驗證代 CloudWatch 理程式套件的簽章 - Amazon CloudWatch

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

驗證代 CloudWatch 理程式套件的簽章

Linux 伺服器上的 CloudWatch 代理程式套件包含 GPG 簽章檔案。您可以使用公開金鑰來驗證代理程式下載檔案是否為原版且未經修改。

針對 Windows Server,您可以使用 MSI 來驗證簽章。

對於 macOS 電腦,簽章會包含在代理程式下載套件中。

若要尋找正確的簽章檔案,請參閱下表。針對每個架構和作業系統,各自都有一般連結和區域的連結。例如,對於 Amazon Linux 2023 和 Amazon Linux 2 和 x86-64 架構,其中三個有效鏈接是:

  • https://amazoncloudwatch-agent.s3.amazonaws.com/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm.sig

  • https://amazoncloudwatch-agent-us-east-1.s3.us-east-1.amazonaws.com/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm

  • https://amazoncloudwatch-agent-eu-central-1.s3.eu-central-1.amazonaws.com/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm

注意

若要下載 CloudWatch 代理程式,您的連線必須使用 TLS 1.2 或更新版本。

架構 平台 下載連結 簽章檔案連結

x86-64

Amazon Linux 2023 和 Amazon Linux 2

https://amazoncloudwatch-agent.s3.amazonaws.com/amazon_linux/amd64/latest/amazon-cloudwatch-agent. 每分鐘

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜亞馬遜亞馬遜 /amd64 /最新/ amazon-cloudwatch-agent 轉

https://amazoncloudwatch-agent.s3.amazonaws.com/amazon_linux/amd64/latest/ amazon-cloudwatch-agent .rpm.sig

https://amazoncloudwatch-agent-區域. 地區 .亞馬遜/亞馬遜/amd64 /最新/.rpm.sig amazon-cloudwatch-agent

x86-64

Centos

https://amazoncloudwatch-agent.s3.amazonaws.com/centos/amd64/latest/amazon-cloudwatch-agent. 每分鐘

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜amazon-cloudwatch-agent公司/百分之六十四/最新/轉

https://amazoncloudwatch-agent.s3.amazonaws.com/centos/amd64/latest/ amazon-cloudwatch-agent .rpm.sig

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜amazon-cloudwatch-agent公司/百分之六十四/最新/.rpm.sig

x86-64

Redhat

https://amazoncloudwatch-agent.s3.amazonaws.com/redhat/amd64/latest/amazon-cloudwatch-agent. 每分鐘

https://amazoncloudwatch-agent-區域. 區域. 亞馬遜公司/紅帽 /amd64 /最新/ amazon-cloudwatch-agent 轉

https://amazoncloudwatch-agent.s3.amazonaws.com/redhat/amd64/latest/ amazon-cloudwatch-agent .rpm.sig

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜amazon-cloudwatch-agent公司/紅帽 /amd64 /最新/ .rpm.sig

x86-64

SUSE

https://amazoncloudwatch-agent.s3.amazonaws.com/suse/amd64/latest/amazon-cloudwatch-agent. 每分鐘

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜公司/蘇/amazon-cloudwatch-agent安 64 /最新/ 轉

https://amazoncloudwatch-agent.s3.amazonaws.com/suse/amd64/latest/ amazon-cloudwatch-agent .rpm.sig

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜amazon-cloudwatch-agent公司/蘇聯/安德 64 /最新/ .rpm.sig

x86-64

Debian

https://amazoncloudwatch-agent.s3.amazonaws.com/debian/amd64/latest/ amazon-cloudwatch-agent .deb

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜. COM /德比安/amd64 /最新/ amazon-cloudwatch-agent

https://amazoncloudwatch-agent.s3.amazonaws.com/debian/amd64/latest/amazon-cloudwatch-agent. 德博

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜網站 /debi an /amd64 /最新/.deb.sig amazon-cloudwatch-agent

x86-64

Ubuntu

https://amazoncloudwatch-agent.s3.amazonaws.com/ubuntu/amd64/latest/ amazon-cloudwatch-agent .deb

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜公司/企業/amazon-cloudwatch-agent上午 64 /最新/

https://amazoncloudwatch-agent.s3.amazonaws.com/ubuntu/amd64/latest/amazon-cloudwatch-agent. 德博

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜公司/企業/上午 64 /最新/.deb.sig amazon-cloudwatch-agent

x86-64

Oracle

https://amazoncloudwatch-agent.s3.amazonaws.com/oracle_linux/amd64/latest/amazon-cloudwatch-agent. 每分鐘

https://amazoncloudwatch-agent-區域. 區域 .亞馬遜/軌 /amd64/最新/轉速 amazon-cloudwatch-agent

https://amazoncloudwatch-agent.s3.amazonaws.com/oracle_linux/amd64/latest/ amazon-cloudwatch-agent .rpm.sig

https://amazoncloudwatch-agent-區域. 地區 .亞馬遜/亞拉克_lin ux/amd64 /最新/.rpm.sig amazon-cloudwatch-agent

x86-64

macOS

https://amazoncloudwatch-agent.s3.amazonaws.com/darwin/amd64/latest/ amazon-cloudwatch-agent .pkg

https://amazoncloudwatch-agent-區域. 地區 .亞馬遜/達爾文/AMD64 /最新/ .pkg amazon-cloudwatch-agent

https://amazoncloudwatch-agent.s3.amazonaws.com/darwin/amd64/latest/ www. amazon-cloudwatch-agent pkg.sig

