the following example:

Sample

[root@bhp-docker ~]# docker container ls -a
CONTAINER ID   IMAGE                                             COMMAND                  CREATED         STATUS         PORTS     NAMES
dad6468a865b   art-hq.intranet.qualys.com:5001/dev-docker/QCSA   "/usr/bin/docker-ent…"   8 seconds ago   Up 7 seconds             QCSA-test-1
[root@bhp-docker ~]#
[root@bhp-docker ~]# docker container stop QCSA-test-1
QCSA-test-1
[root@bhp-docker ~]#
[root@bhp-docker ~]# docker container ls -a
CONTAINER ID   IMAGE                                             COMMAND                  CREATED          STATUS                     PORTS     NAMES
dad6468a865b   art-hq.intranet.qualys.com:5001/dev-docker/QCSA   "/usr/bin/docker-ent…"   20 seconds ago   Exited (0) 4 seconds ago             QCSA-test-1
[root@bhp-docker ~]#
[root@bhp-docker ~]# docker container rm QCSA-test-1
QCSA-test-1
[root@bhp-docker ~]#
[root@bhp-docker ~]# docker container ls -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@bhp-docker ~]#
  • A containerized scanner cannot be Re-run if it is in an exited state. It must be removed entirely.
  • Re-running an existing containerized scanner does not require a new code; the same personalization code can be reused.

Once the Containerized Scanner is stopped, it can be restarted without providing the Environment Variables PERSONALIZATION_CODE=$PERSONALIZATION_CODE & QUALYS_URL.

Use the following example.

Sample

[root@localhost ~]# PERSONALIZATION_CODE=xxx5xxx1xxx0xx; NAME=Qualys_Container; docker run -d -v /usr/qualys/common:/usr/local/qualys:z -v /usr/qualys/private/$PERSONALIZATION_CODE:/usr/local/qualys/admin/etc:z --name "$NAME" 6715167e4412
fa81afa51370f228838939c9fa395dba0015bfb6bfd282357f72ae68a587d8c5
[root@localhost ~]#

Any recreation of the Containerized Scanner requires custom parameters for existing configurations, such as a custom root CA, proxy, and many more.

 
  • Qualys strongly recommends against running a containerized scanner in rootless mode, as it may impact scan performance and the consistency of vulnerability results.

  • The sample commands utilize Docker Engine as the container runtime, but can also be executed using Podman.

  •  A low cgroups PID limit (total number of processes and threads to run inside a container) on a Linux host may prevent the QCSA containerized scanner from executing larger scans. Running Containerized scanner with option '--pids-limit -1', this pids limit can be removed, or running Containerized scanner with option '-e DISREGARD_PID_LIMIT=yes' will override the pids limit check.

For detailed information on the QCSA command parameters used in examples, refer to Containerized Command Components.

Related Topics

Understand the logs in Containerized Scanner

Docker Host Maintenance

Manage Containerized Scanner

Troubleshooting