Remove QCSA Packages

Once the QCSA packages are installed, their RPMs are no longer needed. When the containerized scanner checks for updates, it also looks for RPMs older than 90 days and removes them. You can also manually remove RPMs as needed.

The RPMs are stored in <Path to shared directory>/admin/packages.

Sample

[root@localhost ~]# ls -l /usr/qualys/shared/admin/packages/*
/usr/qualys/shared/admin/packages/backup:
total 824100
-rw-------. 1 66 66  24113841 May  4 20:42 ML-12.10.25-1.i586_26.rpm
-rw-------. 1 66 66  24611759 May  4 20:42 ML-12.11.37-1.i586_26.rpm
-rw-------. 1 66 66  24589449 May  4 20:42 ML-12.12.48-1.i586_26.rpm
-rw-------. 1 66 66  24688572 May  4 20:42 ML-12.13.38-1.i586_26.rpm
-rw-------. 1 66 66  24773525 May  4 20:42 ML-12.14.24-1.i586_26.rpm
-rw-------. 1 66 66  24793029 May  4 20:42 ML-12.15.59-1.i586_26.rpm
-rw-------. 1 66 66  25309547 May  4 20:42 ML-12.16.52-1.i586_26.rpm
-rw-------. 1 66 66  25438209 Aug  3  2024 ML-12.17.39-1.i586_26.rpm
-rw-------. 1 66 66  25437551 Aug  3  2024 ML-12.17.40-1.i586_26.rpm
-rw-------. 1 66 66  23422331 May  4 20:42 ML-12.8.23-1.i586_26.rpm
-rw-------. 1 66 66  24070958 May  4 20:42 ML-12.9.26-1.i586_26.rpm
-rw-------. 1 66 66 211839073 May  4 20:42 QCORE2-3.7.1-1.i386_26.rpm
-rw-------. 1 66 66 211829796 May  4 20:42 QCORE2-3.8.3-1.i386_26.rpm
-rw-------. 1 66 66  70539734 May  4 20:42 VULNSIGS-2.6.20-3.i586_26.rpm
-rw-------. 1 66 66  78389091 May  4 20:42 WAS-8.29.69-1.i586_26.rpm
  
/usr/qualys/shared/admin/packages/incoming:
total 0
  
/usr/qualys/shared/admin/packages/prod:
total 0
  
/usr/qualys/shared/admin/packages/rejected:
total 0
[root@localhost ~]#

In the above example /usr/qualys/shared/admin/packages is a shared directory.

  • The backup/subdirectory contains RPMs for packages that have already been installed, and the rejected/subdirectory contains RPMs for packages that failed to install. It is safe to delete RPMs from both of these subdirectories.

  •  If insufficient file permissions prevent deletion of these files on the Linux host, delete them from inside the running containerized scanner instead. The files are located at /usr/local/qualys/admin/packages within the container.

    To access the container's bash console and navigate to the package directory, you can run the following commands:

    root@localhost:~# docker exec -it Qualys_Container bash
[root@62e281d9c1b4 /]#
[root@62e281d9c1b4 /]# cd /usr/local/qualys/admin/packages/
[root@62e281d9c1b4 packages]# ls
backup  incoming  prod  rejected
[root@62e281d9c1b4 packages]#

  • Qualys strongly recommends against running a containerized scanner in rootless mode, as it may impact scan performance and the consistency of vulnerability results.

  • The sample commands utilize Docker Engine as the container runtime, but they can also be executed using Podman.

  • A low cgroups PID limit (total number of processes and threads to run inside a container) on linux host, may prevent the QCSA containerized scanner from executing larger scans. Running Containerized scanner with option '--pids-limit -1' this pids limit can be removed or running Containerized scanner with option '-e DISREGARD_PID_LIMIT=yes' will override the pids limit check.

For detailed information on the QCSA command parameters used in examples, refer to Containerized Command Components.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.