问题描述
要在自定义镜像 Windows 系统中手动安装云安全中心 agent (防护安装部署),如何进行安装及确认是否 agent 安装成功。
问题分析
要想将自定义镜像的 Windows 实例加入云安全中心进行监控跟安全检查,可以使用官方提供命令手动在系统内进行安装。
解决方案
1、登录到云安全中心控制台,选择服务管理-防护安装部署,找到对应的 ECS 实例,然后点击客户端安装引导来获取安装命令,如下:
powershell -executionpolicy bypass -c "$FILE_NAME='Proxima-latest-amd64.exe';$REGION=$(Invoke-WebRequest -UseBasicParsing -URI 'http://100.96.0.96/volcstack/latest/region_id' -TimeoutSec 10).Content.Trim();Invoke-WebRequest -UseBasicParsing -URI http://tos-s3-$REGION.ivolces.com/hids$REGION/agent/$FILE_NAME -TimeoutSec 10 -OutFIle $env:temp\$FILE_NAME;Start-Process $env:temp\$FILE_NAME -ArgumentList '/S'"
2、登录到操作系统,上面命令为 powershell 命令,但不能通过powershell 执行,会报错,如下:
PS C:\Users\Administrator> powershell -executionpolicy bypass -c "$FILE_NAME='Proxima-latest-amd64.exe';$REGION=$(Invoke
-WebRequest -UseBasicParsing -URI 'http://100.96.0.96/volcstack/latest/region_id' -TimeoutSec 10).Content.Trim();Invoke-WebRequest -UseBasicParsing -URI http://tos-s3-$REGION.ivolces.com/hids$REGION/agent/$FILE_NAME -TimeoutSec 10 -OutFIle $env:temp\$FILE_NAME;Start-Process $env:temp\$FILE_NAME -ArgumentList '/S'"
At line:1 char:54
+ ='Proxima-latest-amd64.exe';=cn-beijing.Content.Trim();Invoke-WebRequ ...
+ ~
An expression was expected after '('.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ExpectedExpression
需要使用 CMD 进行安装,如下:
C:\Users\Administrator>powershell -executionpolicy bypass -c "$FILE_NAME='Proxima-latest-amd64.exe';$REGION=$(Invoke-Web
Request -UseBasicParsing -URI 'http://100.96.0.96/volcstack/latest/region_id' -TimeoutSec 10).Content.Trim();Invoke-WebR
equest -UseBasicParsing -URI http://tos-s3-$REGION.ivolces.com/hids$REGION/agent/$FILE_NAME -TimeoutSec 10 -OutFIle $env
:temp\$FILE_NAME;Start-Process $env:temp\$FILE_NAME -ArgumentList '/S'"
C:\Users\Administrator>
安装完成后无安装完成的输出,无报错即可。
3、控制台查看安装后的结果,如下:
安装完成后,会启动三个个相关进程,如下:
其文件位于 C:\Program Files\Proxima\plugin,如下:
如进程出现相关问题,可查看上述进程状态及查看日志文件。日志文件位于 C:\Program Files\Proxima\log,名为 proxima,其中包含相关启动日志及心跳检查日志,如下:
2022-03-28T22:31:54.245+0800 INFO heartbeat/heartbeat.go:139 health daemon startup
2022-03-28T22:31:54.245+0800 INFO plugin/plugin.go:166 plugin daemon startup
2022-03-28T22:31:54.245+0800 INFO transport/transport.go:13 transport daemon startup
2022-03-28T22:31:54.245+0800 INFO heartbeat/heartbeat.go:98 agent heartbeat completed:map[arch:x86_64 boot_at:1648477791 cpu:0.00000000 du:17279574 fd_cnt:0 grs:15 idc:cn-beijing-a kernel_version:10.0.17763 Build 17763 net_mode:unknown nproc:4 pid:2088 platform:Microsoft Windows Server 2019 Datacenter platform_family:Server platform_version:10.0.17763 Build 17763 read_speed:+Inf region:VOLC rss:12484608 rx_speed:0.00000000 rx_tps:0.00000000 started_at:1648477914 tx_speed:0.00000000 tx_tps:0.00000000 write_speed:+Inf]
2022-03-28T22:31:54.255+0800 INFO transport/transfer.go:61 get connection successfully:idc cn-beijing-a,region VOLC,netmode private
2022-03-28T22:31:54.255+0800 INFO transport/transfer.go:151 receive handler running
2022-03-28T22:31:54.255+0800 INFO transport/transfer.go:93 send handler running
2022-03-28T22:31:54.395+0800 INFO transport/transfer.go:158 received command
2022-03-28T22:31:54.395+0800 INFO plugin/plugin.go:187 syncing plugins...
2022-03-28T22:31:54.395+0800 INFO plugin/plugin_windows.go:64 plugin is loading...
如果您有其他问题,欢迎您联系火山引擎技术支持服务
