Installing the Agent on an Independent Node
Scenarios
The HSS agent is a piece of software installed on servers to exchange data between the servers and HSS, implementing security detection and protection. You can use the HSS only after installing the agent.
Prerequisites
There is at least one node with an online agent in the VPC of the nodes where the agent is to be installed. Otherwise, install the agent using the command line provided in Installing the Agent on Servers.
Step 1: Prepare the Installation Environment
- Ensure your server OS is supported by the agent. For more information, see the table in Supported OSs.
The agent cannot be installed on the OSs that are not in the list.
- Ensure the server is running properly.
The agent cannot be installed if the server is not running.
- Ensure the capacity of the disk where the agent is to be installed is greater than 300 MB.
If the available space is less than 300 MB, the agent will fail to be installed. The agent installation path cannot be customized. The following default paths are used:
- Linux: /usr/local/hostguard/
- Windows: C:\Program Files\HostGuard
- Check whether mandatory ports are enabled in the server security group.
- Huawei Cloud servers
For servers in regions other than CN East 2 and CN Southwest-Guiyang1, ensure the outbound rule of your security group allows access to the port 10180 on the 100.125.0.0/16 network segment. (This is the default setting.) This port is used to communicate with the HSS server. For details about how to view and modify an outbound ECS security group rule, see Modifying a Security Group.
- Third-party cloud servers
Ensure the outbound rule of your security group allows access to port 10180 on the 100.125.0.0/16 CIDR block. (This is the default setting.) This port is used to communicate with the HSS server.
- Huawei Cloud servers
- Ensure the DNS address of the server is a private DNS server address on the Huawei Cloud.
The agent cannot be downloaded to a private DNS server address outside Huawei Cloud.
For details about how to view and change the DNS server address, see Modifying the DNS (on the Server) or Modifying the DNS Server Address (on the Console).
- Uninstall third-party security software.
Third-party security software will probably be incompatible with the HSS agent and affects HSS protection. If third-party security software is installed on your servers, uninstall it before installing the HSS agent.
- (Optional) For a Linux server, disable the SELinux firewall.
The SELinux firewall may disrupt agent installation. You can enable it after the agent is successfully installed.
Step 2: Install the Agent on an Independent Node
- Log in to the HSS console.
- Click
in the upper left corner and select a region or project.
- In the navigation pane, choose .
- Click the Independent Nodes tab.
- Locate the node where the agent is in the Not installed state. Click Install Agent in the Operation column.
- On the agent installation page, configure Server Authentication Mode.
- Account and password
- If Allow direct connection with root permissions is selected:
The root account can be used to log in to the server. Provide the root user password and login port. HSS will use your root account to install the agent for the server.
- If Allow direct connection with root permissions is not selected:
The root account cannot be used to log in to the server. Provide another username and password for login, and the root password for privilege escalation. HSS will use the provided account information to install the agent for the server.
- If Allow direct connection with root permissions is selected:
- Key
Only user-created keys are supported. Click Upload Key and upload a user-created key file in .pem format.
- Account and password
- Confirm the information and click OK.
You can view the Agent Status column to check the agent installation status. If the Agent Status is Online, the agent has been installed.
Follow-up Operations
After installing the agent on an independent node, enable protection for the node.
Related Operations
During the environment preparation before the installation, you may need to modify the security group and DNS. The procedures are as follows.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot