Qualys Cloud Agent for Linux Intel Release 7.1.7

Limited Customer Release

September 04, 2025 (Updated November 05, 2025)

With this release, we are introducing the following new upgrades to Cloud Agent for Linux Intel.

Enhancements for FHS Compliance

We have updated the locations of Cloud Agent log data and configuration files to /var/opt and /etc/opt for the Cloud Agents installed in the /opt directory. This enhancement makes Cloud Agent, File System Hierarchy Standard (FHS) compliant.

Phase 1 of the FHS-compliant Cloud Agent was released with Cloud Agent for Linux Intel 7.0.3. All the features and fixes available with Linux Intel Cloud Agent 7.0.3 and 7.1.0 are included in agent version 7.1.7. 

The following table illustrates the changes to the storage locations of log data and configuration files.

Data/Files	New Storage Location	Old Storage Location
Cloud Agent log data	/var/opt	/var
Configuration files	/etc/opt	/etc

 This enhancement does not update the location of the Cloud Agent HostID file. The HostID file will be available at — /etc/qualys/hostid.

- We recommend only manual upgrades while upgrading previous Cloud Agents to version 7.1.7.

- We recommend configuring the Agent Version Control profile with version 7.1.7 to prevent the Cloud Agent from auto-upgrading to a non-FHS-compliant version.

Applications Supported for FHS Compliant Cloud Agent

The following Qualys applications are supported for the Linux Intel Cloud Agent 7.1.7:

• File Integrity Monitoring (FIM)
• Custom Assessment and Remediation (CAR)
• Endpoint Detection and Response (EDR)
• Patch Management (PM)
• Software Composition Analysis (SwCA)

Enhancements for FIPS Compliance

We have upgraded the Cloud Agent for Linux Intel binary with SHA256 signing to ensure secure data transmission.

With these enhancements, Cloud Agents for the RPM-based platforms meet Federal Information Processing Standards (FIPS) and System V Application Binary Interface (SysVABI) compliance requirements.

Behavior Change

There are no behavior changes in this release.

Platform Coverage Support

There are no behavior changes in this release.

Issues Addressed

The following important and notable issues are fixed in this release.

Category/Component	Description
Host ID Validation	We fixed an issue where Cloud Agent processes were getting terminated during host ID validation.
Manifest Download	We fixed an issue where the Cloud Agent stopped performing vulnerability scans after the Prevent Manifest Update option was enabled in the Manifest Version Control profile. Now, the Cloud Agent uses the previously downloaded manifest to perform vulnerability scans, even when the Prevent Manifest Update option is enabled. The Manifest Version Control feature has limited availability. Contact Qualys support or TAM to get it enabled.
SwCA Scans	We fixed an issue where the Cloud Agent could not perform SwCA scans due to the missing SwCA binary. To fix this issue, we have corrected the SwCA installation workflows.
SwCA Installation	We fixed an issue where the SwCA installer was getting deleted without successfully installing the SwCA application. Now, we will delete the installer only after the successful installation of SwCA.
SwCA Scans	We fixed an issue where the Linux Intel Cloud Agent could not perform the SwCA scans after upgrade as the SwCA binary was not downloaded.
On-Demand Scan	We fixed an issue where on-demand scans did not work for Linux Intel Cloud Agent 7.0.3 when installed in the /opt directory.
Cloud Agent Auto-upgrade	We fixed an issue where Linux Cloud Agents could not be restarted automatically after upgrades on initial OS platforms such as CentOS, RHEL, and OEL version 6.10.
UDC Scans	We resolved an issue where the Cloud Agent was causing high disk and CPU usage during UDC scans. We have updated the POCO library to the latest version to resolve the high disk and CPU usage issue.
Untrusted Search Path Vulnerability	The shell scripts packaged with the Cloud Agent installer execute multiple system utilities without an absolute path or resetting a path to a safe value. This allows a malicious actor to place harmful files on your assets when the shell scripts are executed with elevated privileges. We have updated this behavior by setting up the fixed paths for shell script execution. This enhancement prevents the infiltration of malicious files on your assets and prevents you from any potential security threats. The updated shell script behavior also helps in mitigating the Untrusted Search Path Vulnerability (CWE-426).

Known Issues, Limitations, and Workarounds

The following are the known issues for Linux Intel Cloud Agent 7.1.7:

• The Linux Intel Cloud Agent versions 6.4 and 7.0 installed in the /opt directory do not support auto-upgrade to version 7.1.7. If the auto-upgrade is enabled for these Cloud Agents, the agent upgrade will fail.
  
  The older Cloud Agents do not support auto-upgrade as they use the --relocate parameter along with -Uvh in the auto-upgrade command. As the RPM-based platforms do not support relocation to the same directory, hence the older Cloud Agents could not be auto-upgraded to version 7.1.7.
  
  To upgrade these Cloud Agents to version 7.1.7, perform a manual upgrade using the following command: 
  rpm -Uvh qualys-cloud-agent.rpm
  • For Cloud Agent version 7.1.7, we have removed the --relocate parameter from the auto-upgrade command. Hence, Linux Intel Cloud Agent 7.1.7 installed in the /opt directory supports the auto-upgrade to higher versions.
  • The Cloud Agents that have the symbolic links created support auto-upgrade to higher versions.
• TruRisk Mitigation and TruRisk Isolate applications are not supported for Linux Intel 7.1.7 Cloud Agent.
• When an older Cloud Agent is upgraded to version 7.1.7, the /usr/local/qualys and /var/log/qualys directories are not removed from the host after the upgraded Cloud Agent is uninstalled. We keep these directories to ensure that no important data, such as configuration files, is deleted unintentionally.