Vulnerability Host Scanner (Packages)
Prerequisites
- Retrieve your access key to use for
SYSDIG_ACCESS_KEY=<your-access-key> - Check your Sysdig Secure endpoint by region to use for
SYSDIG_API_URL=https://<sysdig-url> - See Host Scanner installation requirements for remaining requirements.
- If you are using an RPM-based operating system, ensure RPM and YUM are installed.
Installation
RPM-Based Operating System
Configure the RPM repository and Sysdig GPG key:
$$sudo rpm --import https://download.sysdig.com/DRAIOS-GPG-KEY.public sudo curl -o /etc/yum.repos.d/draios.repo https://download.sysdig.com/stable/rpm/draios.repo$$Install the vuln-host-scanner package:
$$sudo yum install vuln-host-scanner --refresh -y$$
Note: On RHEL/CentOS platforms, use sudo yum clean expire-cache && sudo yum install vuln-host-scanner -y
Create the vuln-host-scanner configuration file:
$$cat << EOF | sudo tee /opt/draios/etc/vuln-host-scanner/env SYSDIG_ACCESS_KEY=SYSDIG_API_URL= # optional SCAN_ON_START=true EOF$$ Enable and start the vuln-host-scanner.service service:
$$sudo systemctl enable --now vuln-host-scanner.service$$Check logs to see if everything is working as it should:
$$sudo journalctl -fu vuln-host-scanner.service$$
Scan for Containers
You can extend the host scanner to scan for containers such as Docker and Podman.
See Container Scanning for details.
For Other Operating Systems and Raw Binary
Download the latest version of
sysdig-host-scannerwith:Intel Processor (AMD64)
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-host-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-host-scanner/latest_version.txt)/linux/amd64/sysdig-host-scanner"ARM Processor (ARM64)
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-host-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-host-scanner/latest_version.txt)/linux/arm64/sysdig-host-scanner"Optionally, you can check the sha256sum as follows:
Intel Processor (AMD64)
sha256sum -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-host-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-host-scanner/latest_version.txt)/linux/amd64/sysdig-host-scanner.sha256")ARM Processor (ARM64)
sha256sum -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-host-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-host-scanner/latest_version.txt)/linux/arm64/sysdig-host-scanner.sha256")Set the executable flag on the file:
$$chmod +x ./sysdig-host-scanner$$You only need to download and set the executable once.
You can scan the host by running the
sysdig-host-scannercommand:$$SYSDIG_ACCESS_KEY=SYSDIG_API_URL= ./sysdig-host-scanner$$
Optionally, create an environment file to store the configuration and a systemd unit file to run the binary as a service:
Option: Scan for Containers
You can extend the host scanner to scan for containers such as Docker and Podman.
See Container Scanning for details.
Additional Configurations
You can include additional configuration options in the configuration file.
These options are added to /opt/draios/etc/vuln-host-scanner/env:
Kubernetes Metadata
If your node is part of an existing Kubernetes installation and youβre not using the official Helm chart, youβll be in charge of setting node name and cluster name via:
