手動安裝和解除安裝 Inspector VM Scanner 安裝路徑解除安裝 Inspector VM Scanner 執行 Inspector VM Scanner 檢視輸出

手動安裝和組態

本節說明如何在 Amazon EC2 執行個體上手動安裝和設定 Inspector VM Scanner。手動安裝視為代理程式型掃描，不需要 Amazon EC2 Systems Manager (SSM)。

注意

如果您在 Amazon Inspector 主控台中啟用增強型 EC2 掃描，Amazon Inspector 會自動使用 SSM 安裝和管理 VM Scanner。只有在您無法使用 SSM 或偏好獨立管理掃描器時，才需要手動安裝。

手動安裝和解除安裝 Inspector VM Scanner

Inspector VM Scanner 可透過以下連結進行獨立安裝：

Inspector VM Scanner 套件
套件類型	架構	URL
.apk	ARM	https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner-latest-r0.apk
	X86_64	https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86_64/inspector-vm-scanner-latest-r0.apk
.deb	ARM	https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner_latest_arm64.deb
	X86_64	https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86_64/inspector-vm-scanner_latest_amd64.deb
.msi	X86_64	https://inspector-vm-scanner.s3.amazonaws.com/latest/MSI-X86_64/inspector-vm-scanner-x86_64-latest.msi
.pkg	ARM	https://inspector-vm-scanner.s3.amazonaws.com/latest/PKG-ARM/inspector-vm-scanner.latest.arm64.pkg
.rpm	ARM	https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner-latest.arm64.rpm
	X86_64	https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86_64/inspector-vm-scanner-latest.x86_64.rpm

若要檢視在指定的套件管理員上手動安裝 Inspector VM Scanner 的程序，請從下列清單中選擇連結：

APK

安裝

ARM


curl --output-dir /etc/apk/keys -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner.pem.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner-latest-r0.apk
apk add inspector-vm-scanner-latest-r0.apk

X86_64


curl --output-dir /etc/apk/keys -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86_64/inspector-vm-scanner.pem.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86_64/inspector-vm-scanner-latest-r0.apk
apk add inspector-vm-scanner-latest-r0.apk

解除安裝


apk del inspector-vm-scanner

DEB

安裝

ARM


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner_latest_arm64.deb
gpg --import inspector-vm-scanner.gpg.pub
gpg --verify inspector-vm-scanner_latest_arm64.deb
sudo dpkg -i inspector-vm-scanner_latest_arm64.deb

X86_64


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86_64/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86_64/inspector-vm-scanner_latest_amd64.deb
gpg --import inspector-vm-scanner.gpg.pub
gpg --verify inspector-vm-scanner_latest_amd64.deb
sudo dpkg -i inspector-vm-scanner_latest_amd64.deb

解除安裝


sudo dpkg -r inspector-vm-scanner

MSI

安裝

X86_64


Invoke-WebRequest https://inspector-vm-scanner.s3.amazonaws.com/latest/MSI-X86_64/inspector-vm-scanner-x86_64-latest.msi -OutFile inspector-vm-scanner-x86_64-latest.msi
msiexec /i inspector-vm-scanner-x86_64-latest.msi /qn

解除安裝

若要在上解除安裝 Inspector VM ScannerWindows，請使用Windows程式和功能控制面板或下列 PowerShell 命令：


Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq "Inspector VM Scanner"} | ForEach-Object {$_.Uninstall()}

PKG

安裝

ARM


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/PKG-ARM/inspector-vm-scanner.latest.arm64.pkg
pkgutil --check-signature inspector-vm-scanner.latest.arm64.pkg
sudo installer -pkg inspector-vm-scanner.latest.arm64.pkg -target /

解除安裝


sudo rm /opt/aws/inspector/bin/inspector-vm-scanner
sudo rm -rf /var/lib/amazon/inspector

RPM

安裝

ARM


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner-latest.arm64.rpm
rpm --import inspector-vm-scanner.gpg.pub
rpm --checksig inspector-vm-scanner-latest.arm64.rpm
sudo yum install inspector-vm-scanner-latest.arm64.rpm

X86_64


curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86_64/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86_64/inspector-vm-scanner-latest.x86_64.rpm
rpm --import inspector-vm-scanner.gpg.pub
rpm --checksig inspector-vm-scanner-latest.x86_64.rpm
sudo yum install inspector-vm-scanner-latest.x86_64.rpm

解除安裝


sudo yum remove inspector-vm-scanner

安裝路徑

在所有以 Unix 為基礎的作業系統（包括 macOS) 上，Inspector VM Scanner 會安裝到 /opt/aws/inspector/bin/inspector-vm-scanner。例外是使用替代路徑的 Alpine 作業系統（包括 Chainguard)/usr/opt/aws/inspector/bin/inspector-vm-scanner。

在上Windows，Inspector VM Scanner 會安裝到 C:\Program Files\Amazon\Inspector\inspector-vm-scanner.exe。

這些安裝路徑 (Alpine 除外）與 Inspector SSM 外掛程式相同，後者會將所有 Inspector 二進位檔存放在單一位置。

解除安裝 Inspector VM Scanner

如果您停用增強型 EC2 掃描，則 Inspector 會自動在所有 Inspector 受管執行個體上解除安裝 Inspector VM Scanner。若要移除手動安裝，請參閱上述章節中您套件管理員的解除安裝說明。

執行 Inspector VM Scanner

Inspector VM Scanner 預期掃描類型會做為第一個參數傳遞。目前唯一支援的值是 sbom。

預設用量命令：


./inspector-vm-scanner sbom --send-results telemetry

SBOM 掃描的列印選項：


./inspector-vm-scanner sbom --help

檢視輸出

預設 Inspector 工作流程不會在本機儲存 SBOM。不過，如果透過遙測傳送資源 SBOM 時發生任何失敗，則會將其寫入至下列位置：

/var/lib/amazon/inspector/state/sbom.json 在 Unix 上
Windows 的 C:\ProgramData\Amazon\Inspector\State\sbom.json

使用者可以在 VM Scanner 調用期間覆寫此路徑。如需詳細資訊，請參閱進階組態。

您的瀏覽器已停用或無法使用 Javascript。

您必須啟用 Javascript，才能使用 AWS 文件。請參閱您的瀏覽器說明頁以取得說明。

文件慣用形式

啟用 Inspector VM Scanner

檢視日誌