Linux Filesystem Scanner getting started guide↑

This guide explains how to use the AQtive Guard Filesystem Scanner to obtain a cryptography scan from the filesystem in Linux.

Installation↑

You can download the AQG Filesystem Scanner from the web UI.

The sensor is distributed as a zip package named cs-host-scanner-<VERSION>-x86_64-<PLATFORM>.zip. When you extract this package, it creates a directory named cs-host-scanner-<VERSION>-x86_64-<PLATFORM> that contains an executable cs-host-scanner file and a README file. For instance:

cs-host-scanner-0.9.6-x86_64-linux/
├── cs-host-scanner
└── README.md

You can move the cs-host-scanner-<VERSION>-x86_64-<PLATFORM> directory anywhere on your system.

Caution

If you move the executable file, make sure to also move the DLLs. They must be in the same directory.

Scanning a Filesystem↑

Navigate to a directory where you have write permissions to store scan results.

Move the cs-host-scanner executable file to your chosen directory and run:

Bash

./cs-host-scanner \
    --root /path/to/root/directory \
    --output scan.cst.gz

Note

The AQG Filesystem Scanner only looks for regular files on Linux. It won’t scan block devices such as /dev/sda, but it will scan regular files in directories like /proc or /sys.

When the AQG Filesystem Scanner has finished executing, the directory you chose earlier will contain the generated trace file.

You can change the directory where the AQG Filesystem Scanner generates traces with the --output option.

Note

Refer to the AQG Filesystem Scanner reference for details on using the scanner on Linux and for a list of available parameters.

Upload a trace↑

Refer to these instructions for uploading a trace using the web UI or API.