Linux Prerequisites for Malware Protection

Ensure you meet the following requirements while onboarding Linux Cloud Agent for Malware Protection.

Supported Operating Systems

The following table lists the supported operating systems for architecture x86 and x64:

OS Distribution EDR Malware Protection
Amazon Linux 2
CentOS Linux 7
CentOS Linux 6.10 (SELinux in Permissive or Disabled mode)
Debian 9, 10, and 11
Oracle Enterprise Linux (OEL) 6.10 (SELinux in Permissive or Disabled mode)
Oracle Enterprise Linux (OEL) 7 and 9
Red Hat Enterprise Linux (RHEL) 6.10 (SELinux in Permissive or Disabled mode)
Red Hat Enterprise Linux (RHEL) 7, 8, and 9
SUSE Linux Enterprise Server (SLES) 12 and 15
Ubuntu 16, 18, 20, and 22

Installation Prerequisites

  • Minimum free disk space- 3 GB on the "/" partition.
  • Qualys Malware Protection is enabled from the Configuration Profile of the Cloud Agent application.Enable EDR toggle from the Configuration Profiles.
  • Supported Qualys Agent Linux Version should be 6.1.0 and above.

Linux Hardware Requirements

Linux Cloud Agent Version CPU Memory Disk Space
6.1.0. and above 8 Core Processor 8 GB of RAM 1024 MB

Linux Software Requirements

  • Root Access - Linux Agent requires sudo or root access. 
  • SELinux Configuration - If SELinux is enabled for Enforcing or Permissive mode, install semodule_package, checkmodule, and restorecon. If SELinux is disabled, package installation is not required.

    Debian and Ubuntu do not require the SELinux check.

  • Configuration Script - The configuration script includes the following service and settings:
    • UseAuditDispatcher - If the auditd service is used, the UseAuditDispatcher script value is set to 1. EDR starts the installed auditd service if the service is stopped. The auditd service is not required if UseAuditDispatcer is set to 0. 
    • AuditBacklogLimit - This is a recommended setting. By default, the EDR binary is set to 8192. You can change the value as per your requirement.
    • EDRCPULimit - By default, the minimum CPU percentage assigned is 5% of the total CPU limit of the asset.
    • EDRMemoryLimit - By default, the minimum memory assigned is 5% of the total memory of the asset. 

Third-Party Anti-Malware Allowed with Qualys EDR

Qualys EDR can co-exist with other anti-malware software. However, suppose you are using Qualys EDR with enabled Malware Protection capabilities; in that case, you must allow appropriate processes, internal tools, and other corporate applications. Thus, our Malware Protection does not inadvertently block their functionalities.

Failing to allow processes might affect your operations and cause problems with the application functionality. Ensure that you allow the following domains: