Qualys Cloud Agent for Linux ARM 6.0
October 22, 2024
New Features
The following are the new features and enhancements provided with the Qualys Cloud Agent for Linux ARM 6.0 release.
Cloud Agent Health Check Tool
The Cloud Agent Local Health Check tool assesses the overall health of the Qualys Agent on a specific host. It runs independently and requires no parameters.
Run the following command to launch the Cloud Agent Health Check tool.
/usr/local/qualys/cloud-agent/bin/qualys-healthcheck-tool.
Cloud Agent Health Status Evaluation
The tool assesses the overall health status of the Cloud Agent based on installation status, communication health, and application functionality. The Vulnerability Management (VM), Policy Compliance (PC), Security Configuration Assessment (SCA), Patch Management (PM), and User Defined Control (UDC) applications are accessed for the Cloud Agent health status.
- Agent communication health is evaluated based on proxy settings and connection to Qualys Server endpoints.
- The health of the scan-based applications is evaluated based on scan interval, upload interval, and last scan/last upload time.
- For Patch Management health, the tool initiates the patch download from specified URLs and verifies the file hash. If a patch fails to download, patch health is flagged as bad; however, if the patch is successfully downloaded but fails verification, it does not impact Patch Management health. Instead, an entry is recorded in the error section of the JSON file to indicate the failed patch verification.
Cloud Agent Health Status Output
The Cloud Agent Health Status tool provides a console output, a user-friendly text summary, and a detailed JSON report. The text report and the JSON report are generated in the HealthCheck
directory, located in the same directory where the tool is executed.
The following table presents the health status and description.
Health Status | Description |
---|---|
Good | Agent Health is good. |
Bad |
|
Poor | Some, but not all the applications of the Qualys Agent are functioning correctly. |
Not Installed | Qualys Agent is not installed on the asset. |
Not Provisioned | Qualys Agent is installed but not provisioned. |
Tool Error | The Agent Health Status tool encountered a critical error while retrieving Agent Health. |
Enhancements for Qualys Proxy Configuration
With this release, Cloud Agent for Linux ARM allows you to configure up to five proxies in the proxy URL. These proxies act as failover options in case the connection to the Cloud Platform fails. If the connection using all the configured proxies fails, the Cloud Agent attempts a direct connection.
By default, this feature is disabled. To enable it, set the ProxyFailOption
parameter to 1. You can also select the order in which the proxies are connected using the QualysProxyOrder
parameter.
You can configure the following proxy variables in the proxy URL:
- qualys_https_tls_proxy
- qualys_https_proxy
- https_proxy
The qualys_https_tls_proxy
has the highest priority among these variables. You can configure proxy connection in the following ways.
/etc/sysconfig/qualys-cloud-agent
– applies to Cloud Agent for Linux (.rpm)/etc/default/qualys-cloud-agent
– applies to Cloud Agent for Linux (.deb)/etc/environment
– applies to Cloud Agent for Linux (.rpm) and Linux (.deb)
You must restart the Cloud Agent to apply the updated proxy settings.
Remote Log Collection
With this release, Qualys Cloud Agent for Linux ARM supports remote log collection. This feature allows the Qualys Support team to retrieve Cloud Agent log files and upload them on the Qualys Cloud Platform for debugging.
This feature reduces the resolution time for support cases where the users are operating remotely and system administrators can not access these systems.
Qualys Support needs your written consent every time, to collect and analyze Cloud Agent log files.
Required Application Version | Qualys Cloud Platform 3.19.1.0 |
Cloud Agent Enhancements
Activation Key Change from Cloud Agent User Interface
With this feature, you can change the activation key for any existing agents from the Cloud Agent user interface. Earlier, this feature was accessible only through the command line utility.
Once the new activation key is assigned the following changes are reflected for the host:
- Applications activated with the newly assigned activation key are accessible for the associated agent hosts.
- The network ID and static tags associated with the newly assigned activation key are linked to the associated agent host.
- Applications and tags associated with the earlier activation key are disassociated from the agent host.
- Applications and static tags manually activated or assigned for the earlier agent host and not associated with the earlier activation key remain activated.
Required Application Version | Qualys Cloud Platform 3.19.1.0 |
Enhancements for Reducing the Scan Processing Time
Earlier, due to the delays and intervals added between the subsequent scan events, the Cloud Agent required more time to complete the first inventory and VM scans. Because of this, the Cloud Agent took more time to upload the pending delta.
