A server can be protected by Security Center only after the Security Center agent is installed on the server. This topic describes how the Security Center agent works. This topic also provides information about the processes of the Security Center agent and the supported operating systems and kernel versions.
How the Security Center agent works
The Security Center agent automatically sends connection information about the agent to Security Center in real time.


- Security Center detects that the communication between Security Center and the Security Center agent is abnormal. For example, network exceptions occur, the process of the Security Center agent is unexpectedly stopped, or the Security Center agent is uninstalled.
- Security Center does not receive information such as logon information or collected data from the Security Center agent in 10 hours.
Agent processes
On a Linux server, the root
user is used to run the processes of the Security Center agent. On a Windows server, the Administrator
is used.
- To avoid exceptions on the Security Center agent, we recommend that you do not delete the files or main processes listed in the following table from your server.
- After the Security Center agent is installed, the server automatically downloads the
aegis_client
andaegis_update
files and starts theAliYunDun
andAliYunDunUpdate
processes. The server downloads and starts other files and processes listed in the following table only after you enable related features. Therefore, you need to pay attention to the files and processes only after the related features are enabled.For example, if you enable the client protection feature, Security Center downloads the
AliSecGuard
file and starts the corresponding process on your server. If you do not enable the feature, Security Center does not download the file or start the corresponding process.
File in the installation directory of the Security Center agent | Description | Time at which the file is downloaded | Path to the file |
---|---|---|---|
aegis_client | The main process in the file is AliYunDun , which is used to establish a connection with the Security Center server. | After you install the Security Center agent on your server, the aegis_client file is downloaded to the server. Note Before you can delete this file, you must turn off Defense mode in the Client Protection section. If Defense mode is turned on, you cannot uninstall the Security Center agent or delete the files of the agent. For more information about how to disable the client protection feature, see Client Protection. |
|
The main process in the file is AliYunDunMonitor , which is used to monitor and check the security of servers. | |||
aegis_update | The main process in the file is AliYunDunUpdate , which is used to regularly check whether the Security Center agent needs to be updated. | After you install the Security Center agent on your server, the aegis_update file is downloaded to the server. |
|
AliSecGuard | The file is used to implement attack prevention. | After you turn on Defense mode in the Client Protection section, the AliSecGuard file is downloaded to your server. For more information about the client protection feature, see Client Protection. |
|
AliNet | The file is used to defend your server against network attacks. | After you turn on Behavior prevention in the Proactive Defense section, the AliNet file is downloaded to your server. For more information about the behavior prevention feature, see Proactive Defense. |
|
AliWebGuard | The file is used to implement web tamper proofing. | After you purchase web tamper proofing on the buy page, the AliWebGuard file is downloaded to your server. |
|
AliHips | The file is used to defend against viruses and trojans. | After you turn on Anti-Virus, Anti-ransomware (Bait Capture), or Webshell Protection on the Feature Settings page, the AliHips file is downloaded to your server. |
|
globalcfg | The file is used to store the configuration file of the Security Center agent. | After you install the Security Center agent on your server, the globalcfg file is downloaded to your server. |
|
