Updated on 2022-12-29 GMT+08:00

Installing an Agent on the Linux OS

To enable workload protection for cloud servers, install the agent first.

This topic describes how to install the agent on a server running a Linux OS. For details about how to install an agent on the Windows OS, see Installing an Agent on the Windows OS.

  • WTP, CGS, and HSS share the same agent, so you only need to install the agent once on the same server.
  • CentOS 6.x versions are no longer updated or maintained on the Linux official website, and therefore no longer supported by HSS. If you need these versions, you can submit a service ticket for help.

Limitations and Constraints

HSS can protect both Huawei Cloud servers and non-Huawei Cloud servers.
  • Huawei Cloud server
    • You can manage cloud servers purchased on the Huawei Cloud console.
    • Only 64-bit cloud servers are supported.
    • Ensure you have purchased HSS in your server region and have used the installation package or installation command in the region to install HSS agents on your servers.
  • Non-Huawei Cloud server
    • You can manage servers purchased outside the Huawei Cloud console, or the Huawei Cloud servers that are not in your region.
    • Only 64-bit cloud servers are supported.
    • After the agent is installed, you can search for a server in the protected server list by the EIP of the server.
      • For better compatibility and service experience, you are advised to use Huawei Cloud servers.
      • Before installing the agent, clear application processes and configurations that may interfere with the installation on the servers to prevent installation failure.
      • Currently, you can install agents on non-Huawei Cloud servers only in Beijing1, Beijing 4, Shanghai 1, Shanghai 2, Guangzhou, Singapore, and Hong Kong regions.

Default Installation Path

The agent installation path on servers running the Linux OS cannot be customized. The default path is:

/usr/local/hostguard/

Server Types

You can install HSS on Huawei Cloud and non-Huawei Cloud servers. For details, see Table 1.

Table 1 Installing HSS for different servers

Server Type

Agent Installation Method

ECS

BMS

HECS

If the server and HSS quota are in the same region, use the method for installing agents on the Huawei Cloud servers described above.

If the server and HSS quota are in different regions, unsubscribe from the quota and purchase a quota in the region where the server is deployed.

Third-party cloud server

Use the method for installing agents on non-Huawei Cloud servers described above.

  • Currently, you can install agents on non-Huawei Cloud servers only in Beijing1, Beijing 4, Shanghai 1, Shanghai 2, Guangzhou, Singapore, and Hong Kong regions.
  • After the agent is installed on a server, the server will be displayed on the console. You can find it by searching for its IP address.

Offline server

  • For better compatibility and service experience, you are advised to use Huawei Cloud servers.
  • When installing the agent, clear application processes and configuration information that may interfere with the installation on the servers to prevent installation failure.

Prerequisites

  • To install the agent on a non-Huawei Cloud server, ensure the server runs Linux and can access the Internet.
  • The Security-Enhanced Linux (SELinux) firewall has been disabled. The firewall affects agent installation and should remain disabled until the agent is installed.

Installing an Agent Using Commands

This procedure involves logging in to the server and running commands. It takes 3 to 5 minutes for the console to update the agent status after agent installation.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service (New).

    Figure 1 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.
    • If cloud scan is not enabled or you access the HSS (New) console for the first time, the Enable Cloud Scan? dialog box is displayed. You are advised to select Enable cloud scan.
      • The cloud scan function is free of charge.
      • After the cloud scan function is enabled, all HSS servers will be scanned. Some HSS quota editions can support only limited scanning capabilities. Therefore, you are advised to purchase the enterprise edition or higher to enjoy all capabilities of the cloud scan function.
      Figure 2 Enabling cloud scan

  4. In the navigation pane, choose Installation & Configuration.
  5. Click the Agents tab. Click Offline. In the Operation column of a server, click Install Agent.

    Figure 3 Selecting a Linux server

  6. In the displayed dialog box, copy the command suitable for your system architecture and OS.

    Figure 4 Copying the command for installing the agent

  7. Remotely log in to the server where the agent is to be installed.

    • Huawei Cloud server
      • Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
      • If your server has an EIP bound, you can also use a remote management tool, such as PuTTY or Xshell, to log in to the server and install the agent on the server as user root.
    • Non-Huawei Cloud server

      Use a remote management tool (such as PuTTY or Xshell) to connect to the EIP of your server and remotely log in to your server.

  8. Paste the copied installation command and run it as user root to install the agent on the server.

    • If the installation package cannot be downloaded, check to ensure the DNS can resolve the domain name in the installation command.
    • To install the agent on a non-huawei Cloud server, ensure that the Org ID in the command exists. Otherwise, the agent status may be displayed as Not installed even if the installation succeeded.

    If information similar to the following is displayed, the agent is successfully installed:

    Preparing...                  ########################## [100%]
    1:hostguard                   ########################## [100%]
    Hostguard is running.
    Hostguard installed.

  9. Run the service hostguard status command to check the running status of the agent.

    If the following information is displayed, the agent is running properly:

    Hostguard is running

Follow-Up Procedure