Command Line Options

The qualys-cloud-agent.sh supports the following command line options.

Configuration option

Description

ActivationId

A valid activation key ID (UUID). This value is obtained from the Cloud Agent UI (go to Activation Keys, select a key then View Key Info). This parameter is required to provision an agent.

CustomerId

A valid customer ID (UUID). This value is obtained from the Cloud Agent UI (go to Activation Keys, select a key then Install Agent). This parameter is required to provision an agent.

LogLevel

A log level (0-5). A higher value corresponds to more verbosity. Default is, mapped to information (3).

0 - mapped to fatal

1 - mapped to error

2 - mapped to warning

3 - mapped to information

4 - mapped to debug

5 - mapped to trace

In a debug/trace mode, the log file may contain sensitive command-line parameters or passwords for configuration files if the passwords are in clear-text format. Storing passwords in configuration files can result in non-compliance with ISO, SOC, PCI-DSS, HIPAA, and FedRAMP guidelines.

Qualys recommends using a password vault or token-based authentication instead of storing passwords in the configuration file. 

LogFileDir

A full path to the log file. By default, the path is /var/log/qualys/.

UseSudo

Set to 1 to run all data collection commands using the sudo escalation method. By default, sudo is not used (0).

Limitations of using UseSudo=1

SudoCommand

A command for privilege escalation such as SudoCommand pbrun. If the command has spaces, it must be double-quoted.

User

A valid username is required if you want the daemon to run as a certain user. The daemon starts as root but later drops to the specified user and continues running as that user.

Group

A valid group name if you want the daemon to run as a certain group. The daemon switches to the specified group (if any).

HostIdSearchDir

(Available using Linux Agent 1.3.3 and later) The directory where the host ID file is located. This file contains a host ID tag assigned to the system by Qualys. By default, the directory is /etc/, and the location of the host ID file is /etc/qualys/hostid.

LogDestType

(Available using Linux Agent 1.3.3 and later) The destination of log lines generated by Linux Agent. Set this to file or syslog. If set to file, specify the location of the log file. By default, the destination of a log file is:

/var/log/qualys/qualys-cloud-agent.log

ServerUri

Use this option to migrate the agent from one Qualys subscription to another (on the same POD or PCP).

ServerUri takes the URL of the Qualys shared Pod or PCP you want to migrate the Cloud Agent, in the following format:

ServerUri=<http_url>/CloudAgent

where <http_url> is the URL of the Qualys shared Pod or PCP.

If the subscription is on the same POD, the ServerUri is the same.

Use this option along with ActivationId and CustomerId in order to move the agent to another Qualys shared POD or PCP.

The Cloud Agent requires the appropriate Activation ID and Customer ID for the new subscription/platform. The original IDs cannot be used as they are unique per subscription.

CmdMaxTimeOut

Execution of a command is dropped if the time taken to execute is more than the specified value. The default timeout is 1800 seconds (30 minutes).

ProcessPriority

Specify the Linux niceness scale between -20 and 19 to set a priority for the Qualys cloud agent process. The lower the number, the higher the priority the agent process gets. The default value is zero.

UseAuditDispatcher

Set UseAuditDispatcher to 1 if you want to run FIM along with the auditd enabled.

Agent version 2.0.2 required auditd to be disabled on the host. These agents, when upgraded to 2.1 through selfpatch retained this setting where UseAuditDispatcher is set to 0. Agents with 1.x version are set with UseAuditDispatcher=1 on selfpatch to 2.1. Fresh installation of 2.1 agents comes with UseAuditDispatcher=1 (by default), where you can run FIM along with auditd enabled.

QualysProxyOrder

If you are using multiple proxies, set the proxy order to be sequential or random.

For sequential order: QualysProxyOrder=sequential OR QualysProxyOrder=seq

For random order: QualysProxyOrder=random

MaxRandomScanInterval

(This is supported for Cloud Agent versions between 2.6.4 to 3.3) If you enable this option, it adds a random time to the VM Scan Interval to upload the scan data. 

The default value is 0.

Range: 0 to 4294967295.

ScanDelayVM

(This is supported for Agent version greater than or equal to 4.6) The time added to the start of VM scanning for new installs and new manifest downloads.

The default value is 0 (zero).

Range: 0 to 43200.

ScanDelayPC

(This is supported for Agent version greater than or equal to 4.6) The time added to the start of PC scanning for new installs and new manifest downloads.

The default value is 0 (zero).

Range: 0 to 43200.

MaxRandomScanIntervalVM

(This is supported for Agent version greater than or equal to 4.6) If you enable this option, it adds a random time to the VM Scan Interval to upload the scan data.

The default is 0.

Range: 0 to 43200

MaxRandomScanIntervalPC

(This is supported for Agent version greater than or equal to 4.6)

If you enable this option, it adds a random time to the PC Scan Interval to upload the scan data.

The default is 0.

Range: 0 to 43200

ProxyFailOpen

Set the ProxyFailOpen to 1 to enable the proxy failover behavior as described in the Multi Proxy Configuration section.

This is applicable for the Cloud Agent for Linux version 6.2 and later.

LogCompression Set the LogCompression=1 to enable the log compression for your Cloud Agent. The default value for this parameter is 0, meaning the log compression is not enabled for the Cloud Agent. 

If you enable Log Compression, Cloud Agent compresses the log files when it is rolled over and keeps the five most recent archived zip files, each with 10 MB of log data.

Limitations of using UseSudo=1

If you configure the cloud agent for UseSudo=1 to run commands using the sudo escalation method, you may face any of the following issues:

  • Commands run by the cloud agent or any script added in the cloud agent manifest fail to get the custom path set in the PATH environment.
  • Scan results show empty values for service_list, bios_info, and service_info, when the agents fail to find related paths in the PATH environment.

This happens because when you set UseSudo=1, the Cloud Agent tries to find the custom path in the secure_path parameter located in the /etc/sudoers file. If this parameter is not set, the agent then tries to find the custom path in the path that is used when you run sudo sh.

To resolve this issue, add your custom path or the path used by the Cloud Agent while scanning for service_list, bios_info, and service_info, to the secure_path parameter. If you have disabled the secure_path parameter, add the respective paths to the path that is used when you run sudo sh.

Alternatively, you can configure the agent for UseSudo=0.

For RHEL platforms, if you run the argument UseSudo=0 with the agent configuration tool and do revocation, the qualys-cloud-agent process still continues running in the background. Ideally, qualys-cloud-agent process should have stopped after revocation. This is a known limitation with UseSudo=0, while it works for UseSudo=1.