A server can be protected by Security Center only after the Security Center agent is installed on the server. This topic describes how the Security Center agent works. This topic also provides information about the processes of the Security Center agent and supported operating systems and kernel versions.
How the Security Center agent works
The Security Center agent automatically sends connection information about the agent to the Security Center server in real time.
If the Security Center server does not receive information from the agent in 12 hours, the Security Center server considers that the server on which the agent runs is offline. Then, the Security Center server changes the security status of the server to Unprotected in the console.
Agent processes
On a Linux server, the root
user is used to run the processes of the Security Center agent. On a Windows server,
the system
user is used.
File in the installation path of the Security Center agent | Description | Time at which the file is downloaded | Path in which the file is stored |
---|---|---|---|
aegis_client |
The main process in the file is AliYunDun , which is used to establish a connection with the Security Center server.
|
After you install the Security Center agent on your server, the aegis_client file is downloaded to the server.
Note Before you can delete this file, you must go to the General tab of the Settings page and turn off Defense Mode in the Client Protection section. If Defense Mode
is turned on, you cannot uninstall the Security Center agent or delete the files of
the agent.
|
|
aegis_update |
The main process in the file is AliYunDunUpdate , which is used to regularly check whether the Security Center agent needs to be updated.
|
After you install the Security Center agent on your server, the aegis_update file is downloaded to the server.
|
|
AliSecGuard |
The file is used to implement attack prevention. | After you turn on Defense Mode in the Client Protection section on the General tab
of the Settings page, the AliSecGuard file is downloaded to your server.
|
|
AliNet |
The file is used to defend your server against network attacks. | After you turn on Behavior prevention in the Proactive Defense section on the General
tab of the Settings page, the AliNet file is downloaded to your server.
|
|
AliWebGuard |
The file is used to implement web tamper proofing. | After you purchase web tamper proofing on the buy page, the AliWebGuard file is downloaded to your server.
|
|
AliHips |
The file is used to defend against viruses and trojans. | After you turn on Anti-Virus, Anti-ransomware (Bait Capture), or Webshell Protection
in the Proactive Defense section on the General tab of the Settings page, the AliHips file is downloaded to your server.
|
|
globalcfg |
The file is used to store the configuration file of the Security Center agent. | After you install the Security Center agent on your server, the globalcfg file is downloaded to your server.
|
|
PythonLoader |
The file is used to store processes that are related to the baseline check and vulnerability
fixing features of Security Center. The main process in the file is AliSecureCheck . The related child processes are called when you perform baseline checks or vulnerability
detection.
|
After you perform baseline checks or vulnerability detection on your server, the PythonLoader file is downloaded to your server.
|
|
Supported operating systems of the Security Center agent
Supported operating system | Supported operating system version |
---|---|
Windows |
|
Linux |
|
Supported operating systems and kernel versions of the AliNet file
Supported operating system | Supported operating system version | Supported kernel version |
