Help Center> Host Security Service (New)> User Guide> Accessing HSS> Installing an Agent> Installing the Agent on Linux Servers in Batches
Updated on 2024-03-28 GMT+08:00

Installing the Agent on Linux Servers in Batches

HSS allows you to install agents on Linux servers in batches, preventing the installation from taking too much time. Agents cannot be installed on Windows servers in batches.

Prerequisite

  • The ECS is in the Running state and can access the Internet.
  • Ensure the outbound rule of your security group allows access to the port 10180 on the 100.125.0.0/16 network segment. (This is the default setting.)
  • The DNS server address of the cloud server has been set to the private DNS server address. For details, see Changing the DNS Server Address of an ECS and Private DNS Server Addresses.
  • The available capacity of the disk where the agent is installed must be greater than 300 MB. Otherwise, the agent installation may fail.
  • The Security-Enhanced Linux (SELinux) firewall has been disabled. The firewall affects agent installation and should remain disabled until the agent is installed.
  • If any third-party security software has been installed on your server, the HSS agent may fail to be installed. In this case, disable or uninstall the software before installing the agent.
  • The server supports SSH login.

Constraints

  • 64-bit Huawei Cloud servers and non-Huawei Cloud servers can be protected. 32-bit servers are no longer supported.
  • Mainstream OSs are supported. For details, see Supported OSs.
  • The HSS agent will be automatically installed on Workspace 23.6.0 or later. If your Workspace version is earlier than 23.6.0, you can manually install the agent by referring to this section.

Installation Path

The agent installation path on servers running on Linux cannot be customized. The default path is: /usr/local/hostguard/.

Installing the Agent on Linux Servers in Batches (One-Click on the Console)

Prerequisite

  • There is a server with an online agent in the VPC of the servers where the agent is to be installed. If there is no online agent server, install an agent on a server by referring to Installing the Agent on a Linux Server.
  • The accounts and passwords of all servers where the agent is to be installed are the same. You have obtained the account, port number, and password for logging in to the servers.

Constraints

You can install the agent on a maximum of 50 servers at a time.

Procedure

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  1. In the navigation pane, choose Asset Management > Servers & Quota. Click the Servers tab.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

  2. Select all target servers and click Install Agent above the server list.

    Figure 1 Batch installing agents

  3. Confirm the selected server information and click Next.

    Figure 2 Selected servers

  4. Enter the server root password and server login port.

    • The default system port is 22. To query the Linux SSH port, remotely log in to the target server and run the following command on the Linux server:
      cat /etc/ssh/sshd_config | grep Port
    • If the server password contains the character $, enter \$.

  5. Click OK. Agents will be automatically installed on the servers you selected.

    Agents will be automatically installed on the servers you selected in sequence. You can choose Asset Management > Servers & Quota and click the Servers tab to view agent status. If the Agent Status of a target server changes to Online, you can enable protection for the server.

Installing the Agent on Linux Servers in Batches (Using the CLI)

Prerequisite

You have obtained the account, port number, and password for logging in to the server.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page, select a region, and choose Security & Compliance > HSS to go to the HSS management console.
  3. In the navigation pane, choose Installation & Configuration.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

  4. Click the Agent Management tab.
  5. Click Add Asset from Other Cloud.

    Figure 3 Adding asset from other cloud

  6. In the displayed page, copy the batch installation command.

    Figure 4 Copying the batch installation command

  7. Remotely log in to the server where you plan to install the agent.

    After logging in to the server, run the following command to check whether the expect command exists on the server. If the expected command does not exist, configure the yum repository.

    /bin/expect -v

  8. Run the following command to access the /tmp directory:

    cd /tmp/

  9. Run the following command to create the linux-host-list.txt file and add the private IP addresses of the servers you want to install the agent to the file:

    • Command format 1: echo "IP address Portroot rootPassword" >> linux-host-list.txt

      Example: echo "127.8.10.8 22 root rootPassword" >> linux-host-list.txt

    • Command format 2: echo " IP address Port user userPassword rootPassword" >> linux-host-list.txt

      Example: echo "127.8.10.9 22 user userPassword rootPassword" >> linux-host-list.txt

    You can use either of the preceding command formats. To specify multiple IP addresses, write multiple commands, each in a separate line.

    Example:

    echo "127.8.10.1 22 root rootPassword" >> linux-host-list.txt

    echo "127.8.10.8 22 root rootPassword" >> linux-host-list.txt

    echo "127.8.10.3 22 root rootPassword" >> linux-host-list.txt

  10. Press Enter to save the IP address and run the following command to check whether the IP address is added:

    cat linux-host-list.txt

  11. Paste the copied installation command by 6 and run it as user root to install the agent on the servers.

    If information similar to the following is displayed, the agent is successfully installed:

    remote_install finished. [OK]

  12. Choose Installation and Configuration > Agents and check the agent status of the target server. If the agent is online, it is running properly.
  13. Run the following command to delete the linux-host-list.txt file to prevent password leakage:

    rm -rf linux-host-list.txt