Qualys Cloud Platform: the complete, end-to-end security solution. The Qualys Cloud Platform is the most advanced security platform for global enterprises that need to secure hybrid IT infrastructures in a perimeter-less world. Complete exam guide and dumps for Qualys guard certification. Qualys Guard Exam Guide and Dumps. File Content Check. File Integrity Check. Which user roles have access to the Policy Compliance application, by default? (choose two) Choose an answer: Scanner.
Good to Know Typically the agent installation requires root level access on the system (for example in order to access the RPM database). After the cloud agent has been installed it can be configured to run in a specific user and group context (using the agent configuration tool).
Looking for our agent configuration tool? Click here
Credentials - what are my options |
Use account with root privileges (recommended) Learn more This is recommended as it gives the cloud agent enough privileges to gather the necessary information for the host system's evaluation. |
Use non-root account with Sudo root delegation How do I configure 'sudoers' file? Requirements: The non-root user needs to have sudo privileges directly OR through a group membership. Be sure NOPASSWD option is configured. Here is an example of agentuser entry in sudoers file (where 'agentuser' is the user name for the account you'll use to install the Linux Agent): %agentuser ALL=(ALL) NOPASSWD: ALL |
Use non-root account with sufficient privileges This is an option for VM agent only. What privileges are needed? 1) execute installation package for automatic update 2) commands required for data collection (see Sudo command list at the Community) |
Linux/Unix Agent - How to enable proxy |
Good to Know By default the Linux/Unix Agent will operate in non-proxy mode. The agent can be configured to use an HTTPS or HTTP proxy for internet access. |
Options The agent can be configured in one of these ways: 1) /etc/sysconfig/qualys-cloud-agent - applicable for Cloud Agent on Linux (.rpm) 2) /etc/default/qualys-cloud-agent - applicable for Cloud Agent on Linux (.deb) 3) /etc/environment - applicable for Cloud Agent on Linux (.deb) and (.rpm) Tip - Option 3) is a better choice if the systemwide proxy will be used by the agent. Here are the steps to enable the Linux agent to use a proxy for communication with our cloud platform: 1) if /etc/sysconfig/qualys-cloud-agent file doesn't exist create it 2) add one of the following lines to the file: https_proxy=https://[<username>:<password>@]<host>[:<port>] or: qualys_https_proxy=https://[<username>:<password>@]<host>[:<port>] where <username> and <password> are specified if the https proxy uses authentication. If special characters are embedded in the username or password (e.g. @, :, $) they need to be url-encoded. where <host> is the proxy server's IPv4 address or FQDN. where <port> is the proxy's port number. If the proxy is specified with the https_proxy environment variable, it will be used for all commands performed by the Cloud Agent. If the proxy is specified with the qualys_https_proxy environment variable, it will only be used by the Cloud Agent to communicate with our cloud platform. 3) change the permissions using these commands (not applicable for Unix): Linux (.rpm) chown root /etc/sysconfig/qualys-cloud-agent chmod 644 /etc/sysconfig/qualys-cloud-agent Linux (.deb) chown root /etc/default/qualys-cloud-agent chmod 644 /etc/default/qualys-cloud-agent 4) restart qualys-cloud-agent service using the following command: Linux: service qualys-cloud-agent restart Unix: /opt/qualys/cloud-agent/bin/qcagent.sh restart |
Mac Agent - How to enable proxy |
Good to Know Qualys proxy configured in the .../QualysCloudAgent/Config/proxy file will take preference over any proxies set in System Preferences (including Automatic Proxy, Web Proxy (HTTP), or Secure Web Proxy (HTTPS)). |
Agent Configuration Tool
Our tool for Linux, Unix, MacOS gives you many options: provision agents, configure logging, enable sudo to run all data collection commands, and configure the daemon to run as a specific user and/or group.. This tool is available with Linux Agent 1.3 and later, Unix Agent, Mac Agent.
You'll find this tool at /usr/local/qualys/cloud-agent/qualys-cloud-agent.sh
On Unix, the tool is located at /opt/qualys/cloud-agent/bin/qualys-cloud-agent.sh
Learn more
These host requirements apply to non-domain (local) authenticated scanning only.
Windows Firewall Settings
For each target host, there are certain Windows Firewall settings that must be enabled. First activate firewall rules that are relevant to non-domain profiles in order to allow traffic for File and Print Sharing and Remote Administration. Then for each activated rule, add the scanner appliance IP address so that the scanner appliance traffic can reach the host.
