Qualys Cloud Agent for Linux ARM 6.0

October 22, 2024

New Features

The following are the new features and enhancements provided with the Qualys Cloud Agent for Linux ARM 6.0 release.

Cloud Agent Health Check Tool

The Cloud Agent Local Health Check tool assesses the overall health of the Qualys Agent on a specific host. It runs independently and requires no parameters. 

Run the following command to launch the Cloud Agent Health Check tool.

/usr/local/qualys/cloud-agent/bin/qualys-healthcheck-tool.

Cloud Agent Health Status Evaluation

The tool assesses the overall health status of the Cloud Agent based on installation status, communication health, and application functionality. The Vulnerability Management (VM), Policy Compliance (PC), Security Configuration Assessment (SCA), Patch Management (PM), and User Defined Control (UDC) applications are accessed for the Cloud Agent health status.

  • Agent communication health is evaluated based on proxy settings and connection to Qualys Server endpoints.
  • The health of the scan-based applications is evaluated based on scan interval, upload interval, and last scan/last upload time.
  • For Patch Management health, the tool initiates the patch download from specified URLs and verifies the file hash. If a patch fails to download, patch health is flagged as bad; however, if the patch is successfully downloaded but fails verification, it does not impact Patch Management health. Instead, an entry is recorded in the error section of the JSON file to indicate the failed patch verification.

Cloud Agent Health Status Output

The Cloud Agent Health Status tool provides a console output, a user-friendly text summary, and a detailed JSON report. The text report and the JSON report are generated in the HealthCheck directory, located in the same directory where the tool is executed.

The following table presents the health status and description.

Health Status Description
Good Agent Health is good.
Bad
  • Qualys Cloud Agent is facing some communication problems.
  • Qualys Cloud Agent Service is down.
  • None of Qualys Cloud Agent’s applications are functioning properly.
Poor Some, but not all the applications of the Qualys Agent are functioning correctly. 
Not Installed Qualys Agent is not installed on the asset. 
Not Provisioned Qualys Agent is installed but not provisioned.
Tool Error The Agent Health Status tool encountered a critical error while retrieving Agent Health.  

Enhancements for Qualys Proxy Configuration

With this release, Cloud Agent for Linux ARM allows you to configure up to five proxies in the proxy URL. These proxies act as failover options in case the connection to the Cloud Platform fails. If the connection using all the configured proxies fails, the Cloud Agent attempts a direct connection.

By default, this feature is disabled. To enable it, set the ProxyFailOption parameter to 1. You can also select the order in which the proxies are connected using the QualysProxyOrder parameter.

You can configure the following proxy variables in the proxy URL:

  • qualys_https_tls_proxy
  • qualys_https_proxy
  • https_proxy

The qualys_https_tls_proxy has the highest priority among these variables. You can configure proxy connection in the following ways.

  • /etc/sysconfig/qualys-cloud-agent– applies to Cloud Agent for Linux (.rpm)
  • /etc/default/qualys-cloud-agent– applies to Cloud Agent for Linux (.deb)
  • /etc/environment– applies to Cloud Agent for Linux (.rpm) and Linux (.deb)

 You must restart the Cloud Agent to apply the updated proxy settings.

Remote Log Collection

With this release, Qualys Cloud Agent for Linux ARM supports remote log collection. This feature allows the Qualys Support team to retrieve Cloud Agent log files and upload them on the Qualys Cloud Platform for debugging.

This feature reduces the resolution time for support cases where the users are operating remotely and system administrators can not access these systems.

 Qualys Support needs your written consent every time, to collect and analyze Cloud Agent log files.

Required Application Version Qualys Cloud Platform 3.19.1.0

Cloud Agent Enhancements

Activation Key Change from Cloud Agent User Interface

With this feature, you can change the activation key for any existing agents from the Cloud Agent user interface. Earlier, this feature was accessible only through the command line utility.

Once the new activation key is assigned the following changes are reflected for the host:

  • Applications activated with the newly assigned activation key are accessible for the associated agent hosts.
  • The network ID and static tags associated with the newly assigned activation key are linked to the associated agent host.
  • Applications and tags associated with the earlier activation key are disassociated from the agent host.
  • Applications and static tags manually activated or assigned for the earlier agent host and not associated with the earlier activation key remain activated.
Required Application Version Qualys Cloud Platform 3.19.1.0

Enhancements for Reducing the Scan Processing Time

Earlier, due to the delays and intervals added between the subsequent scan events, the Cloud Agent required more time to complete the first inventory and VM scans. Because of this, the Cloud Agent took more time to upload the pending delta.

With the enhancement, the Cloud Agent for Linux ARM expedites the first scan immediately after provisioning or re-provisioning. This helps in minimizing the delays in scan execution. All subsequent scheduled and interval scans are performed according to the defined schedule. This enhancement has considerably reduced the first scan time and delays in uploading the pending delta.

FIPS-Compliant Build for RPM-based Systems

With this release, we are introducing the Federal Information Processing Standards (FIPS) compliant build for Qualys Cloud Agent on RPM-based operating systems.

This provides enhanced data integrity and interoperability with other security tools and systems. Also, with the FIPS-compliant build, Qualys Cloud Agent fulfills regulatory requirements for managing sensitive information.

For more information about this new feature, refer to Qualys Cloud Agent Moves to FIPS-Compliant Build on RPM-Based Operating Systems.

 Qualys Cloud Agent for Linux ARM 6.0 currently supports only the SHA-1 hashes for FIPS. 

Support for On Demand Scan

With this enhancement, Cloud Agent for Linux ARM allows you to launch the on-demand scan directly from Cloud Agent user interface. Earlier, this utility was accessible only through the command line utility. This enhancement eliminates the need to switch between the command line utility and the Cloud Agent user interface.

You can launch the on-demand scan for VM, PC, Inventory, UDC, and SCA. You can also select whether the CPU throttle limits specified in the associated configuration profile should be used for the on-demand scan. 

 You can not launch the on-demand scan for an application if the scheduled interval scan is in progress.

Required Application Version Qualys Cloud Platform 3.19.1.0

Enhanced Reduced Activity Period

With this enhancement, we have enhanced the reduced activity period feature to block network transmission, data collection, or both in the specified time interval. 

For example, when you configure a reduced activity period and define prevention of data transmission for VM, activities such as data collection and VM scanning are not performed. 

We now support setting scan-based and remediation-based reduced activity periods. Also, support is added to suspend data collection for Custom Assessment and Remediation (CAR) and Patch Management (PM) applications. The log files for the reduced activity period can be accessed from the qualys-cep.log located under the /var/log/qualys directory.

Required Application Version Qualys Cloud Platform 3.19.1.0

Support for Troubleshooting

With this enhancement, the Cloud Agent allows you to perform troubleshooting steps directly from the Cloud Agent user interface. You can now enable or disable the trace-level logs collection and perform agent restart actions on the Cloud Agents user interface.

This improves interaction with the Cloud Agent user interface and reduces execution times for troubleshooting tasks.

The troubleshooting options are available only to the Administrator user.

Required Application Version Qualys Cloud Platform 3.19.1.0

Patch Management Enhancements

Support for Displaying Missing Patches

With this enhancement, the missing patches for your host assets are displayed in the Cloud Agent user interface for RPM and DEB platforms. The same missing patches are also displayed in the Patch Management user interface. You can launch the deployment job for these missing patches from the Patch Management application.

This enhancement improves the security view for your host assets and prompts a quick action to deploy the missing patches.

Required Application Version Patch Management 3.1.0.0

Custom Assessment and Remediation Enhancements

Support for Custom Assessment and Remediation

With this release, Cloud Agent for Linux ARM has added support for the Qualys Custom Assessment and Remediation (CAR) application.

With this new support, you can integrate Cloud Agent's capabilities with CAR. This allows you to perform custom assessments and take remediation actions on your Cloud Agent host.

Cloud Agent for Linux ARM currently supports Lua, Pearl, Python, and Shell as script languages. It allows you to enter the CAR script manually, upload a local script file, and import it from GitHub.

Required Application Version Custom Assessment and Remediation 2.2.1.0

Behavior Changes

There are no behavior changes in this release.

Platform Coverage Support

With this release, Qualys Cloud Agent for Linux ARM has added support for the following new platforms (operating systems).

  • Azure ARM Linux 3.0
  • Rocky Linux 8.x, 9.x

With this release of Cloud Agent for Linux ARM, we are removing the support for the following platform (operating system).

  • Redhat Enterprise Linux 5.x, 6.x

Issue Addressed

The following notable and important customer issue is fixed in this release.

Issue Description
CRM-127044 We fixed an issue where the Cloud Agent logs displayed the incorrect OS information for the Debian-based agent host.

Known Issues, Limitations, and Workaround

The Cloud Agent for Linux ARM allows manifest download during the reduced activity period even if the respective application's network transmission is blocked. However, it does not affect the normal Cloud Agent functions and operations.