快速入门:将 Linux 计算机载入到安全中心Quickstart: Onboard Linux computers to Azure Security Center

加入 Azure 订阅之后,可以通过预配代理为在 Azure 外部(例如,在本地或在其他云中)运行的 Linux 资源启用安全中心。After you onboard your Azure subscriptions, you can enable Security Center for Linux resources running outside of Azure, for example on-premises or in other clouds, by provisioning an Agent. 该代理称为 Log Analytics 代理,但也称 OMS 代理。The Agent is called the Log Analytics agent, but it is also known as the OMS agent.

本快速入门展示了如何在 Linux 计算机上安装该代理。This quickstart shows you how to install the Agent on a Linux computer.

先决条件Prerequisites

若要开始使用安全中心,必须订阅 Azure。To get started with Security Center, you must have a subscription to Azure. 如果你没有订阅,则可以注册试用版If you do not have a subscription, you can sign up for a Trial.

在开始学习本快速入门之前,你必须位于安全中心的“标准”定价层。You must be on Security Center's standard pricing tier before starting this quickstart. 有关升级说明,请参阅将 Azure 订阅载入到安全中心标准版See Onboard your Azure subscription to Security Center Standard for upgrade instructions. 可以免费试用安全中心标准版。You can try Security Center's Standard at no cost. 若要了解详细信息,请参阅定价页To learn more, see the pricing page.

添加新的 Linux 计算机Add new Linux computer

  1. 登录到 Azure 门户Sign into the Azure portal.

  2. 在“Azure”菜单上选择“安全中心”。On the Azure menu, select Security Center. 此时会打开“安全中心 - 概览”。Security Center - Overview opens.

    安全中心概述

  3. 在“安全中心”主菜单下,选择“入门”。Under the Security Center main menu, select Getting started.

  4. 选择“入门”选项卡。入门Select the Get started tab. Get started

  5. 单击“添加非 Azure 服务器”下的“配置”,将显示 Log Analytics 工作区列表。Click Configure under Add non-Azure servers, a list of your Log Analytics workspaces is shown. 该列表包含启用自动预配时由安全中心创建的默认工作区(如果适用)。The list includes, if applicable, the default workspace created for you by Security Center when automatic provisioning was enabled. 选择此工作区或要使用的其他工作区。Select this workspace or another workspace you want to use.

    添加非 Azure 计算机

  6. 在“代理管理”页上的“下载并载入适用于 Linux 的代理”下,选择“复制”按钮以复制“wget”命令。On the Agents management page, under Download and onboard agent for Linux, select the copy button to copy the wget command.

  7. 打开记事本并粘贴此命令。Open Notepad, and paste this command. 将此文件保存到可以从你的 Linux 计算机访问的位置。Save this file to a location that can be accessible from your Linux computer.

安装代理Install the agent

  1. 在你的 Linux 计算机上,打开前面保存的文件。On your Linux computer, open the file that was previously saved. 选择整个内容,进行复制,打开一个终端控制台并粘贴该命令。Select the entire content, copy, open a terminal console, and paste the command.

  2. 在安装完成后,可以通过运行 pgrep 命令验证 omsagent 是否已安装。Once the installation is finished, you can validate that the omsagent is installed by running the pgrep command. 该命令将返回 omsagent PID(进程 ID),如下所示:The command will return the omsagent PID (Process ID) as shown below:

    安装代理

可在以下位置找到该代理的日志:/var/opt/microsoft/omsagent/<workspace id>/log/The logs for the Agent can be found at: /var/opt/microsoft/omsagent/<workspace id>/log/

代理的日志

在一段时间后(可能需要多达 30 分钟),新的 Linux 计算机将显示在安全中心内。After some time, it may take up to 30 minutes, the new Linux computer will appear in Security Center.

现在,可以从单个位置监视 Azure VM 和非 Azure 计算机了。Now you can monitor your Azure VMs and non-Azure computers in one place. 在“计算和应用”下,可以概览所有 VM 和计算机以及建议。Under Compute & apps, you have an overview of all VMs and computers along with recommendations. 每一列代表一组建议。Each column represents one set of recommendations. 颜色表示 VM 或计算机针对该建议的当前安全状态。The color represents the VM's or computer's current security state for that recommendation. 安全中心还会在“安全警报”中显示针对这些计算机的任何检测。Security Center also surfaces any detections for these computers in Security alerts.

计算边栏选项卡 -“计算”边栏选项卡上提供了两种类型的图标:Compute blade There are two types of icons represented on the Compute blade:

icon1 非 Azure 计算机Non-Azure computer

icon2 Azure VMAzure VM

清理资源Clean up resources

如果不再需要使用该代理,可从 Linux 计算机中将其删除。When no longer needed, you can remove the agent from the Linux computer.

若要删除该代理,请执行以下操作:To remove the agent:

  1. 将 Linux 代理通用脚本下载到计算机。Download the Linux agent universal script to the computer.

  2. 在计算机上在使用 --purge 参数的情况下运行 bundle .sh 文件,这将彻底删除该代理及其配置。Run the bundle .sh file with the --purge argument on the computer, which completely removes the agent and its configuration.

    sudo sh ./omsagent-<version>.universal.x64.sh --purge

后续步骤Next steps

在此快速入门中,你已在 Linux 计算机上预配了代理。In this quickstart, you provisioned the agent on a Linux computer. 若要详细了解如何使用安全中心,请继续阅读教程,了解如何配置安全策略和评估资源的安全性。To learn more about how to use Security Center, continue to the tutorial for configuring a security policy and assessing the security of your resources.