Step 1: Allow 'File and Print Sharing' traffic
Activate firewall rules that are relevant to non-domain profiles in order to allow traffic for File and Print Sharing.
1) Go to the Control Panel Home window.
2) Using Vista and 2008, go to Security and click the link 'Allow a program through Windows Firewall'. Using 2012, go to System and Security > Windows Firewall and click the link 'Allow an app of feature through Windows Firewall'.
3) Select the 'File and Print Sharing' check box. Then click OK.
Step 2: Allow scanner appliance traffic
By default, in a non-domain profile, a Windows system (Vista, 2008 or 2012) does not allow traffic from outside its own local subnet even when a firewall rule has been activated. For this reason, you must also provide the IP address or subnet of the scanner appliance.
1) Using Vista and 2008, go to the 'Windows Firewall with Advanced Security' program. Using 2012, go to Windows Firewall > Advanced Settings. (These resources are located in Start > Control Panel > System and Maintenance > Administrative Tools.)
2) Click Inbound Rules.
3) For each entry in the 'File and Printer Sharing' group with a green check mark (Vista, 2008 and 2012) and each entry in the 'Remote Administration' group with a green check mark (Vista and 2008) follow these steps: a) Right-click on the entry and select Properties, b) Select the Scope tab, and c) Select 'Any IP address' or click the Add button to add the IP address (or subnet) for the scanner appliance that has been configured to scan the target host. Then click OK.
Enable File Sharing
File sharing must be turned on for each target host. Go to the Control Panel Home window and follow these steps.
Using Vista and 2008: 1) Under Network and Internet, click the link 'Set up file sharing' and 2) In the Network and Sharing Center window, make sure these settings are correct: File sharing is On and Public folder sharing is Off.
Using 2012: 1) Under Network and Sharing Center, click the link 'Change advanced sharing settings', 2) Change sharing options for the current network profile, For a non-domain target, select 'Guest or Public'. For a domain target, select 'Private'. Make sure these settings are correct: turn on network discovery and turn on file and printer sharing, and 3) For All Networks, turn off Public Folder Sharing and turn on Password Protected Sharing.
Enable Remote Registry Service
Our service must access the system registry to perform Windows trusted scanning. To allow this access, the Remote Registry service must be started. Go to Control Panel > Control Panel Home > System And Maintenance > Administrative Tools > Services and start the Remote Registry Service. You could set this to Automatic to make sure it starts automatically at reboot.
Configure User Access Control (UAC)
Do I need to configure UAC? Yes. There are 2 methods you can use: 1) change Remote UAC settings, or 2) disable UAC policy.
Method 1: Change Remote UAC settings
1) Launch Registry Editor (regedit.exe) in 'Run as administrator' mode and grant Admin Approval, if requested
2) Navigate to HKEY_LOCAL_MACHINE hive
3) Open SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem key
4) Create a new DWORD (32-bit) value with these properties:
Name: LocalAccountTokenFilterPolicy
Value: 1
Value: 1
5) Close Registry Editor
Warning: The value data types of DWORD (32-bit) and QWORD (64-bit) are located next to each other in the data type selection menu on 64-bit Windows versions. It may be easy to mistake one for another and select the incorrect data type. The required value data type must be DWORD (32-bit). Selecting QWORD (64-bit) and setting it to 1 will not enable Remove UAC.
![And And](https://avleonov.com/wp-content/uploads/2016/08/new_scan.png)
The requirement to reboot the system or restart the Server service is questionable. Despite what some documents recommend, our tests have shown that disabling Remote UAC in the registry takes effect immediately and remote access to ADMIN$ is granted during the scan.
Method 2: Disable UAC policy
Go to the Control Panel Home window and follow these steps.
Using Vista and 2008: 1) Click 'Add or remove user accounts', 2) Select a user account, 3) Under the account, click the link 'Go to the main User Accounts Page', 4) On the page 'Make changes to your user account', click 'Change security settings', 5) On the page 'Turn on User Account Control (UAC) to make your computer more secure', de-select (clear) the check box 'Use User Account Control (UAC) to help protect your computer' and click OK, and 6) Reboot your computer.
Using 2012: 1) Click User Accounts, 2) Change User Account Control settings, 3) Set the tab to 'Notify me only when apps try to make changes to my computer (do not dim my desktop)', and 4) Reboot your computer.