A server can be protected by Security Center only after the Security Center agent is installed on the server. This topic describes how the Security Center agent works. This topic also provides information about the processes of the Security Center agent and the supported operating systems and kernel versions.
How the Security Center agent works
The Security Center agent automatically sends connection information about the agent to Security Center in real time.
In the following scenarios, Security Center considers that a server on which the Security Center agent runs is offline and changes the status of the agent from (online) to
(offline) in the Security Center console:
Security Center detects that the communication between Security Center and the Security Center agent is abnormal. For example, network exceptions occur, the process of the Security Center agent is unexpectedly stopped, or the Security Center agent is uninstalled.
Security Center does not receive information such as logon information or collected data from the Security Center agent in 10 hours.
Agent processes
On a Linux server, the root
user is used to run the processes of the Security Center agent. On a Windows server, the SYSTEM
user is used.
The following table describes the files in the installation directory of the Security Center agent and the main processes in the files.
To avoid exceptions on the Security Center agent, we recommend that you do not delete the files or main processes listed in the following table from your server.
After the Security Center agent is installed, the server automatically downloads the
aegis_client
andaegis_update
files and starts theAliYunDun
andAliYunDunUpdate
processes. The server downloads and starts the other files and processes listed in the following table only after you enable related features. Therefore, you need to pay attention to the files and processes only after the related features are enabled.For example, if you enable the client protection feature, Security Center downloads the
AliSecGuard
file and starts the corresponding process on your server. If you do not enable the feature, Security Center does not download the file or start the corresponding process.
File in the installation directory of the Security Center agent | Description | Time at which the file is downloaded | Path to the file |
| The main process in the file is | After you install the Security Center agent on your server, the Note Before you can delete this file, you must turn off Defense mode in the Client Protection section. If Defense mode is turned on, you cannot uninstall the Security Center agent or delete the files of the agent. For more information about how to disable the client protection feature, see Client Protection. |
|
The main process in the file is | |||
| The main process in the file is | After you install the Security Center agent on your server, the |
|
| The file is used to implement attack prevention. | After you turn on Defense mode in the Client Protection section, the |
|
| The file is used to defend your server against network attacks. | After you turn on Behavior prevention, the |
|
| The file is used to implement web tamper proofing. | After you purchase web tamper proofing on the buy page, the |
|
| The file is used to defend against viruses and trojans. | After you turn on , Anti-ransomware (Bait Capture), or Webshell Protection on the Feature Settings page, the |
|
| The file is used to store the configuration file of the Security Center agent. | After you install the Security Center agent on your server, the |
|
| The file is used to store processes that are related to the baseline check and vulnerability fixing features of Security Center. The main process in the file is | After you perform baseline checks or vulnerability detection on your server, the |
|
Supported operating systems of the Security Center agent
Supported operating system | Supported operating system version |
Windows (32-bit and 64-bit) |
|
Linux (64-bit) |
|
Supported operating systems and kernel versions of the AliNet file
The following table describes the supported operating system versions and kernel versions of the AliNet plug-in. A server can use the AliNet plug-in to defend against network-side attacks only if both the operating system version and kernel version of the server are supported.
Supported operating system | Supported operating system version | Supported kernel version |
Windows (64-bit) |
| All versions of 64-bit kernels |
CentOS (64-bit) | Unlimited | |
Ubuntu (64-bit) | Unlimited | |
Anolis (64-bit) | Unlimited | |
Alibaba Cloud Linux (64-bit) | Unlimited | |
RHEL | Unlimited |
Supported operating systems and kernel versions of the AliSecGuard file
The following table describes the supported operating system versions and kernel versions of the AliSecGuard plug-in. A server can use the AliSecGuard plug-in to defend against attacks only if both the operating system version and kernel version of the server are supported.
Supported operating system | Supported operating system version | Supported kernel version |
Windows (64-bit) |
| All versions of 64-bit kernels |
CentOS (64-bit) |
| |
Ubuntu (64-bit) |
| |
Alibaba Cloud Linux (64-bit) | Alibaba Cloud Linux 2.1903 | |
Anolis (64-bit) | Unlimited | |
RHEL (64-bit) | Unlimited | 3.10.0-1160.42.2.el7.x86_64 |
Supported operating systems and kernel versions of the AliHips file
The following table describes the supported operating system versions and kernel versions of the AliHips plug-in. A server can use the AliHips plug-in to defend against viruses and trojans only if both the operating system version and kernel version of the server are supported.
Supported operating system | Supported operating system version | Supported kernel version |
Windows (64-bit) |
| All versions of 64-bit kernels |
CentOS (64-bit) | Unlimited | |
Ubuntu (64-bit) | Unlimited | |
Alibaba Cloud Linux (64-bit) | Unlimited | |
Anolis (64-bit) | Unlimited | |
RHEL (64-bit) | Unlimited |
Supported operating systems and kernel versions of the AliWebGuard file
The following table describes the supported operating system versions and kernel versions of the AliWebGuard plug-in. A server can use the whitelist of web tamper proofing provided by the AliWebGuard plug-in only if both the operating system version and kernel version of the server are supported.
Operating system | Operating system version | Kernel version |
Windows (32-bit or 64-bit) | Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019 | All versions |
CentOS (64-bit) | Unlimited | |
Ubuntu (64-bit) | Unlimited | |
Anolis OS (64-bit) | Unlimited | |
RHEL | Unlimited |
|
Alibaba Cloud Linux (64-bit) | Unlimited |