All Products
Search
Document Center

Security Center:Install the Security Center agent

Last Updated:Nov 14, 2024

Security Center can protect and manage your server only after you install the Security Center agent on your server. The protection and management capabilities include asset information collection, risk detection, and compliance-related baseline checks. The Security Center agent is a software component that can be installed on servers to collect and analyze logs and data, and monitor and detect threats on the servers. This topic describes how to install the Security Center agent on a server.

View the servers on which the Security Center agent is not installed

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

  2. In the left-side navigation pane, choose System Configuration > Feature Settings.

  3. On the Agent > Agent Not Installed tab, view the number and list of servers on which the Security Center agent is not installed.

Note

You cannot install the Security Center agent on a server that belongs to a different account. If you want to use Security Center to protect cross-account resources, we recommend that you use the multi-account management feature. For more information, see Use the multi-account management feature.

Initiate automatic installation on specific Elastic Compute Service (ECS) instances

Prerequisites

Before you initiate automatic installation, make sure that your server meets the following requirements:

  • Your server is an ECS instance. The Security Center agent cannot be automatically installed on servers that are not deployed on Alibaba Cloud. You must manually install the agent on these servers. For more information, see Manually install the Security Center agent.

  • Your server has Cloud Assistant installed. If Cloud Assistant is not installed on your server, you must install Cloud Assistant on your server. Then, you can initiate automatic installation to install the Security Center agent.

  • Your server is running, and the network connection of your server is normal.

  • Your server is deployed in a virtual private cloud (VPC).

  • Third-party security software installed on your server is disabled, or no third-party security software is installed on your server. The third-party security software may cause the Security Center agent to fail to be installed.

  • Your ECS instance resides in a region that supports automatic installation. If your ECS instance does not reside in one of the following regions, you cannot initiate automatic installation.

    Regions that support automatic installation

    Region category

    Region

    Asia Pacific

    • China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Hong Kong), and China East 2 Finance

    • Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), and Japan (Tokyo)

    Europe & Americas

    Germany (Frankfurt), UK (London), US (Silicon Valley), and US (Virginia)

    Middle East and India

    UAE (Dubai)

Procedure

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

  2. In the left-side navigation pane, choose System Configuration > Feature Settings.

  3. On the Agent > Agent Not Installed tab, find the server on which you want to install the agent and click Install Agent in the Actions column. In the message that appears, click OK.

    You can select multiple servers and click Install to install the Security Center agent on the servers at a time.

    You can view the status of the Security Center agent on the Assets > Host > Server tab approximately 5 minutes after the agent is installed. If the Security Center agent is installed on the server, the 客户端在线 icon is displayed in the Agent column of the server. Before the agent is installed, the 客户端离线 icon is displayed in the column.

Manually install the Security Center agent

If your server does not meet the requirements for automatic installation of the Security Center agent, you can manually install the Security Center agent on the server or create an image to install the Security Center agent on multiple servers at a time.

    Important
    • If you already installed the Security Center agent on your server, uninstall the Security Center agent and delete the existing files in the installation directory of the agent. For more information, see Uninstall the Security Center agent.

      The default installation directory of the Security Center agent varies based on the operating systems:

      • Windows: C:\Program Files (x86)\Alibaba\Aegis

      • Linux: /usr/local/aegis

    • If you want to manually install the Security Center agent on your server, you must download the latest version of the Security Center agent from Alibaba Cloud. If your server is not deployed on Alibaba Cloud, make sure that the server is connected to the Internet.

Manually install the Security Center agent on a server

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

  2. In the left-side navigation pane, choose System Configuration > Feature Settings.

  3. On the Agent > Installation Command tab, view the command that is required to manually install the Security Center agent.

    • Use a default command

      Security Center provides default commands for ECS instances and servers to which the External host tag is added. You can copy a default installation command based on the type and operating system of your server. Then, run the installation command by using the administrator account to install the Security Center agent on your server.

      Note

      A server on which the Security Center agent is installed by using a default installation command belongs to the Default server group. After the Security Center agent is installed on the server, you can specify another group for the server. For more information, see Manage servers.

      image.png

    • Create an installation command

      If you want to create an image command or you want Security Center to add the server on which an installation command is run to a specific server group, you can perform the following operations to create an installation command:

      Click Create Installation Command. In the Create Installation Command dialog box, configure the parameters and click OK. Then, view and copy the installation command that is created on the Installation Command tab. The following table describes the parameters.

      Parameter

      Description

      Expiration Time

      Specify the time when the installation command expires.

      Service Provider

      Select the provider of your server from the drop-down list.

      Default Group

      Select the server group of your server on which you want to install the Security Center agent.

      OS

      Select the operating system of your server on which you want to install the Security Center agent.

      Create Image System

      Select No to install the Security Center agent on a single server.

      If you want to use an image to install the Security Center agent on multiple servers at a time, select Yes. For more information about how to install the Security Center agent on multiple servers at a time, see Install the Security Center agent on multiple servers by creating an image.

      Select Proxy

      Specify whether to add the server to Security Center by using the proxy access feature. Valid values:

      • Do Not Access Proxy.

