Anyone have any ideas if the cloud agent will detect vulnerabilities on Linux machines running under windows subsystem?
If you install the Linux agent on the virtual machine and as long as that machine can route to the internet over 443 then it should work and provide Linux-only vulnerability data to Qualys.
Thanks, I'll give that a try.
It’s not a VM, so there is no way to start the cloud agent as a service.
Selecting previously unselected package qualys-cloud-agent.
(Reading database ... 99263 files and directories currently installed.)
Preparing to unpack .../qualys-cloud-agent.x86_64.deb ...
Unpacking qualys-cloud-agent (1.7.1-37) ...
Setting up qualys-cloud-agent (1.7.1-37) ...
/var/lib/dpkg/info/qualys-cloud-agent.postinst: 84: /var/lib/dpkg/info/qualys-cloud-agent.postinst: /sbin/start: not found
hostid search path: /etc
/usr/local/qualys/cloud-agent/bin/qagent_restart.sh: line 19: /sbin/status: No such file or directory
/usr/local/qualys/cloud-agent/bin/qagent_restart.sh: line 23: /sbin/start: No such file or directory
Not a VM ? What is it ? A container ?
Windows sub system for Linux is a compatibility layer, using pico processes.
MS overview document:
Windows Subsystem for Linux Overview – Windows Subsystem for Linux
Ah OK. It's a synthesised environment from MS that allows elf64 binaries to run interpreted on the Windows Kernel.
I wouldn't anticipate that to be supported by Linux Agent although maybe Qualys has plans to ?
There is a windows Info gathered QID (45327) that finds WSL installed on a machine but that would only show that WSL was found (by finding bash.exe) and not that there are vulns. That would be found by a Windows cloud agent or VM scan.
Maybe someone from vuln sigs team could comment whether there are any plans to check WSL for issues ?
Would be interested in a response from vuln sigs as well... There is chatter we might start enabling this functionality and I would love to hear that Qualys will support vuln detection for the subsystem if we do...
Qualys, any updates on this?
Your best bet to get a response from the VulnSigs team would be to raise a support case.
This use case has presented itself in our setup also, would be interested to know if you got anything from Qualys
Ian and I have made internal inquiries, and we are not getting a positive response, so it is likely not supported. I also recommend to file a feature request (i.e. support request).
I have also raised a feature request for this
Retrieving data ...