快速入門:將 Linux 電腦上架到 Azure 資訊安全中心Quickstart: Onboard Linux computers to Azure Security Center

將 Azure 訂用帳戶上架之後,您可以透過佈建 Linux 代理程式,為在 Azure 外 (例如,內部部署或其他雲端服務) 執行的 Linux 資源啟用資訊安全中心。After you onboard your Azure subscriptions, you can enable Security Center for Linux resources running outside of Azure, for example on-premises or in other clouds, by provisioning the Linux Agent.

本快速入門說明如何在 Linux 電腦上安裝 Linux 代理程式。This quickstart shows you how to install the Linux Agent on a Linux computer.

必要條件Prerequisites

若要開始使用資訊安全中心,您必須有 Microsoft Azure 訂用帳戶。To get started with Security Center, you must have a subscription to Microsoft Azure. 如果您沒有訂用帳戶,可以註冊免費帳戶If you do not have a subscription, you can sign up for a free account.

確認您是使用資訊安全中心的標準定價層之後,再開始按照本快速入門操作。You must be on Security Center’s Standard pricing tier before starting this quickstart. 如需升級指示,請參閱將 Azure 訂用帳戶上架到資訊安全中心標準定價層See Onboard your Azure subscription to Security Center Standard for upgrade instructions. 您可以免費試用資訊安全中心的標準層。You can try Security Center’s Standard at no cost. 若要深入了解,請參閱價格頁面To learn more, see the pricing page.

新增 Linux 電腦Add new Linux computer

  1. 登入 Azure 入口網站Sign into the Azure portal.

  2. 在 [Microsoft Azure] 功能表中,選取 [資訊安全中心]。On the Microsoft Azure menu, select Security Center. [資訊安全中心 - 概觀] 隨即開啟。Security Center - Overview opens.

    資訊安全中心概觀

  3. 在 [資訊安全中心] 主功能表下,選取 [開始使用]。Under the Security Center main menu, select Getting started.

  4. 選取 [開始使用] 索引標籤。開始使用Select the Get started tab. Get started

  5. 按一下 [新增非 Azure 電腦] 底下的 [設定],隨即會顯示 Log Analytics 工作區清單。Click Configure under Add new non-Azure computers, a list of your Log Analytics workspaces is shown. 清單中顯示啟用自動佈建之後,資訊安全中心為您建立的預設工作區 (如果適用)。The list includes, if applicable, the default workspace created for you by Security Center when automatic provisioning was enabled. 選取此工作區或其他您要使用的工作區。Select this workspace or another workspace you want to use.

    新增非 Azure 電腦

  6. 在 [直接代理程式] 頁面的 [下載並啟動 Linux 代理程式] 下,選取 [複製] 按鈕以複製 wget 命令。On the Direct Agent page, under DOWNLOAD AND ONBOARD AGENT FOR LINUX, select the copy button to copy the wget command.

  7. 開啟 [記事本] 並貼上此命令。Open Notepad, and paste this command. 將此檔案儲存到可從您的 Linux 電腦存取的位置。Save this file to a location that can be accessible from your Linux computer.

安裝代理程式Install the agent

  1. 在您的 Linux 電腦上,開啟先前儲存的檔案。On your Linux computer, open the file that was previously saved. 選取整個內容,複製內容,然後開啟終端機主控台並貼上命令。Select the entire content, copy, open a terminal console, and paste the command.

  2. 安裝完成之後,您可以執行 pgrep 來驗證是否已安裝 omsagentOnce the installation is finished, you can validate that the omsagent is installed by running the pgrep command. 該命令會傳回如下的 omsagent PID (處理序識別碼):The command will return the omsagent PID (Process ID) as shown below:

    安裝代理程式

Linux 資訊安全中心代理程式的記錄可以在下列位置找到:/var/opt/microsoft/omsagent/<工作區識別碼>/log/The logs for the Security Center Agent for Linux can be found at: /var/opt/microsoft/omsagent/<workspace id>/log/

代理程式記錄

有時候可能需要最多 30 分鐘,Linux 電腦才會在資訊安全中心中出現。After some time, it may take up to 30 minutes, the new Linux computer will appear in Security Center.

您現在可於同一處監視您的 Azure VM 和非 Azure 電腦。Now you can monitor your Azure VMs and non-Azure computers in one place. 在 [計算] 下,您可以檢視所有 VM 和電腦的概觀及建議。Under Compute, you have an overview of all VMs and computers along with recommendations. 每一欄表示一組建議。Each column represents one set of recommendations. 色彩代表 VM 或電腦目前對於該建議的安全性狀態。The color represents the VM's or computer's current security state for that recommendation. 資訊安全中心也會在安全性警示中顯示針對這些電腦所偵測到的任何項目。Security Center also surfaces any detections for these computers in Security alerts.

[計算] 刀鋒視窗:[計算] 刀鋒視窗上顯示兩個類型的圖示:Compute blade There are two types of icons represented on the Compute blade:

icon1 非 Azure 電腦Non-Azure computer

icon2 Azure VMAzure VM

清除資源Clean up resources

不再需要時,您可以將代理程式從 Linux 電腦移除。When no longer needed, you can remove the agent from the Linux computer.

移除代理程式:To remove the agent:

  1. 將 Linux 代理程式通用指令碼下載到電腦。Download the Linux agent universal script to the computer.

  2. 在電腦上搭配 --purge 引數執行 .sh 檔案,如此可將代理程式及其設定完全移除。Run the bundle .sh file with the --purge argument on the computer, which completely removes the agent and its configuration.

    sudo sh ./omsagent-<version>.universal.x64.sh --purge

後續步驟Next steps

在本快速入門中,您已在 Linux 電腦上佈建代理程式。In this quick start, you provisioned the agent on a Linux computer. 若要深入了解如何使用資訊安全中心,請繼續進行設定安全性原則及評估資源安全性的教學課程。To learn more about how to use Security Center, continue to the tutorial for configuring a security policy and assessing the security of your resources.