PythonLoader | The file is used to store processes that are related to the baseline check and vulnerability fixing features of Security Center. The main process in the file is AliSecureCheck . The related child processes are called when you perform baseline checks or vulnerability detection. | After you perform baseline checks or vulnerability detection on your server, the PythonLoader file is downloaded to your server. |
|
Supported operating systems of the Security Center agent
Supported operating system | Supported operating system version |
---|---|
Windows |
|
Linux |
|
Supported operating systems and kernel versions of the AliNet file
Supported operating system | Supported operating system version | Supported kernel version |
---|---|---|
Windows (64-bit) |
| All versions of 64-bit kernels |
CentOS (64-bit) |
|
|
Ubuntu (64-bit) |
|
|
Anolis (64-bit) |
|
|
Alibaba Cloud Linux (64-bit) |
|
|
Supported operating systems and kernel versions of the AliSecGuard file
Supported operating system | Supported operating system version | Supported kernel version |
---|---|---|
Windows (64-bit) |
| All versions of 64-bit kernels |
CentOS (64-bit) |
|
|
Ubuntu (64-bit) |
|
|
Alibaba Cloud Linux (64-bit) | AliyunLinux 2.1903 |
|
Supported operating systems and kernel versions of the AliHips file
Supported operating system | Supported operating system version | Supported kernel version |
---|---|---|
Windows (64-bit) |
| All versions of 64-bit kernels |
CentOS (64-bit) |
|
|
Ubuntu (64-bit) |
|
|
Alibaba Cloud Linux (64-bit) |
|
|
Supported operating systems and kernel versions of the AliWebGuard file
Operating system | Operating system version | Kernel version |
---|---|---|
Windows (32-bit or 64-bit) | Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019 | All versions |
CentOS (64-bit) |
|
|
|
| |
Ubuntu (64-bit) | Ubuntu 14.04 |
|
Ubuntu 16.04 |
| |
Ubuntu 18.04 |
| |
Ubuntu 20.04 |
| |
Anolis OS (64-bit) |
|
|
RHEL |
|
|
Alibaba Cloud Linux (64-bit) |
|
|
Operating systems and versions supported by anti-ransomware for servers
Operating system | Supported version |
---|---|
Windows | 7, 8, and 10 |
Windows Server | 2008 2008 R2, 2012, 2012 R2, 2016, and 2019 |
Red Hat Enterprise Linux (RHEL) | 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8.0, 8.1, and 8.2 |
CentOS | 6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3 |
Ubuntu | 14.04, 16.04, 18.04, and 20.04 |
SUSE Linux Enterprise Server | 11, 12, and 15 |
Database versions and operating system versions supported by anti-ransomware for databases
Database type | Supported database version | Supported operating system version |
---|---|---|
Oracle | 9i | SUSE 9.3, RHEL 4, RHEL 5, SLES 9, and CentOS 4.5 |
10g | RHEL 9, RHEL 4, RHEL 5, CentOS 4.6, SUSE 11 SP4, and RHEL 6.5 | |
11g | RHEL 5, RHEL 6, CentOS 6.4, RHEL 6.5, CentOS 6.5, Oracle Enterprise Linux 6.7, RHEL 7, Windows Server 2008 R2, Windows Server 2012 R2, and RHEL 6.0 | |
12c | Windows Server 2008 R2, RHEL 6.5, RHEL 6.5, and RHEL 7.5 | |
18c | RHEL 7.0 and Windows Server 2008 R2 | |
19c | Oracle Enterprise Linux 7.0 | |
Oracle RAC | 9i | SUSE 9.3 and RHEL |
10g | RHEL 5 and Windows Server 2008 R2 | |
11g | Windows Server 2008 R2, RHEL 5, Oracle Enterprise Linux 6.4, RHEL 6.5, and iSoft Server OS V3.0 | |
12c | CentOS 6, RHEL 6.5, Windows Server 2008 R2, CentOS 6.7, and Oracle Enterprise Linux 6 | |
18c | Windows Server 2008 R2 | |
19c | RHEL 7.6 | |
Oracle Data Guard | 11g | CentOS 6.4, CentOS 6.5, RHEL 6, and Windows Server 2008 R2 |
12c | Oracle Enterprise Linux 6 | |
MySQL | 5.0 | RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 12.10, SLES 10, SUSE 11 SP4, Ubuntu 11.10, and Neokylin 6.0 |
5.1 | RHEL 6.5, SUSE 11 SP4, RHEL 6.5, and RHEL 6.0 | |
5.4 | RHEL 6.5 and SUSE 11 SP4 | |
5.5 | Ubuntu 12.04, Ubuntu 14.04, Debian 7.8, Debian 8.3, CentOS 6.0, and RHEL 6.5 | |
5.6 | RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 14.04, CentOS 6.0, and CentOS 7.2 | |
5.7 | RHEL 6.0, RHEL 7.0, CentOS 7.0, RHEL 6.5, Ubuntu 16.04, CentOS 7.2, RHEL 7.0, and NeoKylin 7.0 | |
SQL Server | 2005 | Windows Server 2008 R2 SP1 |
2008 | Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1 | |
2008 R2 | Windows Server 2008 R2 | |
2012 | Windows Server 2012 RC | |
2014 | Windows Server 2008 R2 Service Pack 1 and Windows Server 2016 | |
2016 (RTM) | Windows Sever 2012 R2 | |
2017 | Windows Server 2012 and Windows Server 2016 | |
2019 | Windows Server 2016 | |
SQL Server Always On | 2012, 2016, and 2017 | Windows Sever 2012 R2 |