Linux Prerequisites for Malware Protection
Ensure you meet the following requirements while onboarding Linux Cloud Agent for Malware Protection.
Supported Operating Systems
The following table lists the supported operating systems for architecture x86 and x64:
| OS Distribution | EDR Malware Protection |
| Amazon Linux 2 |  |
| CentOS Linux 7 | |
| CentOS Linux 6.10 (SELinux in Permissive or Disabled mode) | |
| Debian 9, 10, and 11 | |
| Oracle Enterprise Linux (OEL) 6.10 (SELinux in Permissive or Disabled mode) | |
| Oracle Enterprise Linux (OEL) 7 and 9 | |
| Red Hat Enterprise Linux (RHEL) 6.10 (SELinux in Permissive or Disabled mode) | |
| Red Hat Enterprise Linux (RHEL) 7, 8, and 9 | |
| SUSE Linux Enterprise Server (SLES) 12 and 15 | |
| Ubuntu 16, 18, 20, and 22 | |
Installation Prerequisites
- Minimum free disk space- 3 GB on the "/" partition.
- Qualys Malware Protection is enabled from the Configuration Profile of the Cloud Agent application.
- Supported Qualys Agent Linux Version should be 6.1.0 and above.
Linux Hardware Requirements
| Linux Cloud Agent Version | CPU | Memory | Disk Space |
| 6.1.0. and above | 8 Core Processor | 8 GB of RAM | 1024 MB |
Linux Software Requirements
- Root Access - Linux Agent requires sudo or root access.
-
SELinux Configuration - If SELinux is enabled for Enforcing or Permissive mode, install semodule_package, checkmodule, and restorecon. If SELinux is disabled, package installation is not required.
Debian and Ubuntu do not require the SELinux check.
- Configuration Script - The configuration script includes the following service and settings:
- UseAuditDispatcher - If the auditd service is used, the UseAuditDispatcher script value is set to 1. EDR starts the installed auditd service if the service is stopped. The auditd service is not required if UseAuditDispatcer is set to 0.
- AuditBacklogLimit - This is a recommended setting. By default, the EDR binary is set to 8192. You can change the value as per your requirement.
- EDRCPULimit - By default, the minimum CPU percentage assigned is 5% of the total CPU limit of the asset.
- EDRMemoryLimit - By default, the minimum memory assigned is 5% of the total memory of the asset.
Third-Party Anti-Malware Allowed with Qualys EDR
Qualys EDR can co-exist with other anti-malware software. However, suppose you are using Qualys EDR with enabled Malware Protection capabilities; in that case, you must allow appropriate processes, internal tools, and other corporate applications. Thus, our Malware Protection does not inadvertently block their functionalities.
Failing to allow processes might affect your operations and cause problems with the application functionality. Ensure that you allow the following domains:
- cloudfront.net
- bitdefender.net
- bitdefender.com
- qualys.com