The Security Center agent is a local plug-in provided by Security Center. To use the protection services provided by Security Center, you must install the Security Center agent on the operating system of your server. This topic describes how to install the Security Center agent.

Background information

If your server does not have the Security Center agent installed, the server is not protected by Security Center. The security data of this server such as vulnerabilities, alerts, baseline vulnerabilities, and asset fingerprints are not displayed in the Security Center console.

After you install the agent, the agent files are stored in the following paths:

  • Windows: C:\Program Files (x86)\Alibaba\Aegis
  • Linux: /usr/local/aegis

How do I determine assets that need the Security Center agent?

  1. Log on to the Security Center.
  2. In the left-side navigation pane, click Overview.
  3. In the Asset Status section of the Overview, view the number of Unprotected assets on which the agent is not installed.
    Note You must install the agent on each server.
    Install the Security Center agent
  4. Click Install Agent to go to the Settings > Agent > Client to be installed page, you can view the total number and a list of servers that do not have the Security Center agent installed.
    Client to be installed
    Note You can also check whether your servers have the Security Center agents installed on the Assets page.
    • If the agent state is Enable, the Security Center agent is installed and enabled.
    • If the agent state is Close, it indicates that the Security Center agent is not installed or the agent is offline.
  5. Click Client Installation Guide, you can choose automatic installation, or download the installation file and run commands to install the agent on these servers.
    Installation Guide
    • Automatic installation

      In the Automatically Install section, click Go to install the client now to the Client to be installed page to install the agent.

      Automatic installation does not require you to download the agent. For more information, see Automatic installation (only supported by Alibaba Cloud servers).

      Install the agent
    • Manual installation

      For servers that do not support automatic installation, you can scroll down to view the instructions for manual installation on the Client Installation Guide page. For more information, see Manual installation.

      Manual installation

      Manual installation is applicable to Alibaba cloud servers, non-Alibaba Cloud servers, and offline IDC servers.

Automatic installation (only supported by Alibaba Cloud servers)

Before you enable automatic installation, make sure that your server meets the following requirements:
  • The server must be provided by Alibaba Cloud. The agent for non-Alibaba Cloud servers must be manually installed.
  • If the server is an Elastic Compute Service (ECS) instance, it must be deployed in a region that supports automatic installation. For more information, see Regions that support automatic installation.
  • The server is running.
  • The server is connected to the network.
  • The Cloud Assistant is installed on the server.
  • If any third-party security software such as Fortinet or FortiGate is installed on your servers, you may fail to install the Security Center agent. We recommend that you check whether any third-party security software is installed on your server before you install the Security Center agent. If the third-party security software is already installed on your servers, we recommend that you disable or uninstall the software before you install the agent.

Procedure

  1. Log on to the Security Center.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Agent Tab.
  4. On the Agent > Client to be installed page, find the target server and click Install Agent in the Actions column. You can also select multiple servers and click Install in the lower-left corner to install the agent on the specified servers at the same time.
    Install the agent
    You can check the agent state of the server on the Assets page five minutes after the Security Center agent is installed. The agent state has changed from Close to Enable. Server status
    Note If the agent is in the Failed state and an error message is returned indicating that the Cloud Assistant is not installed, you must install the Cloud Assistant before you reinstall the Security Center agent.

Manual installation

In either of the following situations, automatic installation is not supported. You must manually install the Security Center agent.
  • The server is a non-Alibaba Cloud server.
  • The server connects to Alibaba Cloud services over a classic network.
  • The ECS instance is deployed in a region that does not support automatic installation. For more information, see Regions that support automatic installation..
  • The server runs one of the following operating systems: Windows 2019, Windows 2016, Windows 2012, Windows 2008, or Windows 2003.
  • The Cloud Assistant is not installed on the server.
  • For a non-Alibaba Cloud server that is connected through a leased line or an intranet, you must add the Domain Name System (DNS) address mappings of the Security Center to the host file on the server. If no DNS address mapping is added, the agent cannot be automatically installed.

