The Security Center agent is a local plug-in provided by Security Center. Before you
can use Security Center to protect your server, you must install the Security Center
agent on your server. This topic describes how to install the Security Center agent.
Background information
Your server is protected by Security Center and the information about the server is
displayed in the Security Center console only after your server has the Security Center
agent installed. The information includes vulnerabilities, alerts, baseline risks,
and asset fingerprints.
After you install the Security Center agent, the installation path of the agent varies
based on the operating system of your server:
- Windows: C:\Program Files (x86)\Alibaba\Aegis
- Linux: /usr/local/aegis
View the servers on which the Security Center agent is not installed
- Log on to the Security Center console.
- In the left-side navigation pane, click Overview.
- On the Overview tab, view the value of Unprotected assets (ECS) in the section that displays the overview of your Security Center edition. This parameter
specifies the servers that do not have the Security Center agent installed.
Note You must install the Security Center agent on each server that requires protection
from Security Center.

- Click Install now to go to the Settings page. Click the Agent tab and then the Client to be installed tab. On the Client to be installed tab, view the total number and list of servers that do not have the Security Center
agent installed.

Note You can also view the status of the Security Center agent on the
Server(s) tab of the
Assets page. The following list describes the status of the Security Center agent:
- If the status of the agent is Enable, the Security Center agent is installed and running as expected.
- If the status of the agent is Close, the Security Center agent is not installed or is disconnected from Alibaba Cloud.
- Click the Client Installation Guide tab to install the Security Center agent. Automatic installation and manual installation
are supported.
You can install the agent by using one of the following methods:
- Automatic installation
If you initiate automatic installation, you need only to install the Security Center
agent in the Security Center console with a few clicks. No plug-ins are required.
For more information, see Initiate automatic installation on ECS instances.
Note Automatic installation is suitable only for the Elastic Compute Service (ECS) instances
that have Cloud Assistant installed. If your server is not deployed on Alibaba Cloud
or your ECS instance does not have Cloud Assistant installed, you must manually install
the Security Center agent on your server.
- Manual installation
To manually install the Security Center agent, you must create installation commands
on the Client Installation Guide tab. For more information, see Manually install the Security Center agent on your server.
Note Manual installation is suitable only for the ECS instances that do not have Cloud
Assistant installed and the servers that are not deployed on Alibaba Cloud.
Initiate automatic installation on ECS instances
Automatic installation indicates that you can install the Security Center agent in
the Security Center console.
Before you initiate automatic installation, make sure that your server meets the following
requirements:
- Your server is an ECS instance.
Automatic installation cannot be used for the servers that are not deployed on Alibaba
Cloud. To install the Security Center agent for these servers, you can use manual installation.
- Your server has Cloud Assistant installed.
If Cloud Assistant is not installed on your server, you must install Cloud Assistant on your server. Then, you can initiate automatic installation to install the Security
Center agent.
- The ECS instance on which you want to install the Security Center agent is deployed
in a region that supports automatic installation.
For more information about supported regions, see Regions that support automatic installation.
- Your server is running.
- The network connection of your server is normal.
- If third-party security software is installed on your server, you may fail to install
the Security Center agent. Before you install the Security Center agent, we recommend
that you check whether such software is installed on your server. If third-party security
software is installed on your server, we recommend that you disable or uninstall the
software before you install the agent.
Procedure
- Log on to the Security Center console.
- In the left-side navigation pane, click Settings.
- On the Settings page, click the Agent tab.
- On the Client to be installed tab of the Agent tab, find the server that you want to install the agent and click Install the client in the Actions column. You can select multiple servers and click One-click installation in the lower-left corner.
Approximately 5 minutes after the agent is installed, you can view the status of the
Security Center agent on the
Assets page. The status in the
Agent column changes from
Close to
Enable.
Note If the status in the Agent column is
Failed and a message appears indicating that
Cloud Assistant is not installed, you must install Cloud Assistant before you install the Security Center agent. For
more information about how to install Cloud Assistant, see
Cloud Assistant.
Manually install the Security Center agent on your server
If your server is deployed on a third-party cloud or in a data center, or your ECS
instance is deployed in a region that does not support automatic installation, you
must manually install the Security Center agent. For more information, see Regions that support automatic installation.
Procedure
- Log on to the Security Center console.
- In the left-side navigation pane, click Settings.
- On the Settings page, click the Agent tab.
- Click the Client Installation Guide tab.
Security Center provides four default installation commands on the Client Installation Guide tab. If you do not want Security Center to create an image based on an installation
command, or you do not want the server on which the installation command is run to
be automatically added to a specified server group, you can select an installation
command based on the type of your server and the operating system that your server
runs. Then, you can run a default command to install the Security Center agent on
your server.
- Optional:On the Client Installation Guide tab, click Add Installation Command to create an installation command.
Notice If you use a default installation command, skip this step.
You can create an installation command to achieve the following purposes:
- Enable Security Center to create an image based on the installation command, and use
the image to preinstall the Security Center agent on multiple servers.
