A server can be protected by Security Center only after the Security Center agent is installed on the server. This topic describes how the Security Center agent works. This topic also provides information about the processes of the Security Center agent and supported operating systems.

How the Security Center agent works

The Security Center agent automatically sends connection information about the agent to the Security Center server in real time.

If the Security Center server does not receive information from the agent in 12 hours, the Security Center server considers that the server on which the agent runs is offline. The Security Center server then changes the security status of the server to Unprotected in the console.

Agent processes

On a Linux server, the root user is used to run the processes of the Security Center agent. On a Windows server, the system user is used.

The following table describes the files in the installation path of the Security Center agent and the processes in the files.
Notice To ensure the service continuity of Security Center, we recommend that you do not delete the files or processes listed in the following table from your server. If the files or processes must be deleted, go to the Settings page of the Security Center console, click the General tab, and then turn off Defense Mode in the Client Protection section. Then, find the paths in which the files or processes are stored on your server and delete the files or processes. The following table describes the paths in which the files are stored.
File in the installation path of the Security Center agent Description Time at which the file is downloaded Path in which the file is stored
aegis_client The process in the file is AliYunDun, which is used to establish a connection with the Security Center server. After you install the Security Center agent on your server, the aegis_client file is downloaded to the server.
Note Before you can delete this file, go to the General tab of the Settings page and turn off Defense Mode in the Client Protection section. If Defense Mode is turned on, you cannot uninstall the Security Center agent or delete the files of the agent.
  • 32-bit Windows: C:\Program Files\Alibaba\aegis
  • 64-bit Windows: C:\Program Files (x86)\Alibaba\aegis
  • Linux: /usr/local/aegis
aegis_update The process in the file is AliYunDunUpdate, which is used to regularly check whether the Security Center agent needs to be updated. After you install the Security Center agent on your server, the aegis_update file is downloaded to the server.
  • 32-bit Windows: C:\Program Files\Alibaba\aegis
  • 64-bit Windows: C:\Program Files (x86)\Alibaba\aegis
  • Linux: /usr/local/aegis
AliSecGuard The file is used to implement attack prevention. After you turn on Defense Mode in the Client Protection section on the General tab of the Settings page, the AliSecGuard file is downloaded to your server.
  • 32-bit Windows: C:\Program Files\Alibaba\aegis
  • 64-bit Windows: C:\Program Files (x86)\Alibaba\aegis
  • Linux: /usr/local/aegis
AliNet The file is used to defend your server against network attacks. After you turn on Behavior prevention in the Proactive Defense section on the General tab of the Settings page, the AliNet file is downloaded to your server.
  • 32-bit Windows: C:\Program Files\Alibaba\aegis
  • 64-bit Windows: C:\Program Files (x86)\Alibaba\aegis
  • Linux: /usr/local/aegis
AliWebGuard The file is used to implement web tamper proofing. After you purchase web tamer proofing on the buy page, the AliWebGuard file is downloaded to your server.
  • 32-bit Windows: C:\Program Files\Alibaba\aegis
  • 64-bit Windows: C:\Program Files (x86)\Alibaba\aegis
  • Linux: /usr/local/aegis
AliHips The file is used to defend against viruses and trojans. After you turn on Anti-Virus, Anti-ransomware (Bait Capture), or Webshell Protection in the Proactive Defense section on the General tab of the Settings page, the AliHips file is downloaded to your server.
  • 32-bit Windows: C:\Program Files\Alibaba\aegis
  • 64-bit Windows: C:\Program Files (x86)\Alibaba\aegis
  • Linux: /usr/local/aegis
globalcfg The file is used to store the configuration file of the Security Center agent. After you install the Security Center agent on your server, the globalcfg file is downloaded to your server.
  • 32-bit Windows: C:\Program Files\Alibaba\aegis
  • 64-bit Windows: C:\Program Files (x86)\Alibaba\aegis
  • Linux: /usr/local/aegis
PythonLoader The file is used to store processes that are related to the baseline check and vulnerability fixing features of Security Center. The process is AliSecureCheck. After you perform baseline checks or vulnerability detection on your server, the PythonLoader file is downloaded to your server.
  • 32-bit Windows: C:\Program Files\Alibaba\aegis
  • 64-bit Windows: C:\Program Files (x86)\Alibaba\aegis
  • Linux: /usr/local/aegis

Supported operating systems and versions

Operating system Supported operating system version
Windows
  • Windows 2019
  • Windows 2016
  • Windows 2012
  • Windows 2008
  • Windows 2003
Linux
  • CentOS 5, CentOS 6, CentOS 7, and CentOS 8 (32-bit or 64-bit)
  • Ubuntu 9.10 to Ubuntu 20.10 (32-bit or 64-bit)
  • Debian 6, Debian 7, Debian 8, and Debian 9 (32-bit or 64-bit)
  • RHEL 5, RHEL 6, RHEL 7, and RHEL 8 (32-bit or 64-bit)
  • Gentoo (32-bit or 64-bit)
  • OpenSUSE (32-bit or 64-bit)
  • SUSE (32-bit or 64-bit)
  • Aliyun Linux