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜/達爾文/ amd64 /最新/.pkg.sig amazon-cloudwatch-agent

x86-64

Windows

https://amazoncloudwatch-agent.s3.amazonaws.com/windows/amd64/latest/amazon-cloudwatch-agent. 微星

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜/窗口/amd64 /最新/. amazon-cloudwatch-agent

https://amazoncloudwatch-agent.s3.amazonaws.com/windows/amd64/latest/amazon-cloudwatch-agent. 微笑

https://amazoncloudwatch-agent-區域. 地區 .亞馬遜/窗口 /amd64 /最新/.msi.sig amazon-cloudwatch-agent

ARM64

Amazon Linux 2023 和 Amazon Linux 2

https://amazoncloudwatch-agent.s3.amazonaws.com/amazon_linux/arm64/latest/amazon-cloudwatch-agent. 每分鐘

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜亞馬遜亞馬遜 /arm64 /最新/ amazon-cloudwatch-agent 轉

https://amazoncloudwatch-agent.s3.amazonaws.com/amazon_linux/arm64/latest/ amazon-cloudwatch-agent .rpm.sig

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜亞馬遜亞馬遜 /arm64 /最新/.rpm.sig amazon-cloudwatch-agent

ARM64

Redhat

https://amazoncloudwatch-agent.s3.amazonaws.com/redhat/arm64/latest/amazon-cloudwatch-agent. 每分鐘

https://amazoncloudwatch-agent-區域. 區域。亞馬遜網絡/紅帽/ARM64 /最新/ amazon-cloudwatch-agent 轉

https://amazoncloudwatch-agent.s3.amazonaws.com/redhat/arm64/latest/ amazon-cloudwatch-agent .rpm.sig

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜amazon-cloudwatch-agent公司/紅帽 /arm64 /最新/.rpm.sig

ARM64

Ubuntu

https://amazoncloudwatch-agent.s3.amazonaws.com/ubuntu/arm64/latest/ amazon-cloudwatch-agent .deb

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜公司/管理/ARM64 /最新/ amazon-cloudwatch-agent

https://amazoncloudwatch-agent.s3.amazonaws.com/ubuntu/arm64/latest/amazon-cloudwatch-agent. 德博

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜公司 /ubun tu/ arm64 /最新/.deb.sig amazon-cloudwatch-agent

ARM64

SUSE

https://amazoncloudwatch-agent.s3.amazonaws.com/suse/arm64/latest/amazon-cloudwatch-agent. 每分鐘

https://amazoncloudwatch-agent-區域. 區域. 亞馬遜. COM /蘇打/arm64 /最新/ amazon-cloudwatch-agent 轉

https://amazoncloudwatch-agent.s3.amazonaws.com/suse/arm64/latest/ amazon-cloudwatch-agent .rpm.sig

https://amazoncloudwatch-agent-區域. 地區. 亞馬遜. COM /蘇打/arm64 /最新/ .rpm.sig amazon-cloudwatch-agent
驗證 Linux 伺服器上的 CloudWatch 代理程式套件

  1. 下載公開金鑰。

    shell$ wget https://amazoncloudwatch-agent.s3.amazonaws.com/assets/amazon-cloudwatch-agent.gpg

  2. 將公開金鑰匯入至您的 keyring。

    shell$  gpg --import amazon-cloudwatch-agent.gpg
gpg: key 3B789C72: public key "Amazon CloudWatch Agent" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

    請記下金鑰值,在後續步驟您將會用到它。在前面的範例中,金鑰值為 3B789C72

  3. 執行以下命令以驗證指紋,請以三個步驟的值取代 key-value

    shell$  gpg --fingerprint key-value
pub   2048R/3B789C72 2017-11-14
      Key fingerprint = 9376 16F3 450B 7D80 6CBD  9725 D581 6730 3B78 9C72
uid                  Amazon CloudWatch Agent

    指紋字串應等於:

    9376 16F3 450B 7D80 6CBD 9725 D581 6730 3B78 9C72

    若指紋字串不相符,請勿安裝代理程式。請聯絡 Amazon Web Services。

    驗證指紋後,您可以使用它來驗證 CloudWatch 代理程式套件的簽章。

  4. 使用 wget 下載套件簽章檔案。若要決定正確的簽章檔案,請參閱上表。

    wget Signature File Link

  5. 若要驗證簽章,請執行 gpg --verify

    shell$ gpg --verify signature-filename agent-download-filename
gpg: Signature made Wed 29 Nov 2017 03:00:59 PM PST using RSA key ID 3B789C72
gpg: Good signature from "Amazon CloudWatch Agent"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9376 16F3 450B 7D80 6CBD  9725 D581 6730 3B78 9C72

    如果輸出包含 BAD signature 片語,請檢查您是否已正確執行程序。如果您持續收到此回應,請聯絡 Amazon Web Services,並避免使用已下載的檔案。

    請注意有關信任的警告。只有您或您信任者所簽章的金鑰才能信任。這不表示該簽章是無效的,只是您尚未驗證該公有金鑰。

驗證執行 Windows 伺服器之伺服器上的 CloudWatch 代理程式套件

  1. https://gnupg.org/download/ 下載並安裝適用於 Windows 的 GnuPG。安裝時,請包括外圍程序擴展(GpgEx)選項。

    您可以在視窗中執行其餘步驟 PowerShell。

  2. 下載公開金鑰。

    PS> wget https://amazoncloudwatch-agent.s3.amazonaws.com/assets/amazon-cloudwatch-agent.gpg -OutFile amazon-cloudwatch-agent.gpg

  3. 將公開金鑰匯入至您的 keyring。

    PS>  gpg --import amazon-cloudwatch-agent.gpg
gpg: key 3B789C72: public key "Amazon CloudWatch Agent" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

    請記下金鑰的值,因為您的下一個步驟將需要它。在前面的範例中,金鑰值為 3B789C72

  4. 執行以下命令以驗證指紋,請以三個步驟的值取代 key-value

    PS>  gpg --fingerprint key-value
pub   rsa2048 2017-11-14 [SC]
      9376 16F3 450B 7D80 6CBD  9725 D581 6730 3B78 9C72
uid           [ unknown] Amazon CloudWatch Agent

    指紋字串應等於:

    9376 16F3 450B 7D80 6CBD 9725 D581 6730 3B78 9C72

    若指紋字串不相符,請勿安裝代理程式。請聯絡 Amazon Web Services。

    驗證指紋後,您可以使用它來驗證 CloudWatch 代理程式套件的簽章。

  5. 使用 wget 下載套件簽章檔案。如果要判斷正確的簽章檔案,請參閱CloudWatch 代理程式下載連結

  6. 若要驗證簽章,請執行 gpg --verify

    PS> gpg --verify sig-filename agent-download-filename
gpg: Signature made 11/29/17 23:00:45 Coordinated Universal Time
gpg:                using RSA key D58167303B789C72
gpg: Good signature from "Amazon CloudWatch Agent" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9376 16F3 450B 7D80 6CBD  9725 D581 6730 3B78 9C72

    如果輸出包含 BAD signature 片語,請檢查您是否已正確執行程序。如果您持續收到此回應,請聯絡 Amazon Web Services,並避免使用已下載的檔案。

    請注意有關信任的警告。只有您或您信任者所簽章的金鑰才能信任。這不表示該簽章是無效的,只是您尚未驗證該公有金鑰。

驗證 macOS 電腦上的 CloudWatch 代理程式套件

  • 有兩種方法可在 macOS 上進行簽章驗證。

    • 執行下列命令,驗證指紋:

      pkgutil --check-signature amazon-cloudwatch-agent.pkg

      您應該會看到類似以下的結果。

      Package "amazon-cloudwatch-agent.pkg":
        Status: signed by a developer certificate issued by Apple for distribution
        Signed with a trusted timestamp on: 2020-10-02 18:13:24 +0000
        Certificate Chain:
        1. Developer ID Installer: AMZN Mobile LLC (94KV3E626L)
        Expires: 2024-10-18 22:31:30 +0000
        SHA256 Fingerprint:
        81 B4 6F AF 1C CA E1 E8 3C 6F FB 9E 52 5E 84 02 6E 7F 17 21 8E FB
        0C 40 79 13 66 8D 9F 1F 10 1C
        ------------------------------------------------------------------------
        2. Developer ID Certification Authority
        Expires: 2027-02-01 22:12:15 +0000
        SHA256 Fingerprint:
        7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
        F2 9C 88 CF B0 B1 BA 63 58 7F
        ------------------------------------------------------------------------
        3. Apple Root CA
        Expires: 2035-02-09 21:40:36 +0000
        SHA256 Fingerprint:
        B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
        68 C5 BE 91 B5 A1 10 01 F0 24

    • 或者,下載並使用 .sig 檔案。若要使用這個方法,請依照以下步驟。

      1. 輸入以下命令來將 GPG 應用程式安裝到您的 macOS 主機。

        brew install GnuPG

    • 使用 curl 下載套件簽章檔案。如果要判斷正確的簽章檔案,請參閱CloudWatch 代理程式下載連結

    • 若要驗證簽章,請執行 gpg --verify

      PS> gpg --verify sig-filename agent-download-filename
gpg: Signature made 11/29/17 23:00:45 Coordinated Universal Time
gpg:                using RSA key D58167303B789C72
gpg: Good signature from "Amazon CloudWatch Agent" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9376 16F3 450B 7D80 6CBD  9725 D581 6730 3B78 9C72

      如果輸出包含 BAD signature 片語,請檢查您是否已正確執行程序。如果您持續收到此回應,請聯絡 Amazon Web Services,並避免使用已下載的檔案。

      請注意有關信任的警告。只有您或您信任者所簽章的金鑰才能信任。這不表示該簽章是無效的,只是您尚未驗證該公有金鑰。