Qualys Cloud Agent for Linux Intel 6.3.2

July 08, 2024

Limited Customer Release

New Features

This release of Qualys Cloud Agent for Linux Intel presents you with the following new feature/features.

Run Custom QID Script with VM Scan

The Qualys Cloud Agent for Linux now supports the execution of custom QID scripts with VM scans. To execute the custom QID scan, create the custom QID script in custom assessment and remediation application. While creating custom QID script, select "Make this script run with default manifest" checkbox, this ensures that Custom QID script runs with VM scan.

This feature greatly enhances the network's visibility and allows users to target specific blind-spot areas using custom QIDs. The custom QID scan is executed for all eligible new or existing assets. Each custom QID script has its own default manifest, which reduces the processing time and helps scan ephemeral assets, as the asset details are not required to execute the scan.

The custom QID scan is executed immediately after the VM scan is completed. But, when other scans, such as a PC scan, are queued after the VM scan, the custom QID scan is postponed until all the queued scans are completed. If a custom QID scan is interrupted due to Cloud Agent restart, the scan is relaunched only after the next VM scan interval.

For custom QID scans, Qualys currently supports only the default/regular mode; the Dynamic Privilege Escalation (DPE) mode is not supported. Also, Qualys Cloud Agent for Linux Intel does not support patch deployment jobs by a sudo user using the SudoCommand="sudo sh" command.

• When multiple reduced activity periods are configured for a Cloud Agent one after another, a custom QID scan for CAR-VMDR honors only the first if the second one blocks network transmission.
• To prevent errors in uploading the QID feedback files, ensure that the size of the combined custom QID feedback file does not exceed 10 MB and the size of the individual QID feedback file does not exceed 1 MB.
• The custom QID scan does not consider the CPU Throttle value set for the VM scan. 
• The Cloud Agent does not upload the LZMA-compressed custom QID feedback file to the Qualys Cloud Platform.

Required Application Version

Custom Assessment and Remediation - 2.2.0.0

FIPS Compliant Build for RPM-Based Operating Systems

With this release, Qualys is introducing the Federal Information Processing Standards (FIPS) compliant build for Qualys Cloud Agent on RPM-based operating systems.

This provides enhanced data integrity and interoperability with other security tools and systems. Also, with the FIPS-compliant build, Qualys Cloud Agent fulfills regulatory requirements for managing sensitive information.

For more information about this new feature, refer to Qualys Cloud Agent Moves to FIPS-Compliant Build on RPM-Based Operating Systems.

Enhancements

There are no new enhancements implemented for this release.

Behavior Changes

There are no behavior changes for this release.

Platform Coverage Support

There is no new platform coverage added for this release.

Issues Addressed

No fixed defects are included in this release.

Known Issues, Limitations, and Workarounds

• When Cloud Agent encounters a client error (unreachable server) while uploading a custom QID script, it retries three times. If the client error is not resolved in the meantime, Cloud Agent fails to upload the custom QID script to Qualys Cloud Platform.
• When Cloud Agent fails to download a custom QID script, it skips the current script and downloads the next custom QID script.
• When the Cloud Agent is upgraded to version 6.3.2, some of the agent log files may show incorrect permissions and ownership.
• If the Cloud Agent restarts when the custom QID scan is in progress, the Cloud Agent log file displays the incorrect scan success status for the CAR_VMDR type manifest. For example, if a custom QID scan is interrupted due to an agent restart, the Cloud Agent displays a false scan completed status.

 The Qualys Cloud Agent for Linux Intel Release 6.3.2 supports all the features available for Release 6.3. To learn more, refer to Release 6.3.