Docker: Install a sensor

Compatible with Docker Engine 18.06.3 or later and Docker Compose 1.26.2 or later.

Before you begin

  • Verify you've met all the network requirements
  • Verify you've met all the deployment requirements
  • Verify your docker system meets all the hardware and software requirements
  • Have admin privileges

Install sensor

Download the sensor from your CertCentral account

  1. In CertCentral, in the sidebar menu, click Discovery > Manage Discovery.

  2. On the Manage scans page, click Add sensor.

  3. On the Set up a sensor page, under step 1 Download a discovery sensor in the Docker section, click Download.

  4. Save the Docker Compose file (digicert_sensor_docker-compose.yml) in your system. Make sure to note the location.

Create the installation directory and configure the sensor

  1. Create the installation directory.

    For example:

    install_dir

    And copy the digicert_sensor_docker-compose.yml file in the installation directory.

  2. Open the digicert_sensor_docker-compose.yml file in a text editor.

  3. Edit the file to provide the information for the following parameters to configure the sensor.

    • Username
    • Password
    • Division name
    • Sensor name
  4. Save the file.

The digicert_sensor_docker-compose.yml file looks like this:

generic
#
#   To install a sensor
#     https://docs.digicert.com/certificate-tools/discovery-user-guide/installing-sensor/docker-install-sensor/
#   Sensor installation requirements
#     https://docs.digicert.com/certificate-tools/discovery-user-guide/sensor-installation-requirements/#docker-engine-190313-and-later

version: '3.7'
services:
  sensor:
    image: digicertinc/digicert-sensor:latest
    ports:
      - "8088:8080"
    volumes:
      - "./sensor_home/:/usr/local/digicert/sensor/mounts/"
    entrypoint: >
         /usr/local/digicert/sensor/start.sh
         -u username
         -p passsword
         -d "divisionName"
         -s sensorName
    stop_grace_period: 30s
Parameter Description
Version Docker Compose version.
Service This section defines the sensor container created on your host server.
Image This section specifies the docker image repository/image name and its version tag.
Port This section defines the ports mapped between the host server and the docker container for communication.

Note: Each sensor must be configured with different ports and all the ports must be mapped to communicate outside the sensor container.

Example:
ports:
- "8088:8080"

Here, the docker sensor container is configured to port 8080. But it cannot communicate with the host server (external system) that is configured to port 8088. To establish communication between the host server and docker container, these ports need to be mapped.

If you’re running multiple docker sensor containers, the exposed port 8080 allows these containers to establish communication with each other. But if an Agent or an external system wants to establish communication, they need to be mapped with the port 8088.
Volume This section defines the directories mounted to the docker container.

Example:
volumes:
- "./sensor_home/:/usr/local/digicert/sensor/mounts/"

Here, host directory "./sensor_home/" is being mounted to the docker container "/usr/local/digicert/sensor/mounts/" directory.

Directories mounted to the docker sensor container allow you to access and manage the data associated with the sensor from outside the docker container.

If you’re running multiple docker sensor containers, mounted directories allow you to access, share, and manage the sensor's data through common storage outside the containers.

Note: The host directory (install_dir) stores all the data associated with the sensor–configuration file, log file, and sensor data.
Username Username of the CertCentral account.
Password Password of the CertCentral account.
Division name Name of the division you want to assign the sensor to.
Sensor name Friendly name of the sensor.
Stop grace period Specifies the period of time to wait to stop a docker container.

Username, Password, Division name, and Sensor name information are used to provision a sensor to a CertCentral account.

Start the sensor

Now that the sensor is installed on your system.

Go to the sensor installation directory (for example, install_dir ) and run the docker-compose -f digicert_sensor_docker-compose.yml up -d command to create and start the sensor container.

What's next

Verify sensor installation:

  • Check the sensor status in your CertCentral account.
  • Go to the installation directory and run docker ps | grep sensor or docker-compose -f digicert_sensor_docker-compose.yml logs -f command.
  • Check the sensor status logs located in install_dir/sensor_home/logs/sensor.log.

You're ready to set up and run a scan using this sensor. See Set up and run a scan.

If you're using multiple sensors, rename the sensors to make tracking and identification easier. See Rename the sensor.