    Follow these steps to add a DNS address mappings:

    1. Find the host file of the server.
      • Linux: /etc/hosts
      • Windows: c:\windows\system32\drivers\etc\hosts
    2. Add the following DNS address mappings to the host file.
      • 100.100.25.3 jsrv.aegis.aliyun.com
      • 100.100.32.65 jsrv.aegis.aliyun.com
      • 100.100.25.4 update.aegis.aliyun.com
      • 100.100.25.4 aegis.alicdn.com
Note
  • Before you manually install the Security Center agent, make sure that the server is running and connected to the network as expected.
  • We recommend that you do not run the install command in the subdirectory of /usr/local/aegis/ directory. Otherwise, the directory will be emptied when you run the command. We recommend that you run the command in the root directory of the server.

Procedure

  1. Log on to the Security Center.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Agent Tab.
  4. Scroll down on the Client Installation Guide page, follow the steps and download the latest agent based on the operating system of your server.
    Manual installation
    • Windows operating system

      1. On the Agent page, click Click to download to download the latest installation file to your local computer.
      2. Upload the installation file to your Windows server. You can use an FTP tool to upload the file.
      3. Run the Security Center agent installer on your Windows server as an administrator.
      4. If you install an agent on a non-Alibaba Cloud server, you must enter the verification key to associate the server with your Alibaba Cloud account. You can retrieve the installation verification key on the Agent page.
        Note Each installation key is valid for one hour. After an installation key expires, you cannot use it to install the Security Center agent. You must renew the verification key before you install the agent.
    • Linux operating system

      1. On the Agent page, scroll down to the Linux OS section and select Alibaba Cloud Servers or Non-Alibaba Servers based on the type of your server.
      2. Log on to your Linux-based server as an administrator.
      3. Copy the install command for 32-bit Linux or 64-bit Linux based on the operating system of your server.
      4. Run the command on your server to download and install the Security Center agent.
      Note The install command downloads the latest version of the Security Center agent from the Alibaba Cloud website. If you are using a non-Alibaba Cloud server, make sure that your server has access to the Internet before you run the command.
    You can check the agent state of the server on the Assets page in the Security Center console five minutes after the Security Center agent is installed.
    • The agent state has changed from Close to Enable.
    • Non-Alibaba Cloud servers that have the Security Center agent installed are added to the server list on the Assets page.
    Note Do not install the Security Center agent on servers that do not require the protection of Security Center, for example, offline debugging servers and personal computers.

Install the Security Center agent on non-Alibaba Cloud servers

For a Windows-based non-Alibaba Cloud server, download the installer to install the agent. For a Linux non-Alibaba Cloud server, run the relevant command to install the agent. For more information, see Manual installation.

If you have installed the Security Center agent on a non-Alibaba Cloud server by using either of the following methods, delete the directory of the Security Center agent and follow the manual installation instructions to reinstall the agent.
  • Use an image that includes the Security Center agent to install the agent on multiple non-Alibaba Cloud servers at a time.
  • If the Security Center agent has been installed on a server, you can copy the agent file from this server to install the agent on another server.

What to do next

Follow these steps to verify that your server has the Security Center agent installed.

  1. Check whether the AliYunDun and AliYunDunUpdate processes of the Security Center agent are running as expected on your server. For more information about the processes of the Security Center agent, see Security Center agent overview.
  2. Run the following telnet commands to check whether your server can connect to the Security Center servers.
    Note Make sure that your server can connect to at least one of the following jsrv domain names and one of the following update domain names.
    • telnet jsrv.aegis.aliyun.com 80
    • telnet jsrv2.aegis.aliyun.com 80
    • telnet jsrv3.aegis.aliyun.com 80
    • telnet update.aegis.aliyun.com 80
    • telnet update2.aegis.aliyun.com 80
    • telnet update3.aegis.aliyun.com 80

For more information about installation failures, see Troubleshoot the problem of Security Center agent going offline.

Regions that support automatic installation

Supported district Supported region
Asia Pacific China (Hangzhou)
China (Shanghai)
China East 2 Finance
China (Qingdao)
China (Beijing)
China (Zhangjiakou-Beijing Winter Olympics)
China (Hohhot)
China (Shenzhen)
China (Hong Kong)
Singapore
Australia (Sydney)
Malaysia (Kuala Lumpur)
Indonesia (Jakarta)
Japan (Tokyo)
Europe and Americas Germany (Frankfurt)
UK (London)
US (Silicon Valley)
US (Virginia)
Middle East and India India (Mumbai)
UAE (Dubai)

Related topics

Install and uninstall a Security Center agent

Install the Security Center agent on multiple Alibaba Cloud ECS instances