Qualys Cloud Agent for Linux Intel 7.1
February 11, 2025
New Features
Rollback Installed Linux Patches
With this release, we have added support for rolling back the installed patches for Debian Ubuntu and RPM-based Linux assets.
By default, Debian Ubuntu maintains only the latest and base versions of installed applications in the package repository. Therefore, you had no option to rollback/downgrade your applications to any intermediate versions. Now, for Debian Ubuntu, we support maintaining all the previous application versions in a mirror repository and rolling back to any intermediate version. For RPM-based assets, you do not need a mirror repository to downgrade your application to any intermediate versions.
This option is available for the following platforms: RHEL, Oracle Linux, Amazon Linux, Alma Linux, Rocky Linux, CentOS, Debian, Ubuntu, Open SuSE, and SLES. Using this option, you can shift to a more stable application version, which improves performance and optimizes resource utilization on your assets.
| Required application version | Patch Management 3.3.0.0 |
Patch Management Enhancements
Pause/Exit/Cancel the Patch Jobs
With this release, we have introduced script-based pre-actions to pause, exit, or cancel the ongoing patch deployment jobs. This feature allows you to define the pre-actions in the patch job scripts. Based on the actions defined in the script, it generates a return code causing either to pause, exit, or cancel the job. The following table shows the different return codes and their implications.
| Return Code | Description |
|---|---|
| 12 | Indicates the ongoing patch job is paused/canceled. If the pre-actions defined in the patch job script are not successful, the script runs till it reaches the timeout. Once the script reaches the timeout value, the patch job status is marked as Paused. |
| 101 | Indicates the skipped patch job pre-actions and post-actions. |
| 2064 | This code shows the Cloud Agent health status. It indicates that the patch job is canceled due to a special return code. |
This feature helps you automate patch deployment jobs and better manage system resources by ensuring that patches are not deployed until all the pre-actions are successfully completed.
If the patch deployment job is stuck, and you can not run the new patch job, then use the patch management reboot option to resolve the issue.
| Required application version | Patch Management 3.3.0.0 |
Mitigation Enhancements
Rollback Mitigated Vulnerabilities
We have enhanced Qualys Mitigation to support the rolling back of applied mitigations. With this feature, you can roll back the mitigated vulnerabilities for which patches are available, and deploy the patch job to fix these vulnerabilities.
Qualys Mitigation had no option to roll back the mitigated vulnerabilities. If you had blocked a port to protect your assets from potential risks using a mitigation job, and now wanted to deploy patches through that port, you could not do it as Qualys Mitigation had no option to revert the applied mitigations. Now, with this latest enhancement, you can roll back the applied mitigations as and when required.
| Required application version | Mitigation 1.1.0 |
Behavioral Change
There are no behavior changes in this release.
Platform Coverage Support
There is no new platform coverage added in this release.
Issues Addressed
The following important and notable issues are fixed in this release.
| Issue | Description |
|---|---|
| CRM-128460 | We fixed an issue where the scheduled Security Configuration Assessment (SCA) scan was initiated during the Reduced Activity Period(RAP) by introducing the proper mapping for SCA. |
| CRM-129091 | We fixed an issue where the Cloud Agent took more time to stop its services while provisioning version 5.9 and above agents by implementing an Activation ID and Customer ID check before provisioning. |
| CRM-119844 | We fixed an issue where an empty SysV init folder was created during Cloud Agent installation on RedHat Enterprise Linux 9 systems by adding a check to remove this empty folder after the installation is complete. |
| CRM-129423 | We fixed an issue where Cloud Agents were improperly merged as the cloud providers sent invalid Instance ID by implementing a validation to verify Instance ID received from Cloud Provider. |
| CRM-127310 | We fixed an issue where Cloud Agent could not properly clean the Patch Management log files after shutting down the application by implementing a database pointer reset. |
| CRM-131824 | We fixed an issue where the On Demand Scan feature did not work as expected for the Linux agents installed with relocation commands after upgrading to 6.4 and later versions. Now, we have added support for launching the On Demand scans for Cloud Agents installed in the alternate folder. |
| CRM-130647 | We fixed an issue where an exceptional race condition in the Qualys Command Execution Pipeline (qualys-cep) processes triggered high CPU utilization after upgrading Cloud Agent to 6.3 and above versions. |
Known Issues, Limitations, and Workarounds
There are no known issues or limitations in this release.