Install the Security Center agent - Security Center - Alibaba Cloud Documentation Center

Security Center protects servers by using the Security Center agent. Before you can use Security Center to protect your server, you must install the Security Center agent on your server. Your server is protected by Security Center and the information about the server is displayed in the Security Center console only after the Security Center agent is installed on your server. The information includes vulnerabilities, alerts, baseline risks, and asset fingerprints. This topic describes how to install the Security Center agent on a server.

View the servers on which the Security Center agent is not installed

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose System Configuration > Feature Settings.
On the Agent > Agent Not Installed tab, view the number and list of servers on which the Security Center agent is not installed.

Note

You cannot install the Security Center agent on a server that belongs to a different account. If you want to use Security Center to protect cross-account resources, we recommend that you use the multi-account management feature. For more information, see Use the multi-account management feature.

Initiate automatic installation on ECS instances

Prerequisites

Before you initiate automatic installation, make sure that your server meets the following requirements:

Your server is an Elastic Compute Service (ECS) instance. The Security Center agent cannot be automatically installed on servers that are not deployed on Alibaba Cloud. You must manually install the agent on these servers. For more information, see Manually install the Security Center agent.
Your server has Cloud Assistant installed. If Cloud Assistant is not installed on your server, you must install Cloud Assistant on your server. Then, you can initiate automatic installation to install the Security Center agent.
Your server is running, and the network connection of your server is normal.
Your server is deployed in a virtual private cloud (VPC).
Third-party security software installed on your server is disabled or no third-party security software is installed on your server. If third-party software on your server is enabled, the Security Center agent may fail to install.

Your ECS instance resides in a region that supports automatic installation. If your ECS instance is not deployed in one of the following regions, you cannot install the Security Center agent on your instance with a few clicks.

Regions that support automatic installation

Region category	Region
Asia Pacific	China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Hong Kong), and China East 2 Finance Singapore, Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), and Japan (Tokyo)
Europe & Americas	Germany (Frankfurt), UK (London), US (Silicon Valley), and US (Virginia)
Middle East & India	India (Mumbai) and UAE (Dubai)

Procedure

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose System Configuration > Feature Settings.
On the Agent > Agent Not Installed tab, find a server on which you want to install the agent and click Install the client in the Actions column.
You can select multiple servers and click Install the client.
Approximately 5 minutes after the agent is installed, you can view the status of the Security Center agent on the Assets > Host > Server tab. If the Security Center agent is installed on the server, the icon is displayed in the Agent column of the server. If the agent is not installed, the icon is displayed in the column.

Manually install the Security Center agent

If your server does not meet the requirements for automatic installation of the Security Center agent, you can manually install the Security Center agent on the server or install the Security Center agent on multiple servers at a time by creating an image.

Important

If you have installed the Security Center agent on the server, uninstall the Security Center agent from the server and delete the existing files in the installation directory of the Security Center agent. For more information about how to uninstall the Security Center agent, see Uninstall the Security Center agent.

The default directory of the Security Center agent varies based on the operating systems:

Windows: C:\Program Files (x86)\Alibaba\Aegis
Linux: /usr/local/aegis

If you manually install the Security Center agent on your server, you must download the latest version of the Security Center agent from Alibaba Cloud. If you use a server that is not deployed on Alibaba Cloud, make sure that the server is connected to the Internet.

Manually install the Security Center agent on a server

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose System Configuration > Feature Settings.

On the Agent > Installation Command tab, view the command that is required to manually install the Security Center agent.

Use a default command
Security Center provides default commands for ECS instances and servers to which the External host tag is added. You can copy a default installation command based on the type and operating system of your server. Then, run the installation command by using the administrator account to install the Security Center agent on your server.
Note
A server on which the Security Center agent is installed by using a default installation command is not added to a server group. You can manually add the server to a server group after you install the Security Center agent on the server. For more information, see Manage servers.

Create an installation command

If you want to create an image command or you want Security Center to add the server on which an installation command is run to a specified server group, you can perform the following operations to create an installation command:

Click Add Installation Command. In the Add Installation Command dialog box, configure the parameters and click OK. Then, view and copy the installation command that is created on the Installation Command tab. The following table describes the parameters.

Parameter	Description
Expiration Time	Specify the time when the installation command expires.
Service Provider	Select the provider of your server from the drop-down list.
Default grouping	Select the server group for your server on which you want to install the Security Center agent.
System	Select the operating system for your server on which you want to install the Security Center agent.
Making Image System	Select No to install the Security Center agent on a single server. If you want to use an image to install the Security Center agent on multiple servers at a time, select Yes. For more information about how to install the Security Center agent on multiple servers at a time, see Install the Security Center agent on multiple servers by creating an image.
Select Proxy	Specify whether to add the server to Security Center by using the proxy access feature. Valid values: Do Not Access Proxy Self-managed Proxy Cluster: You can select this option to add a server that is inaccessible over the Internet to Security Center for protection by using the proxy access feature. If you select this option, you must select a proxy cluster. For more information about how to use the proxy access feature, see Use the proxy access feature.