With the enhancement, the Cloud Agent for Linux ARM expedites the first scan immediately after provisioning or re-provisioning. This helps in minimizing the delays in scan execution. All subsequent scheduled and interval scans are performed according to the defined schedule. This enhancement has considerably reduced the first scan time and delays in uploading the pending delta.
FIPS-Compliant Build for RPM-based Systems
With this release, we are introducing the Federal Information Processing Standards (FIPS) compliant build for Qualys Cloud Agent on RPM-based operating systems.
This provides enhanced data integrity and interoperability with other security tools and systems. Also, with the FIPS-compliant build, Qualys Cloud Agent fulfills regulatory requirements for managing sensitive information.
For more information about this new feature, refer to Qualys Cloud Agent Moves to FIPS-Compliant Build on RPM-Based Operating Systems.
Qualys Cloud Agent for Linux ARM 6.0 currently supports only the SHA-1 hashes for FIPS.
Support for On Demand Scan
With this enhancement, Cloud Agent for Linux ARM allows you to launch the on-demand scan directly from Cloud Agent user interface. Earlier, this utility was accessible only through the command line utility. This enhancement eliminates the need to switch between the command line utility and the Cloud Agent user interface.
You can launch the on-demand scan for VM, PC, Inventory, UDC, and SCA. You can also select whether the CPU throttle limits specified in the associated configuration profile should be used for the on-demand scan.
You can not launch the on-demand scan for an application if the scheduled interval scan is in progress.
Required Application Version | Qualys Cloud Platform 3.19.1.0 |
Enhanced Reduced Activity Period
With this enhancement, we have enhanced the reduced activity period feature to block network transmission, data collection, or both in the specified time interval.
For example, when you configure a reduced activity period and define prevention of data transmission for VM, activities such as data collection and VM scanning are not performed.
We now support setting scan-based and remediation-based reduced activity periods. Also, support is added to suspend data collection for Custom Assessment and Remediation (CAR) and Patch Management (PM) applications. The log files for the reduced activity period can be accessed from the qualys-cep.log
located under the /var/log/qualys
directory.
Required Application Version | Qualys Cloud Platform 3.19.1.0 |
Support for Troubleshooting
With this enhancement, the Cloud Agent allows you to perform troubleshooting steps directly from the Cloud Agent user interface. You can now enable or disable the trace-level logs collection and perform agent restart actions on the Cloud Agents user interface.
This improves interaction with the Cloud Agent user interface and reduces execution times for troubleshooting tasks.
The troubleshooting options are available only to the Administrator user.
Required Application Version | Qualys Cloud Platform 3.19.1.0 |
Patch Management Enhancements
Support for Displaying Missing Patches
With this enhancement, the missing patches for your host assets are displayed in the Cloud Agent user interface for RPM and DEB platforms. The same missing patches are also displayed in the Patch Management user interface. You can launch the deployment job for these missing patches from the Patch Management application.
This enhancement improves the security view for your host assets and prompts a quick action to deploy the missing patches.
Required Application Version | Patch Management 3.1.0.0 |
Custom Assessment and Remediation Enhancements
Support for Custom Assessment and Remediation
With this release, Cloud Agent for Linux ARM has added support for the Qualys Custom Assessment and Remediation (CAR) application.
With this new support, you can integrate Cloud Agent's capabilities with CAR. This allows you to perform custom assessments and take remediation actions on your Cloud Agent host.
Cloud Agent for Linux ARM currently supports Lua, Pearl, Python, and Shell as script languages. It allows you to enter the CAR script manually, upload a local script file, and import it from GitHub.
Required Application Version | Custom Assessment and Remediation 2.2.1.0 |
Behavior Changes
There are no behavior changes in this release.
Platform Coverage Support
With this release, Qualys Cloud Agent for Linux ARM has added support for the following new platforms (operating systems).
- Azure ARM Linux 3.0
- Rocky Linux 8.x, 9.x
With this release of Cloud Agent for Linux ARM, we are removing the support for the following platform (operating system).
- Redhat Enterprise Linux 5.x, 6.x
Issue Addressed
The following notable and important customer issue is fixed in this release.
Issue | Description |
---|---|
CRM-127044 | We fixed an issue where the Cloud Agent logs displayed the incorrect OS information for the Debian-based agent host. |
Known Issues, Limitations, and Workaround
The Cloud Agent for Linux ARM allows manifest download during the reduced activity period even if the respective application's network transmission is blocked. However, it does not affect the normal Cloud Agent functions and operations.