      • Self-managed Proxy Cluster: You can select this option to add a server that is inaccessible over the Internet to Security Center for protection by using the proxy access feature. If you select this option, you must select a proxy cluster. For more information about how to use the proxy access feature, see Add servers to Security Center by using the proxy access feature.

    • Use a special command

      In the following scenarios, you can use a special command to install the Security Center agent on a server.

      Important
      • The server on which you want to run the special command can connect to the Internet, or can connect to Security Center over a leased line or VPN.

      • Servers that do not run the 32-bit Linux operating system.

      • You must replace the value of -k in the special command with the key that is required to install the Security Center agent. For more information about how to obtain the key, see Use a default command. Copy the value of -k in an installation command based on your operating system.

      When you add a server that resides outside the Chinese mainland and is not deployed on Alibaba Cloud to Security Center through a leased line in a region, you need to specify the endpoint of Security Center in the region. Therefore, make sure that a Security Center endpoint is accessible before you install the Security Center agent on the server.

      Security Center endpoints by region

      Region

      Endpoint

      Malaysia (Kuala Lumpur)

      • jsrv-ap-southeast-3.aegis.aliyuncs.com

      • update-ap-southeast-3.aegis.aliyuncs.com

      Philippines (Manila)

      • jsrv-ap-southeast-6.aegis.aliyuncs.com

      • update-ap-southeast-6.aegis.aliyuncs.com

      South Korea (Seoul)

      • jsrv-ap-northeast-2.aegis.aliyuncs.com

      • update-ap-northeast-2.aegis.aliyuncs.com

      Thailand (Bangkok)

      • jsrv-ap-southeast-7.aegis.aliyuncs.com

      • update-ap-southeast-7.aegis.aliyuncs.com

      SAU (Riyadh - Partner Region)

      • jsrv-me-central-1.aegis.aliyuncs.com

      • update-me-central-1.aegis.aliyuncs.com

      Indonesia (Jakarta)

      • jsrv-ap-southeast-5.aegis.aliyuncs.com

      • update-ap-southeast-5.aegis.aliyuncs.com

      UK (London)

      • jsrv-eu-west-1.aegis.aliyuncs.com

      • update-eu-west-1.aegis.aliyuncs.com

      Germany (Frankfurt)

      • jsrv-eu-central-1.aegis.aliyuncs.com

      • update-eu-central-1.aegis.aliyuncs.com

      Japan (Tokyo)

      • jsrv-ap-northeast-1.aegis.aliyuncs.com

      • update-ap-northeast-1.aegis.aliyuncs.com

      US (Silicon Valley)

      • jsrv-us-west-1.aegis.aliyuncs.com

      • update-us-west-1.aegis.aliyuncs.com

      US (Virginia)

      • jsrv-us-east-1.aegis.aliyuncs.com

      • update-us-east-1.aegis.aliyuncs.com

      Installation command

      • Malaysia (Kuala Lumpur)

        • Linux

          wget "https://aegis.alicdn.com/download/install/2.0/linux/AliAqsInstall.sh" && chmod +x AliAqsInstall.sh && ./AliAqsInstall.sh  "-j=jsrv-ap-southeast-3.aegis.aliyuncs.com|jsrv-ap-southeast-1-internet.aegis.aliyuncs.com" "-u=update-ap-southeast-3.aegis.aliyuncs.com|aegis.alicdn.com|update-ap-southeast-1-internet.aegis.aliyuncs.com" -k= Replace the value of -k with your installation key.
        • Windows

          powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://aegis.alicdn.com/download/install/2.0/windows/AliAqsInstall.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\AliAqsInstall.exe'))"; "./AliAqsInstall.exe '-j=jsrv-ap-southeast-3.aegis.aliyuncs.com|jsrv-ap-southeast-1-internet.aegis.aliyuncs.com' '-u=update-ap-southeast-3.aegis.aliyuncs.com|aegis.alicdn.com|update-ap-southeast-1-internet.aegis.aliyuncs.com' -k= Replace the value of -k with your installation key."
      • Other regions

        Replace $jsrv_domain with the endpoint that starts with jsrv, and $update_domain with the endpoint that starts with update.

        • Linux

          wget "https://aegis.alicdn.com/download/install/2.0/linux/AliAqsInstall.sh" && chmod +x AliAqsInstall.sh && ./AliAqsInstall.sh  "-j=$jsrv_domain|jsrv-ap-southeast-1-internet.aegis.aliyuncs.com" "-u=$update_domain|aegis.alicdn.com|update-ap-southeast-1-internet.aegis.aliyuncs.com" -k= Replace the value of -k with your installation key.
        • Windows

          powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://aegis.alicdn.com/download/install/2.0/windows/AliAqsInstall.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\AliAqsInstall.exe'))"; "./AliAqsInstall.exe '-j=$jsrv_domain|jsrv-ap-southeast-1-internet.aegis.aliyuncs.com' '-u=$update_domain|aegis.alicdn.com|update-ap-southeast-1-internet.aegis.aliyuncs.com' -k= Replace the value of -k with your installation key."
  4. Log on to the server by using an account that has administrative rights and run the installation command based on the operating system of the server.