- Bind a server group to the installation command. After you run the command to install
the Security Center agent on a server, the server is automatically added to the server
group.
- In the Add Installation Command dialog box, configure the parameters.
The following table describes the parameters.
Parameter |
Description |
Expiration time |
The time when the installation command expires. |
Service Provider |
The provider of your server. |
Default grouping |
The server group that you want to bind to the installation command. |
Operating system |
The operating system in which the installation command can be run. Valid values: Windows,
Linux, and windows-2003.
|
Making Image System |
Specifies whether to enable Security Center to create an image. Valid values: Yes
and No.
- If you select Yes, Security Center automatically creates an image based on the installation command.
You can use the image to preinstall the Security Center agent on multiple servers
at a time without the need to run the installation command on each server.
Note After you run the installation command on your server, only the installation package
of the Security Center agent is downloaded to the server. The process of the Security
Center agent is not started. If you want Security Center to protect your server, you
must restart the server to start the process of the Security Center agent.
- If you select No, Security Center generates an installation command but does not create an image based
on the installation command.
|
- Click OK. An installation command is generated. Then, copy the command.
You can view the generated installation command on the Client Installation Guide tab.
- Log on to the server on which you want to install the agent by using an account that
has administrative rights.
The tool that you can use to run the installation command varies based on the operating
system of the server.
- Windows: Open the Command Prompt and run the installation command that you copied. Then,
the installation package of the Security Center agent is downloaded to and installed
on the server.
- Linux: Open the CLI and run the installation command that you copied. Then, the installation
package of the Security Center agent is downloaded to and installed on the server.
Notice After you run the installation command, the latest version of the Security Center
agent is downloaded from Alibaba Cloud. If you use a server that is not deployed on
Alibaba Cloud, make sure that the server is connected to the Internet before you run
the installation command.
You can view the status of the agent on the
Assets page approximately 5 minutes after the agent is installed.
- If you use an ECS instance, the status in the Agent column of the instance changes from Close to Enable.
- If you use a server that is not deployed on Alibaba Cloud, the server is added to
the server list on the Assets page.
Notice Due to network latency, a server that is not deployed on Alibaba Cloud and has the
Security Center agent installed may not be immediately displayed on the Assets page. In this case, you must click Synchronize Asset on the Server(s) tab of the Assets page to update the information about the server.
Install the Security Center agent on the servers that are not deployed on Alibaba
Cloud
For a Windows server that is not deployed on Alibaba Cloud, you can download the installer
to install the Security Center agent. For a Linux server that is not deployed on Alibaba
Cloud, you can run the installation command to install the Security Center agent.
For more information, see Manually install the Security Center agent on your server.
If you installed the Security Center agent on a server that is not deployed on Alibaba
Cloud in the following ways, delete the directory of the Security Center agent. Then,
follow the manual installation instructions to reinstall the Security Center agent.
- Use an image that includes the Security Center agent to install the Security Center
agent on multiple servers at a time.
- Copy the installation package from a server on which the Security Center agent is
installed to install the Security Center agent.
Check whether the Security Center agent is installed
We recommend that you perform the following steps to check whether the Security Center
agent is installed.
- Check whether the AliYunDun and AliYunDunUpdate processes of the Security Center agent are running as expected on your server. For
more information about the processes of the Security Center agent, see Security Center agent.
- Run the following telnet commands to check whether your server can connect to the
Security Center server:
Note Make sure that your server can connect to at least one of the following JSRV domain
names and one of the following update domain names. JSRV domain names are used to
issue instructions such as vulnerability detection and virus detection. Update domain
names are used to download and update the Security Center agent.
telnet jsrv.aegis.aliyun.com 443/80
telnet jsrv2.aegis.aliyun.com 443/80
telnet jsrv3.aegis.aliyun.com 443/80
telnet update.aegis.aliyun.com 443/80
telnet update2.aegis.aliyun.com 443/80
telnet update3.aegis.aliyun.com 443/80
If your server cannot connect to the Security Center server, perform troubleshooting.
For more information, see Troubleshoot why the Security Center agent is offline.
Regions that support automatic installation
The following table lists the regions that support automatic installation. If your
ECS instance is not deployed in one of the following regions, you cannot install the
Security Center agent on your instance with a few clicks.
District |
Region |
Asia Pacific |
China (Hangzhou) |
China (Shanghai) |
China East 2 Finance |
China (Qingdao) |
China (Beijing) |
China (Zhangjiakou) |
China (Hohhot) |
China (Shenzhen) |
China (Hong Kong) |
Singapore (Singapore) |
Australia (Sydney) |
Malaysia (Kuala Lumpur) |
Indonesia (Jakarta) |
Japan (Tokyo) |
Europe & Americas |
Germany (Frankfurt) |
UK (London) |
US (Silicon Valley) |
US (Virginia) |
Middle East & India |
India (Mumbai) |
UAE (Dubai) |