Updated on 2025-09-29 GMT+08:00

Installing the Agent on an Independent Node

Scenarios

The HSS agent is a piece of software installed on servers to exchange data between the servers and HSS, implementing security detection and protection. You can use the HSS only after installing the agent.

Prerequisites

There is at least one node with an online agent in the VPC of the nodes where the agent is to be installed. Otherwise, install the agent using the command line provided in Installing the Agent on Servers.

Step 1: Prepare the Installation Environment

  1. Ensure your server OS is supported by the agent. For more information, see the table in Supported OSs.

    The agent cannot be installed on the OSs that are not in the list.

  2. Ensure the server is running properly.

    The agent cannot be installed if the server is not running.

  3. Ensure the capacity of the disk where the agent is to be installed is greater than 300 MB.

    If the available space is less than 300 MB, the agent will fail to be installed. The agent installation path cannot be customized. The following default paths are used:

    • Linux: /usr/local/hostguard/
    • Windows: C:\Program Files\HostGuard

  4. Check whether mandatory ports are enabled in the server security group.

    • Huawei Cloud servers

      For servers in regions other than CN East 2 and CN Southwest-Guiyang1, ensure the outbound rule of your security group allows access to the port 10180 on the 100.125.0.0/16 network segment. (This is the default setting.) This port is used to communicate with the HSS server. For details about how to view and modify an outbound ECS security group rule, see Modifying a Security Group.

    • Third-party cloud servers

      Ensure the outbound rule of your security group allows access to port 10180 on the 100.125.0.0/16 CIDR block. (This is the default setting.) This port is used to communicate with the HSS server.

  5. Ensure the DNS address of the server is a private DNS server address on the Huawei Cloud.

    The agent cannot be downloaded to a private DNS server address outside Huawei Cloud.

    For details about how to view and change the DNS server address, see Modifying the DNS (on the Server) or Modifying the DNS Server Address (on the Console).

  6. Uninstall third-party security software.

    Third-party security software will probably be incompatible with the HSS agent and affects HSS protection. If third-party security software is installed on your servers, uninstall it before installing the HSS agent.

  7. (Optional) For a Linux server, disable the SELinux firewall.

    The SELinux firewall may disrupt agent installation. You can enable it after the agent is successfully installed.

Step 2: Install the Agent on an Independent Node

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation pane, choose Installation & Configuration > Container Install & Config.
  4. Click the Independent Nodes tab.
  5. Locate the node where the agent is in the Not installed state. Click Install Agent in the Operation column.
  6. On the agent installation page, configure Server Authentication Mode.

    • Account and password
      • If Allow direct connection with root permissions is selected:

        The root account can be used to log in to the server. Provide the root user password and login port. HSS will use your root account to install the agent for the server.

      • If Allow direct connection with root permissions is not selected:

        The root account cannot be used to log in to the server. Provide another username and password for login, and the root password for privilege escalation. HSS will use the provided account information to install the agent for the server.

    • Key

      Only user-created keys are supported. Click Upload Key and upload a user-created key file in .pem format.

  7. Confirm the information and click OK.

    You can view the Agent Status column to check the agent installation status. If the Agent Status is Online, the agent has been installed.

Follow-up Operations

After installing the agent on an independent node, enable protection for the node.

Related Operations

During the environment preparation before the installation, you may need to modify the security group and DNS. The procedures are as follows.