手动安装和卸载 Inspector VM Scanner 安装路径卸载 Inspector 虚拟机扫描器正在运行 Inspector VM 查看输出

手动安装和配置

本节介绍如何在您的亚马逊 EC2 实例上手动安装和配置 Inspector VM Scanner。手动安装被视为基于代理的扫描，不需要亚马逊 EC2 Systems Manager (SSM)。

注意

如果您在 Amazon Inspector 控制台中启用增强型 EC2 扫描，Amazon Inspector 会使用 SSM 自动安装和管理虚拟机扫描器。仅当您无法使用 SSM 或更喜欢独立管理扫描仪时，才需要手动安装。

手动安装和卸载 Inspector VM Scanner

Inspector VM Scanner 可通过以下链接进行独立安装：

Inspector 虚拟机扫描器
Package 类型	架构	URL
.apk	ARM	https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner-latest-r0.apk
	X86_64	https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86_64/inspector-vm-scanner-latest-r0.apk
.deb	ARM	https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner_latest_arm64.deb
	X86_64	https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86_64/inspector-vm-scanner_latest_amd64.deb
.msi	X86_64	https://inspector-vm-scanner.s3.amazonaws.com/latest/MSI-X86_64/inspector-vm-scanner-x86_64-latest.msi
.pkg	ARM	https://inspector-vm-scanner.s3.amazonaws.com/latest/PKG-ARM/inspector-vm-scanner.latest.arm64.pkg
.rpm	ARM	https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner-latest.arm64.rpm
	X86_64	https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86_64/inspector-vm-scanner-latest.x86_64.rpm

要查看在指定的包管理器上手动安装 Inspector VM Scanner 的过程，请从以下列表中选择一个链接：

APK

安装

ARM


curl --output-dir /etc/apk/keys -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner.pem.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner-latest-r0.apk
apk add inspector-vm-scanner-latest-r0.apk

X86_64


curl --output-dir /etc/apk/keys -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86_64/inspector-vm-scanner.pem.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86_64/inspector-vm-scanner-latest-r0.apk
apk add inspector-vm-scanner-latest-r0.apk

卸载


apk del inspector-vm-scanner

DEB

安装

ARM


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner_latest_arm64.deb
gpg --import inspector-vm-scanner.gpg.pub
gpg --verify inspector-vm-scanner_latest_arm64.deb
sudo dpkg -i inspector-vm-scanner_latest_arm64.deb

X86_64


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86_64/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86_64/inspector-vm-scanner_latest_amd64.deb
gpg --import inspector-vm-scanner.gpg.pub
gpg --verify inspector-vm-scanner_latest_amd64.deb
sudo dpkg -i inspector-vm-scanner_latest_amd64.deb

卸载


sudo dpkg -r inspector-vm-scanner

MSI

安装

X86_64


Invoke-WebRequest https://inspector-vm-scanner.s3.amazonaws.com/latest/MSI-X86_64/inspector-vm-scanner-x86_64-latest.msi -OutFile inspector-vm-scanner-x86_64-latest.msi
msiexec /i inspector-vm-scanner-x86_64-latest.msi /qn

卸载

要卸载 Inspector VM ScannerWindows，请使用 “Windows程序和功能” 控制面板或以下 PowerShell 命令：


Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq "Inspector VM Scanner"} | ForEach-Object {$_.Uninstall()}

PKG

安装

ARM


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/PKG-ARM/inspector-vm-scanner.latest.arm64.pkg
pkgutil --check-signature inspector-vm-scanner.latest.arm64.pkg
sudo installer -pkg inspector-vm-scanner.latest.arm64.pkg -target /

卸载


sudo rm /opt/aws/inspector/bin/inspector-vm-scanner
sudo rm -rf /var/lib/amazon/inspector

RPM

安装

ARM


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner-latest.arm64.rpm
rpm --import inspector-vm-scanner.gpg.pub
rpm --checksig inspector-vm-scanner-latest.arm64.rpm
sudo yum install inspector-vm-scanner-latest.arm64.rpm

X86_64


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86_64/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86_64/inspector-vm-scanner-latest.x86_64.rpm
rpm --import inspector-vm-scanner.gpg.pub
rpm --checksig inspector-vm-scanner-latest.x86_64.rpm
sudo yum install inspector-vm-scanner-latest.x86_64.rpm

卸载


sudo yum remove inspector-vm-scanner

安装路径

在所有 Unix-based 操作系统（包括 macOS）上，Inspector VM Scanner 都会安装到。/opt/aws/inspector/bin/inspector-vm-scanner唯一的例外是使用备用路径的 Alpine-based 操作系统（包括 Chainguard）。/usr/opt/aws/inspector/bin/inspector-vm-scanner

开启Windows，Inspector VM Scanner 安装C:\Program Files\Amazon\Inspector\inspector-vm-scanner.exe到

这些安装路径（Alpine 除外）与 Inspector SSM 插件相同，后者将所有 Inspector 二进制文件存储在一个位置。

卸载 Inspector 虚拟机扫描器

如果您禁用增强型 EC2 扫描，Inspector 会自动在所有 Inspector-managed 实例上卸载 Inspector VM Scanner。要删除手动安装，请参阅前几节中适用于您的软件包管理器的卸载说明。

正在运行 Inspector VM

Inspector VM Scanner 希望将扫描类型作为第一个参数传递。目前，唯一支持的值是sbom。

默认用法命令：


./inspector-vm-scanner sbom --send-results telemetry

SBOM 扫描的打印选项：


./inspector-vm-scanner sbom --help

查看输出

默认的 Inspector 工作流程不会在本地保存 SBOM。但是，如果通过遥测发送资源 SBOM 时出现任何故障，则会将其写入以下位置：

/var/lib/amazon/inspector/state/sbom.json在 Unix
Windows 上的 C:\ProgramData\Amazon\Inspector\State\sbom.json

用户可以在调用 VM Scanner 期间覆盖此路径。有关更多信息，请参阅高级配置。

Javascript 在您的浏览器中被禁用或不可用。

要使用 Amazon Web Services 文档，必须启用 Javascript。请参阅浏览器的帮助页面以了解相关说明。

文档惯例

启用Inspector虚拟机扫描器

查看日志