The Security Center agent is a local plug-in provided by Security Center. Before you use Security Center to protect your services, you must install the Security Center agent on your servers. This topic describes how to install the Security Center agent.

Background information

If your server does not have the Security Center agent installed, the server is not protected by Security Center. The information about the server, such as vulnerabilities, alerts, baseline risks, and asset fingerprints, is not displayed in the Security Center console.

After you install the Security Center agent, the path of the directory varies based on the operating system:

  • Windows: C:\Program Files (x86)\Alibaba\Aegis
  • Linux: /usr/local/aegis

View the servers where the Security Center agent is not installed

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Overview.
  3. In the Asset Status section of the Overview page, you can view the number of Unprotected servers where the Security Center agent is not installed.
    Note You must install the Security Center agent on each server that needs protection from Security Center.
    Install the Security Center agent
  4. Click Install Agent to go to the Settings page. Click the Agent tab and then the Client to be installed tab. On this tab, you can view the total number and list of servers that do not have the Security Center agent installed.
    Client to be installed
    Note You can also check whether your servers have the Security Center agent installed on the Assets page. The following content describes the status of the Security Center agent:
    • If the status of the Security Center agent is Enable, the Security Center agent is installed and running as expected.
    • If the status of the Security Center agent is Close, the Security Center agent is disconnected from Alibaba Cloud or not installed.
  5. Click the Client Installation Guide tab to choose automatic installation, or download installation files and run commands to install the Security Center agent.
    Client Installation Guide

    You can perform the following operations:

    • Automatic installation

      In the Automatically Install section, click Go to install the client now to go to the Client to be installed tab where you can install the Security Center agent.

      Automatic installation does not require you to download the Security Center agent. For more information, see Automatically install the Security Center agent on only Alibaba Cloud servers.

      Install the agent
    • Manual installation

      The Client Installation Guide tab displays the servers that do not support automatic installation. You must manually install the Security Center agent on these servers. For more information, see Manually install the Security Center agent.

      Manual installation

      Manual installation is applicable to Alibaba Cloud servers, servers that are not deployed on Alibaba Cloud, and on-premises data centers.

Automatically install the Security Center agent on only Alibaba Cloud servers

Before you perform automatic installation, make sure that your server meets the following requirements:
  • Your server must be deployed on Alibaba Cloud. For servers that are not deployed on Alibaba Cloud, you must manually install the Security Center agent.
  • Your Elastic Compute Service (ECS) instance must be deployed in a region that supports automatic installation. For more information, see Regions that support automatic installation.
  • Your server is running.
  • The network of your server is working as expected.
  • Cloud Assistant is installed on your server. For more information, see Cloud Assistant.
  • If third-party security software such as SafeDog or Yunsuo is installed on your server, you may fail to install the Security Center agent. We recommend that you check whether such software is installed on your server before you install the Security Center agent. If the third-party security software is already installed on your server, we recommend that you disable or uninstall the software before you install the agent.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Agent tab.
  4. On the Client to be installed tab of the Agent tab, find the server that you want to manage and click Install the client in the Actions column. You can also select multiple servers and click One-click installation in the lower-left corner.
    Install the agent
    Approximately five minutes after the installation is complete, you can view the status of the Agent on the Assets page. The status in the Agent column changes from Close to Enable. Server status
    Note If the status in the Agent column is Failed and a message appears indicating that Cloud Assistant is not installed, install Cloud Assistant before you install the Security Center agent. For more information about how to install Cloud Assistant, see Cloud Assistant.

Manually install the Security Center agent

In the following cases, you must manually install the Security Center agent.
  • Your server is not deployed on Alibaba Cloud.
  • Your server is deployed in the classic network.
  • Your ECS instance is deployed in a region that does not support automatic installation. For more information, see Regions that support automatic installation.
  • Your server runs one of the following operating systems: Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2008, or Windows Server 2003.
  • Cloud Assistant is not installed on your server. For more information, see Cloud Assistant.
  • For a server that is not deployed on Alibaba Cloud and is deployed in an on-premises network through Express Connect circuits, you must add the Domain Name System (DNS) addresses of Security Center to the host file on your server. If the DNS records are not added, automatic installation is not supported.

