I've been trying to run a compliance scan on our Debian Linux server and keep getting 'No Data Found'
I've changed the policy technologies to only Debian. The report shows successful auth, not sure what the issue is.
What policies have you selected in the scan?
You might want to include a policy that will check something that you know for sure is configured, e.g. Password length, etc
Try it and let us know
Are you sure these IP's are a part of the Qualys Policy Compliance Module. Sometimes, users add an IP to VM module and not to PC module and later get blank results.
To add IP's to PC module, log into your PC subscription, click Assets-->host assets-->new.
Thanks for reply Deb and B M . I'm trying to run a Hippa policy scan, i also tried to run a NIST Cyber Security Framework scan and got back blank results as well. (Wondering if it's just a Debian problem maybe?)
Also i verified the ip is in the host assets tab. Strange the Vulnerability scan works fine but this doesn't.
Can you check if the asset group in which the host is located has been defined in the 'Policy' that you are using for the scan
Edit the policy (HIPAA in your case), in the section for 'Asset Group', add the one in which your host is found
If this is already the case, then try the following
Go to one of the controls in the policy, edit the control, then click on 'Test', select one of the IP that is given in the list
If no IPs are listed, then it means that the scan has not been run on any of your hosts. If you get a list of IP, select one of them, and test if the control if being properly evaluated
Please also check if authentication record has been configured for the host
Run a 'Authentication Report' on the asset group in which your host is found. Check the status of the authentication. If it failed, it's normal you do not have any results
Authentication Record is mandatory for PC scan to be successful
I verified that the policy does have the right host asset assigned to it. Also the authentication reports successful login. However, when i try to test the control i get this error message.
The control cannot be evaluated for this host. Possible reasons include:
I know Auth was successful ( at least the report says it was)
I'm running Debian linux on the server im testing and the assigned technology is Debian
Please check when the host was last scanned and let us know
Think you should lot a case with Support also for better guidance
What is the version of Debian? Please note that we currently only support version 5.x. I think you are scanning a later version in which case authentication will work but we don't collect any data.
Support for Debian 7/8 is coming very soon.
It is version 7.11. So the vulnerability scan will work but the policy scan won't due to the version?
That is correct. CIDs are tied to specific technologies.
Retrieving data ...