Ensure you meet the following requirements while onboarding Linux Cloud Agent for EDR 2.6.0 or later. This section covers the following:
The following table lists the supported operating systems for architecture x86 and x64::
OS Distribution | Qualys EDR |
Amazon Linux 2 | ![]() |
CentOS Linux 6, and 7 | ![]() |
Debian 9, 10, and 11 | ![]() |
Oracle Enterprise Linux (OEL) 6 | ![]() |
Oracle Enterprise Linux (OEL) 7 and 9 | ![]() |
Red Hat Enterprise Linux (RHEL) 6 | ![]() |
Red Hat Enterprise Linux (RHEL) 7, 8, and 9 | ![]() |
SUSE Linux Enterprise Server (SLES) 12 and 15 | ![]() |
Ubuntu 16, 18, 20, 22 | ![]() |
Linux Cloud Agent Version | CPU | Memory | Disk Space |
6.1.0. and above | 8 Core Processor | 8 GB of RAM | 1024 MB |
SELinux Configuration - If SELinux is enabled for Enforcing or Permissive mode, install semodule_package, checkmodule, and restorecon. If SELinux is disabled, package installation is not required.
Debian and Ubuntu do not require the SELinux check.
To set the UseAuditDispatcher value to 1:
/usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh UseAuditDispatcher=1The auditd service is not required if UseAuditDispatcer is set to 0.
As we continue to improve or optimize our EDR agent, we may push new rules to audit with every new configuration update or binary release. For example, to enhance detection capabilities, shortly, we will start monitoring certain syscalls that are currently not tracked.
Similarly, there are other optimization use cases for which we will dynamically add exclusion filters to audit and reduce the amount of generated audit trail. As a result, we require the kernel audit interface to be mutable.
Was this topic helpful?