Docker: Install a sensor
Compatible with Docker Engine 18.06.3 or later and Docker Compose 1.26.2 or later.
Before you begin
Verify you've met all the network requirements.
Verify you've met all the deployment requirements.
Verify your docker system meets all the hardware and software requirements.
Make sure you have administrator privileges.
See Discovery workflow and permissions and Sensor installation requirements.
Install sensor
Download the sensor from your CertCentral account
In your CertCentral account, in the left main menu, go to Discovery > Manage Discovery.
On the Manage scans page, select Add sensor.
On the Set up a sensor page, under step 1 Download a discovery sensor in the Docker section, select Download.
You can also download the sensor from here: Docker Compose sensor file.
Save the Docker Compose file (digicert_sensor_docker-compose.yml) in your system. Make sure to note the location.
Create the installation directory and configure the sensor
Create the installation directory.
For example:
install_dir
And copy the digicert_sensor_docker-compose.yml file in the installation directory.
Open the digicert_sensor_docker-compose.yml file in a text editor.
Edit the file to provide the information for the following parameters to configure the sensor:
Username
Password
Division name
Sensor name
Save the file.
The digicert_sensor_docker-compose.yml file looks like this:
# # To install a sensor # https://docs.digicert.com/certificate-tools/discovery-user-guide/installing-sensor/docker-install-sensor/ # Sensor installation requirements # https://docs.digicert.com/certificate-tools/discovery-user-guide/sensor-installation-requirements/#docker-engine-190313-and-later version: '3.7' services: sensor: image: digicertinc/digicert-sensor:latest ports: - "8088:8080" volumes: - "./sensor_home/:/usr/local/digicert/sensor/mounts/" entrypoint: > /usr/local/digicert/sensor/start.sh -u username -p passsword -d "divisionName" -s sensorName stop_grace_period: 30s
Parameter | Description |
---|---|
Version | Docker Compose version. |
Service | This section defines the sensor container created on your host server. |
Image | This section specifies the docker image repository/image name and its version tag. |
Port | This section defines the ports mapped between the host server and the docker container for communication. Note: Each sensor must be configured with different ports and all the ports must be mapped to communicate outside the sensor container. Example: ports: - "8088:8080" Here, the docker sensor container is configured to port 8080. But it cannot communicate with the host server (external system) that is configured to port 8088. To establish communication between the host server and docker container, these ports need to be mapped. If you’re running multiple docker sensor containers, the exposed port 8080 allows these containers to establish communication with each other. But if an Agent or an external system wants to establish communication, they need to be mapped with the port 8088. |
Volume | This section defines the directories mounted to the docker container. Example: volumes: - "./sensor_home/:/usr/local/digicert/sensor/mounts/" Here, host directory Directories mounted to the docker sensor container allow you to access and manage the data associated with the sensor from outside the docker container. If you’re running multiple docker sensor containers, mounted directories allow you to access, share, and manage the sensor's data through common storage outside the containers. Note: The host directory (install_dir) stores all the data associated with the sensor–configuration file, log file, and sensor data. |
Username | Username of the CertCentral account. |
Password | Password of the CertCentral account. |
Division name | Name of the division you want to assign the sensor to. |
Sensor name | Friendly name of the sensor. |
Stop grace period | Specifies the period of time to wait to stop a docker container. |
Note
Username, Password, Division name, and Sensor name information are used to provision a sensor to a CertCentral account.
Start the sensor
Now that the sensor is installed on your system:
Go to the sensor installation directory (for example, install_dir
) and run the docker-compose -f digicert_sensor_docker-compose.yml up -d
command to create and start the sensor container.
What's next
Verify sensor installation:
Check the sensor status in your CertCentral account.
Go to the installation directory and run the
docker ps | grep sensor
ordocker-compose -f digicert_sensor_docker-compose.yml logs -f
command.Check the sensor status logs located in
install_dir/sensor_home/logs/sensor.log
.
You're ready to set up and run a scan using this sensor. See Set up and run a scan.
If you're using multiple sensors, rename the sensors to make tracking and identification easier. See Rename the sensor.