    • Windows: Open the Command Prompt window and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded and installed on the server.

    • Linux: Open the CLI of the server and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded and installed on the server.

Install the Security Center agent on multiple servers by creating an image

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

  2. In the left-side navigation pane, choose System Configuration > Feature Settings.

  3. On the Agent > Installation Command tab, click Create Installation Command.

  4. In the Create Installation Command dialog box, configure the parameters and click OK to create an installation command.

    Parameter

    Description

    Expiration Time

    Specify the time when the installation command expires.

    Service Provider

    Select the provider of your server from the drop-down list.

    Default Group

    Select the server group of your server on which the installation command can be run.

    OS

    Select the operating system of your server on which you want to install the Security Center agent.

    Create Image System

    Select Yes.

  5. Copy the installation command and add the latest version number -v=11_62 of the Security Center agent to the installation command. The setting varies based on the operating system of the server.

    • Windows: powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://aegis.alicdn.com/download/install/2.0/windows/AliAqsInstall.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\AliAqsInstall.exe'))"; "./AliAqsInstall.exe -i -v=11_62 -k=IMAGEwH****"

    • Linux: wget "https://aegis.alicdn.com/download/install/2.0/linux/AliAqsInstall.sh" && chmod +x AliAqsInstall.sh && ./AliAqsInstall.sh -i -v=11_62 -k=IMAGE19****

  6. Log on to the server by using an account that has administrative rights and run the installation command after modification on the server.

    • Windows: Open the Command Prompt window and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded and installed on the server.

    • Linux: Open the CLI of the server and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded and installed on the server.

    After you run the installation command on the server, the installation package of the Security Center agent is downloaded. After the agent is installed on the server, you can create an image for the operating system of the server. Then, you can use the image as a template to install the Security Center agent on multiple servers at a time. After you create the image, you must restart the server. This way, you can start the processes of the Security Center agent to enable Security Center to protect the server. In this case, the installation command is also referred to as an image command. For more information about the image command, see the "Install the Security Center agent on multiple servers by creating an image" section of this topic.

  7. After the Security Center agent is installed, shut down the server as prompted and create an image for the operating system of the server.

    Important
    • You cannot restart the server until the image is created. Otherwise, the image becomes invalid.

    • If you want to create an image for the operating system of a server multiple times, you must perform all the steps provided in Install the Security Center agent on multiple servers by creating an image each time you create the image.

    • After you run the image command, the AliYunDun and AliYunDunUpdate processes are not started on the server, and the Security Center agent is not in the Online state. You must restart the server. Then, the status of the Security Center agent is updated to Online.

  8. After you create the image for the operating system of the server, restart the server.

    After the server is restarted, the status of the Security Center agent on the server changes to Online.

Check whether the Security Center agent is installed

After the Security Center agent is installed on a server, Security Center downloads the agent-related files to the server and starts the processes of the Security Center agent. You can view the status of the Security Center agent in the console or the status of the processes to check whether the Security Center agent is installed.

Method 1: Verify the processes of the Security Center agent

After the Security Center agent is installed on a server, you can check whether the processes of the Security Center agent run as expected and whether the server is connected to Security Center. If yes, the Security Center agent is successfully installed.

  1. Check whether the AliYunDun and AliYunDunUpdate processes of the Security Center agent run as expected on your server. For more information about the processes of the Security Center agent, see Processes of the Security Center agent.

  2. Run the following telnet commands to check whether your server can connect to Security Center:

    Note

    Make sure that your server can connect to at least one of the following JSRV domain names and one of the following update domain names. JSRV domain names are used to issue instructions such as vulnerability detection and virus detection, and update domain names are used to download and update the Security Center agent.

    • telnet jsrv.aegis.aliyun.com 443/80

    • telnet jsrv2.aegis.aliyun.com 443/80

    • telnet jsrv3.aegis.aliyun.com 443/80

    • telnet update.aegis.aliyun.com 443/80

    • telnet update2.aegis.aliyun.com 443/80

    • telnet update3.aegis.aliyun.com 443/80

Method 2: Verify the installation in the Security Center console (time limited)

Approximately 5 minutes after the Security Center agent is installed on your server, you can check whether the agent of the server is online on the Host page of the Security Center console. If the following conditions are met, the agent is online:

  • The icon in the Agent column of ECS instances changes from 未防护图标 to 已防护图标.

  • Servers that are not deployed on Alibaba Cloud are added to the server list, and the icon in the Agent column changes from 未防护图标 to 已防护图标.

    Important

    The information about servers on which the Security Center agent is installed is automatically synchronized every minute to the Security Center console. Due to network latency, the information about a server that is not deployed on Alibaba Cloud and has the Security Center agent installed may not be immediately displayed on the Host page. In this case, you must click Synchronize Assets to manually synchronize the server information. For more information, see Synchronize the information about the most recent servers.

If the verification is not passed, check whether the agent is offline. For more information, see Troubleshoot why the Security Center agent is offline.

References