Updated on 2023-02-16 GMT+08:00

Installing an Agent on the Linux OS

You can enable HSS only after the HSS agent is installed on your servers. This topic describes how to install the agent on a server running a Linux OS. For details about installation on the Windows OS, see Installing an Agent on the Windows OS.

WTP and HSS can use the same agent on a server.

The agent status will be refreshed 5 to 10 minutes after it is installed. You are advised to restart the server before enabling HSS.

Prerequisites

  • An EIP has been bound to the offline server where the agent is to be installed.
  • The online server where the agent is to be installed must be able to communicate with the network segment. The security group of your server must allow outbound access to port 443 on the 100.125.0.0/16 network segment.
  • A remote management tool, such as Xftp, SecureFX, and WinSCP, has been installed on your PC.
  • The Security-Enhanced Linux (SELinux) firewall has been disabled. The firewall affects agent installation and should remain disabled until the agent is installed.

Constraints

  • Huawei Cloud servers

    Ensure you have purchased HSS in your server region and have used the installation package or installation command in the region to install HSS agents on your servers. If the server and HSS quota are in different regions, unsubscribe from the quota and purchase a quota in the region where the server is deployed.

  • Non-Huawei Cloud servers
    • So far, HSS can be installed on non-HUAWEI CLOUD servers only in the CN-Hong Kong region.
    • For non-Huawei Cloud servers to access HSS, the servers need to access Huawei Cloud first. After the agent is installed on a server, the server will be displayed on the console. You can find it by searching for its IP address.
      • For better compatibility and service experience, you are advised to use Huawei Cloud servers.
      • If a piece of third-party security software, such as McAfee, has been installed on your server, stop the software and clear its configuration before installing an HSS agent to avoid installation failures.

Impact on the System

The HSS agent does not affect server running. The agent runs scan tasks to scan all servers, monitors server security, and reports collected server information to the cloud protection center. Servers without the agent cannot be protected by HSS. The console does not display system vulnerabilities, baseline risks, intrusion events, or security reports on these servers.

Default Installation Path

The agent installation path on servers running the Linux OS cannot be customized. The default path is:

/usr/local/hostguard/

Installing an Agent Using Commands

This procedure involves logging in to the server and running commands. It takes 3 to 5 minutes for the console to update the agent status after agent installation.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane on the left, choose Installation and Configuration. On the Install Agent tab, copy the required installation command.

    Figure 1 Copying the command for installing the agent

  4. Remotely log in to the server where the agent is to be installed.

    • HUAWEI CLOUD server
      • Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
      • If your server has an EIP bound, you can also use a remote management tool, such as Xftp, SecureFX, or WinSCP, to log in to the server and install the agent on the server as user root.
    • Non-HUAWEI CLOUD server

      Use Xftp, SecureFX, or WinSCP to log in to the server for installing the agent as user root.

  5. Paste the copied installation command and press Enter to install the agent on the server.

    If information similar to the following is displayed, the agent is successfully installed:

    Preparing...                  ########################## [100%]
    1:hostguard                   ########################## [100%]
    Hostguard is running.
    Hostguard installed.

  6. Run the service hostguard status command to check the running status of the agent.

    If the following information is displayed, the agent is running properly:

    Hostguard is running

    It takes 3 to 5 minutes for the console to update the agent status after agent installation.

(For Huawei Cloud Servers) Installing an Agent Using an Installation Package

Download the agent installation package, upload it to the server where the agent is to be installed, and run the installation command on the server to install the agent.

  1. Log in to the management console.
  2. In the navigation pane on the left, choose Installation and Configuration. On the Install Agent tab, download the agent package.

    Figure 2 Downloading the agent installation package

  3. Download the agent to be installed based on the server OS version.
  4. Use a file transfer tool, such as Xftp, SecureFX, or WinSCP, to upload the agent installation package to the server.
  5. Remotely log in to the server where the agent is to be installed.

    • Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
    • If your server has an EIP bound, you can also use a remote management tool, such as Xftp, SecureFX, or WinSCP, to log in to the server and install the agent on the server as user root.

  6. Run cd Installation_package_directory to access the directory.
  7. Run the following command to install the agent on the server:

    • For an .rpm package, run rpm -ivh Package_name.

      To forcibly install the agent, run the rpm -ivh --force Package_name command.

    • For a .deb package, run dpkg -i Package_name.
      If information similar to the following is displayed, the agent is successfully installed:
      Preparing...                  ########################## [100%]
      1:hostguard                   ########################## [100%]
      Hostguard is running.
      Hostguard installed.

  8. Run the service hostguard status command to check the running status of the agent.

    If the following information is displayed, the service is running properly:

    Hostguard is running

    It takes 3 to 5 minutes for the console to update the agent status after agent installation.

Follow-Up Procedure