---|---|---|
Windows (64-bit) |
|
All versions of 64-bit kernels |
CentOS (64-bit) |
|
|
Ubuntu (64-bit) |
|
|
Anolis (64-bit) |
|
|
Alibaba Cloud Linux (64-bit) |
|
|
Supported operating systems and kernel versions of the AliSecGuard file
Supported operating system | Supported operating system version | Supported kernel version |
---|---|---|
Windows (64-bit) |
|
All versions of 64-bit kernels |
CentOS (64-bit) |
|
|
Ubuntu (64-bit) |
|
|
Alibaba Cloud Linux (64-bit) | Alibaba Cloud Linux 2.1903 |
|
Supported operating systems and kernel versions of the AliHips file
Supported operating system | Supported operating system version | Supported kernel version |
---|---|---|
Windows (64-bit) |
|
All versions of 64-bit kernels |
CentOS (64-bit) |
|
|
Ubuntu (64-bit) |
|
|
Alibaba Cloud Linux (64-bit) |
|
|
Supported operating systems and kernel versions of the AliWebGuard file
Operating system | Operating system version | Supported kernel version |
---|---|---|
Windows (32-bit or 64-bit) |
|
All versions |
CentOS (64-bit) |
|
|
|
|
|
Ubuntu (64-bit) |
|
|
Alibaba Cloud Linux (64-bit) | Alibaba Cloud Linux 2.1903 |
|
Operating systems and versions supported by anti-ransomware for servers
Operating system | Supported version |
---|---|
Windows | 7, 8, and 10 |
Windows Server | 2008 R2, 2012, 2012 R2, 2016, and 2019 |
Red Hat Enterprise Linux (RHEL) | 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8, 8.1, and 8.2 |
CentOS | 6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3 |
Ubuntu | 14.04, 16.04, 18.40, and 20.04 |
SUSE Linux Enterprise Server | 11, 12, and 15 |
Database versions and operating system versions supported by anti-ransomware for databases
Database type | Supported database version | Supported operating system version |
---|---|---|
Oracle | 9i | SUSE 9.3, RHEL 4, RHEL 5, SLES 9, and CentOS 4.5 |
10g | RHEL 9, RHEL 4, RHEL 5, CentOS 4.6, SUSE 11 SP4, and RHEL 6.5 | |
11g | RHEL 5, RHEL 6, CentOS 6.4, RHEL 6.5, CentOS 6.5, Oracle Enterprise Linux 6.7, RHEL 7, Windows Server 2008 R2, Windows Server 2012 R2, and RHEL 6.0 | |
12c | Windows Server 2008 R2, RHEL 6.5, RHEL 6.5, and RHEL 7.5 | |
18c | RHEL 7.0 and Windows Server 2008 R2 | |
19c | Oracle Enterprise Linux 7.0 | |
Oracle RAC | 9i | SUSE 9.3 and RHEL |
10g | RHEL 5 and Windows Server 2008 R2 | |
11g | Windows Server 2008 R2, RHEL 5, Oracle Enterprise Linux 6.4, RHEL 6.5, and iSoft Server OS V3.0 | |
12c | CentOS 6, RHEL 6.5, Windows Server 2008 R2, CentOS 6.7, and Oracle Enterprise Linux 6 | |
18c | Windows Server 2008 R2 | |
19c | RHEL 7.6 | |
Oracle Data Guard | 11g | CentOS 6.4, CentOS 6.5, RHEL 6, and Windows Server 2008 R2 |
12c | Oracle Enterprise Linux 6 | |
MySQL | 5.0 | RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 12.10, SLES 10, SUSE 11 SP4, Ubuntu 11.10, and Neokylin 6.0 |
5.1 | RHEL 6.5, SUSE 11 SP4, RHEL 6.5, and RHEL 6.0 | |
5.4 | RHEL 6.5 and SUSE 11 SP4 | |
5.5 | Ubuntu 12.04, Ubuntu 14.04, Debian 7.8, Debian 8.3, CentOS 6.0, and RHEL 6.5 | |
5.6 | RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 14.04, CentOS 6.0, and CentOS 7.2 | |
5.7 | RHEL 6.0, RHEL 7.0, CentOS 7.0, RHEL 6.5, Ubuntu 16.04, CentOS 7.2, RHEL 7.0, and NeoKylin 7.0 | |
8.0 | CentOS 6.7, RHEL 6.5, and CentOS 7.0 | |
Microsoft SQL Server | 2005 | Windows Server 2008 R2 Service Pack 1 |
2008 | Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1 | |
2008 R2 | Windows Server 2008 R2 | |
2012 | Windows Server 2012 RC | |
2014 | Windows Server 2008 R2 Service Pack 1 and Windows Server 2016 | |
2016 (RTM) | Windows Server 2012 R2 | |
2017 | Windows Server 2012 and Windows Server 2016 | |
2019 | Windows Server 2016 | |
SQL Server AlwaysOn | 2012, 2016, and 2017 | Windows Server 2012 R2 |