Remove QCSA Scan Residues
QCSA generates temporary files in a common or shared directory while it is scanning the assets. Once the scan is over, these residue files are not usable. These files are stored under <Path to shared/common directory>/ML-x.x.x-x/tmp. You can use the following command to see where the temporary scan files are present.
Use the following command as an example:
Sample
[root@localhost ~]# ls /usr/qualys/common/ML*/tmp/ /usr/qualys/common/ML-12.16.62-1/tmp/: 126-7-40-4.853 test /usr/qualys/common/ML-12.16.63-1/tmp/: /usr/qualys/common/ML-12.16.64-1/tmp/: /usr/qualys/common/ML-12.16.65-1/tmp/: /usr/qualys/common/ML-12.16.66-1/tmp/: /usr/qualys/common/ML-12.17.39-1/tmp/: /usr/qualys/common/ML-12.17.40-1/tmp/: [root@localhost ~]#
In the above example /usr/qualys/common/ is the docker shared/common directory.
Users can clean residue files using the following steps
- Make sure no active scans are running on any Containerized Scanner on the Docker Host.
- Confirm on the user portal that no active scans are running.
- Stop all Containerized Scanner on Docker Host.
- locate the scan residue files using the command ls
/usr/qualys/common/ML*/tmp/. - Remove the files when required.
-
The sample commands utilize Docker Engine as the container runtime, but they can also be executed using Podman.
-
The default PID limit (total number of processes and threads to run inside a container) for Podman is 2048. If the Docker host already has active processes, this limit may prevent the QCSA containerized scanner from running larger scans. To avoid this restriction when using Podman, we recommend running the QCSA containerized scanner with the --pid-limit -1 option.
For detailed information on the QCSA command parameters used in examples, refer to Containerized Command Components.