Cloud Agent Installation Steps

The following are the installation steps to install Qualys Cloud Agent on the AWS Bottlerocket container host.

1. Download the Qualys Cloud Agent installer (tar.xz) for the AWS Bottlerocket container host from Qualys Cloud Platform. To learn more about downloading Cloud Agent, refer to Download Cloud Agent Installer.
2. Extract the downloaded Qualys Cloud Agent file on your jump host, using the following command:
   
   tar -xvf <qualys-cloud-agent-installer>
   
   For example,
   tar -xvf QualysCloudAgent.tar.xz
3. Load the extracted Cloud Agent image to the jump host using the following command.
   
   docker load -i <qualys-cloud-agent-image>
   
   For example,
   docker load -i QualysCloudAgent.tar
4. Log in to the ECR repository using the following command.
   
   aws ecr get-login-password --region <region> docker login --username AWS --password-stdin <ECR repository url>
   
   For example,
   aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-east-1.amazonaws.com
5. Tag the extracted Qualys Cloud Agent image to the ECR repository using the following command.
   
   docker tag <Image Name/ID>: <Tag Name> <ECR repository url>/<repo name>: <Tag Name>
   
   For example,
   docker tag qualys/linux-cloud-agent:1.2.123-4 123456789012.dkr.ecr.us-east-1.amazonaws.com/<local repo>:1.2.123-4
6. Push the Cloud Agent image to ECR repository using the following command.
   
   docker push <ECR repository url> <repo name>: <Tag Name>
   
   For example,
   docker push 123456789012.dkr.ecr.us-east-1.amazonaws.com/<local repo>:1.2.123-4
7. Open the .yml file in the jump host and update it with the following parameters:

   Parameters	Description
   activation-id	activation-id for the Qualys Cloud Agent for AWS Bottlerocket container host, auto-generated based on your subscription.
   customer-id	The customer-id of your Qualys subscription is auto-generated based on your subscription.
   server-uri	https://qagpublic.qg1.apps.qualys.com/CloudAgent This server-uri is associated with the activation key for your Cloud Agent installer.
   provider-name	The value for this parameter can be AWS, AZURE, GCP, IBM, ALIBABA, ORACLE, NONE or AUTO. If you provide ‘NONE’ value, the host does not check for the provider. If you provide ‘AUTO’ value, the host auto checks the provider.
   log-level	Configuration to set the logging level for Qualys Cloud Agent for Linux AWS Bottlerocket. The default value for this parameter is 3. You can set the log level value up to 5.
   image	The path for your Qualys Cloud Agent image on the ECR repository.
   Proxy (Optional)	IPv4 address or FQDN of the proxy server.
   CPU (Optional)	CPU usage limit in percentage for Cloud Agent. A valid range is 0-100 and the default value is 0.2.

    

   Sample .yml Configuration
   
   

   The field indentation/alignment in the .yml file is very important. Ensure that you follow the formatting provided in the template.

8. Deploy the updated .yml file using the following command to install the Qualys Cloud Agent on the AWS Bottlerocket container host.

   kubectl apply -f qualys-cloud-agent-deploy.yml

9. Verify the container running under the qualys namespace using the following command:

   kubectl get all -n qualys-agent -o wide

   The Cloud Agent running status is displayed on the screen.
   
   

 When the Cloud Agent instance is started, it activates the Qualys Cloud Agent, which provisions itself and starts functioning as expected.

Post-Installation Steps

Once installed, the Cloud Agent connects to the Qualys Cloud Platform and provisions itself. You can see your first asset discovery results within a few minutes after installation. The first assessment scan in the Qualys Cloud Platform takes some time; after that, scans are completed as soon as new host metadata is uploaded to the Qualys Cloud Platform.