Log on to the server by using an account that has administrative rights and run the installation command based on the operating system of the server.
- Windows: Open the Command Prompt window and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded to and installed on the server.
- Linux: Open the CLI of the server and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded to and installed on the server.

Install the Security Center agent on multiple servers by creating an image

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose System Configuration > Feature Settings.
On the Installation Command tab of the Agent tab, click Add Installation Command.

In the Add Installation Command dialog box, configure the parameters and click OK to create an installation command.

Parameter	Description
Expiration Time	Specify the time when the installation command expires.
Service Provider	Select the provider of your server from the drop-down list.
Default grouping	Select the server group on which the installation command can be run.
System	Select the operating system of your server.
Making Image System	Select Yes.

Copy the installation command and add the latest version number -v=11_62 of the Security Center agent to the installation command. The setting varies based on the operating system of the server.
- Windows: powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://aegis.alicdn.com/download/install/2.0/windows/AliAqsInstall.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\AliAqsInstall.exe'))"; "./AliAqsInstall.exe -i -v=11_62 -k=IMAGEwH****"
- Linux: wget "https://aegis.alicdn.com/download/install/2.0/linux/AliAqsInstall.sh" && chmod +x AliAqsInstall.sh && ./AliAqsInstall.sh -i -v=11_62 -k=IMAGE19****
Log on to the server by using an account that has administrative rights and run the installation command after modification on the server.
- Windows: Open the Command Prompt window and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded to and installed on the server.
- Linux: Open the CLI of the server and run the installation command that you copied. Then, the installation package of the Security Center agent is downloaded to and installed on the server.
After you run the installation command on the server, the installation package of the Security Center agent is downloaded. After the agent is installed, you can create an image for the operating system of the server. Then, you can use the image as a template to install the Security Center agent on multiple servers at a time. After you create the image, you must restart the server. This way, you can start the processes of the Security Center agent to enable Security Center to protect the server. In this case, the installation command is also referred to as an image command. For more information about the image command, see the "Install the Security Center agent on multiple servers by creating an image" section of this topic.
After the Security Center agent is installed, shut down the server as prompted and create an image for the operating system of the server.
Important
- You cannot restart the server until the image is created. Otherwise, the image becomes invalid.
- If you want to create an image for the operating system of the same server multiple times, you must perform all the steps provided in Install the Security Center agent on multiple servers by creating an image each time you create the image.
- After you run the image command, the AliYunDun and AliYunDunUpdate processes are not started on the server, and the Security Center agent is not in the Online state. You must restart the server. Then, the status of the Security Center agent is updated to Online.
After you create the image for the operating system of the server, restart the server.
After the server is restarted, the status of the Security Center agent on the server changes to Online.

Check whether the Security Center agent is installed

After the Security Center agent is installed on a server, Security Center downloads the agent-related files to the server and starts the processes of the Security Center agent. You can check whether the Security Center agent is installed by viewing the status of the processes or the Security Center agent in the console.

Method 1: Verify the processes of the Security Center agent

After the Security Center agent is installed on a server, you can check whether the processes of the Security Center agent are running as expected and whether the server is connected to Security Center. If yes, the Security Center agent is successfully installed.

Check whether the AliYunDun and AliYunDunUpdate processes of the Security Center agent are running as expected on your server. For more information about the processes of the Security Center agent, see Security Center agent.
Run the following telnet commands to check whether your server can connect to Security Center:
Note
Make sure that your server can connect to at least one of the following JSRV domain names and one of the following update domain names. JSRV domain names are used to issue instructions such as vulnerability detection and virus detection, and update domain names are used to download and update the Security Center agent.
- telnet jsrv.aegis.aliyun.com 443/80
- telnet jsrv2.aegis.aliyun.com 443/80
- telnet jsrv3.aegis.aliyun.com 443/80
- telnet update.aegis.aliyun.com 443/80
- telnet update2.aegis.aliyun.com 443/80
- telnet update3.aegis.aliyun.com 443/80

Method 2: Verify the installation in the Security Center console

Approximately 5 minutes after the Security Center agent is installed, you can check whether the agent of the server is online on the Host page of the Security Center console. If the following conditions are met, the agent is online:

The icon in the Agent column changes from to .
Servers that are not deployed on Alibaba Cloud are added to the server list, and the icon in the Agent column changes from to .
Important
The information about servers that have the Security Center agent installed is automatically synchronized every minute to the Security Center console. Due to network latency, the information about a server that is not deployed on Alibaba Cloud and has the Security Center agent installed may not be immediately displayed on the Host page. In this case, you must click Synchronize Asset to manually synchronize the server information. For more information, see Synchronize the information about the most recent servers.

If the verification does not pass, check whether the agent is offline. For more information, see Troubleshoot why the Security Center agent is offline.