    Perform the following steps to add the DNS records of Security Center:

    1. Find the host file in your server based on the operating system that your server runs:
      • Linux: /etc/hosts
      • Windows: c:\windows\system32\drivers\etc\hosts
    2. Add the following DNS records to the host file.
      • 100.100.25.3 jsrv.aegis.aliyun.com
      • 100.100.32.65 jsrv.aegis.aliyun.com
      • 100.100.25.4 update.aegis.aliyun.com
      • 100.100.25.4 aegis.alicdn.com
Note
  • Do not install the Security Center agent on servers that do not require protection from Security Center, for example, on-premises debugging servers or your personal computers.
  • Before you manually install the Security Center agent, make sure that the server is running and the network is working as expected.
  • We recommend that you do not run the installation command in a subdirectory of the /usr/local/aegis/ directory. Otherwise, the directory will be cleared when you run the command. We recommend that you run the installation command in the root directory of the server.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Agent tab.
  4. Scroll down on the Client Installation Guide tab and download the latest Security Center agent based on the operating system that your server runs.
    Manual installation
    • Windows

      1. On the Agent tab, click Click to download to download the latest installation file to your on-premises computer.
      2. Upload the installation file to your Windows server. You can use an FTP tool to upload the file.
      3. Run the Security Center agent installer on your Windows server as an administrator.
      4. To install the Security Center agent on a server that is not deployed on Alibaba Cloud, you must enter an installation key. You can obtain the installation key on the Agent tab.Windows
        Note Each installation key is valid for one hour. After an installation key expires, it becomes invalid. Enter a valid installation key before you install the agent.
    • Linux

      1. On the Agent tab, select Alibaba Cloud Server or Non-Alibaba Server based on your server type.
      2. Log on to your Linux server as an administrator.
      3. Copy the installation command for 32-bit Linux or 64-bit Linux to your server based on the operating system that your server runs.
      4. Run the installation command on your server to download and install the Security Center agent.
      Note After you run the installation command, the latest Security Center agent is downloaded from Alibaba Cloud. If you are using a server that is not deployed on Alibaba Cloud, make sure that the server is connected to the Internet before you run the installation command.
    Approximately five minutes after the installation is complete, you can view the status of the Agent on the Assets page.
    • The status in the Agent column changes from Close to Enable.
    • Servers that are not deployed on Alibaba Cloud are added to the server list on the Assets page.
      Notice Due to network latency, servers that are not deployed on Alibaba Cloud or on-premises servers that have the Security Center agent installed may not be synchronized to the Assets page in a timely manner. In this case, you must click Synchronize Asset on the Assets page to update relevant information.

Install the Security Center agent on servers that are not deployed on Alibaba Cloud

For a Windows server that is not deployed on Alibaba Cloud, download the installer to install the Security Center agent. For a Linux server that is not deployed on Alibaba Cloud, run the installation command to install the Security Center agent. For more information, see Manually install the Security Center agent.

If you have installed the Security Center agent on a server that is not deployed on Alibaba Cloud in the following ways, delete the directory of the Security Center agent and follow the manual installation instructions to reinstall it. For more information, see Manually install the Security Center agent.
  • Use an image to install the Security Center agent on multiple servers at a time.
  • If the Security Center agent has been installed on a server, you can copy the agent files from this server.

What to do next

We recommend that you perform the following steps to check whether the Security Center agent is installed.

  1. Check whether the AliYunDun and AliYunDunUpdate processes of the Security Center agent are running as expected on your server. For more information about processes of the Security Center agent, see Security Center agent.
  2. Run the following telnet commands to check whether your server can connect to the Security Center server.
    Note Make sure that your server can connect to at least one of the following JSRV domain names and one of the following update domain names.
    • telnet jsrv.aegis.aliyun.com 80
    • telnet jsrv2.aegis.aliyun.com 80
    • telnet jsrv3.aegis.aliyun.com 80
    • telnet update.aegis.aliyun.com 80
    • telnet update2.aegis.aliyun.com 80
    • telnet update3.aegis.aliyun.com 80

For more information about installation failures, see Identify why the agent is offline.

Regions that support automatic installation

District Region
Asia Pacific China (Hangzhou)
China (Shanghai)
China East 2 Finance
China (Qingdao)
China (Beijing)
China (Zhangjiakou-Beijing Winter Olympics)
China (Hohhot)
China (Shenzhen)
China (Hong Kong)
Singapore (Singapore)
Australia (Sydney)
Malaysia (Kuala Lumpur)
Indonesia (Jakarta)
Japan (Tokyo)
Europe & Americas Germany (Frankfurt)
UK (London)
US (Silicon Valley)
US (Virginia)
Middle East & India India (Mumbai)
UAE (Dubai)

References

Install the Security Center agent on multiple Alibaba Cloud ECS instances