Help Center/ Host Security Service/ User Guide/ Installation and Configuration on Servers/ Agent Management/ Installing the Agent on a Server
Updated on 2025-09-29 GMT+08:00
View PDF
Share

Installing the Agent on a Server

Scenarios

The HSS agent is a piece of software installed on servers to exchange data between the servers and HSS, implementing security detection and protection. You can use the HSS only after installing the agent.

Step 1: Prepare the Installation Environment

  1. Ensure your server OS is supported by the agent. For more information, see the table in Supported OSs.

    The agent cannot be installed on the OSs that are not in the list.

  2. Ensure the server is running properly.

    The agent cannot be installed if the server is not running.

  3. Ensure the capacity of the disk where the agent is to be installed is greater than 300 MB.

    If the available space is less than 300 MB, the agent will fail to be installed. The agent installation path cannot be customized. The following default paths are used:

    • Linux: /usr/local/hostguard/
    • Windows: C:\Program Files\HostGuard

  4. Check whether mandatory ports are enabled in the server security group.

    • Huawei Cloud servers

      For servers in regions other than CN East 2 and CN Southwest-Guiyang1, ensure the outbound rule of your security group allows access to the port 10180 on the 100.125.0.0/16 network segment. (This is the default setting.) This port is used to communicate with the HSS server. For details about how to view and modify an outbound ECS security group rule, see Modifying a Security Group.

    • Third-party cloud servers

      Ensure the outbound rule of your security group allows access to port 10180 on the 100.125.0.0/16 CIDR block. (This is the default setting.) This port is used to communicate with the HSS server.

  5. Ensure the DNS address of the server is a private DNS server address on the Huawei Cloud.

    The agent cannot be downloaded to a private DNS server address outside Huawei Cloud.

    For details about how to view and change the DNS server address, see Modifying the DNS (on the Server) or Modifying the DNS Server Address (on the Console).

  6. Uninstall third-party security software.

    Third-party security software will probably be incompatible with the HSS agent and affects HSS protection. If third-party security software is installed on your servers, uninstall it before installing the HSS agent.

  7. (Optional) For a Linux server, disable the SELinux firewall.

    The SELinux firewall may disrupt agent installation. You can enable it after the agent is successfully installed.

  8. (Optional) For Windows, ensure Microsoft Office has been installed on the server and can open the .xlsx file.

Step 2: Install the Agent on Servers

HSS can protect Huawei cloud servers and third-party servers. For details about how to install the agent on the servers, see:

Related Operations

During the environment preparation before the installation, you may need to modify the security group and DNS. The procedures are as follows.

Modifying a Security Group

For Huawei Cloud servers, in regions other than CN East 2 and CN Southwest-Guiyang1, ensure the outbound rule of your security group allows access to the port 10180 on the 100.125.0.0/16 network segment. (This is the default setting.) This port is used to communicate with the HSS server. This section describes how to view and modify ECS security group rules.

  1. Log in to the management console and go to the Buy ECS page.
  2. Click in the upper left corner and select a region or project.
  3. In the ECS list, click the name of an ECS.
  4. On the ECS details page, click the Security Groups tab and click Manage Rule.
  5. Click the Outbound Rules tab and add a rule, as shown in Security group rules.

    Table 1 Security group rules

    Priority

    Action

    Type

    Protocol & Port

    Destination

    Description

    1

    Allow

    IPv4

    TCP

    10180

    100.125.0.0/16

    Communicates with the HSS server.

Modifying the DNS (on the Server)

When installing the agent, ensure the DNS server address is the Huawei Cloud private DNS server address. This section describes how to view and change the DNS server address on the server.

  • Linux server

    The following describes how to add the DNS server address to the resolv.conf file using Linux command lines.

    1. Log in to the server as user root.
    2. Run the following command to open the resolv.conf file:

      vi /etc/resolv.conf

    3. Run the following commands to add the DNS address:

      nameserver Huawei_Cloud_Private_DNS_server_address

      The private DNS server addresses vary depending on regions. For details, see Private DNS Server Address of Huawei Cloud.

      Take CN North-Beijing1 as an example. The complete commands are nameserver 100.125.1.250 and nameserver 100.125.21.250.

      Figure 1 Adding the DNS server address
    4. Press Esc, enter :wq, and press Enter to save the settings and exit.
  • Windows server

    The following describes how to use the Windows GUI to add the DNS server address.

    1. Log in to the server as the administrator.
    2. Choose Control Panel > Network and Sharing Center, and click Change adapter settings.
    3. Right-click the network in use and choose Properties from the shortcut menu.
    4. Double-click Internet Protocol Version 4 (TCP/IPv4).
    5. Select Use the following DNS server addresses and enter the Huawei Cloud private DNS server address.

      The private DNS server addresses vary depending on regions. For details, see Private DNS Server Address of Huawei Cloud.

Modifying the DNS Server Address (on the Console)

When installing the agent, ensure the DNS server address is the Huawei Cloud private DNS server address. This section uses an ECS as an example to describe how to log in to the console to view and modify DNS configurations.

  1. Log in to the management console and go to the Buy ECS page.
  2. Click in the upper left corner and select a region or project.
  3. In the ECS list, click the name of an ECS.
  4. On the Summary tab of the ECS details page, click the VPC name. The Virtual Private Cloud page is displayed.
  5. Locate the VPC and click the number in the Subnets column.
  6. Click the name of the subnet.

    In the Gateway and DNS Information area, view the DNS server addresses used by the ECS.

  7. In the Gateway and DNS Information area, click next to DNS Server Address.
  8. Change the DNS server addresses to the Huawei Cloud private DNS server addresses.

    The private DNS server addresses vary depending on regions. For details, see Private DNS Server Address of Huawei Cloud.

Parent Topic: Agent Management