本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 手动安装和配置
本节介绍如何在您的亚马逊 EC2 实例上手动安装和配置 Inspector VM Scanner。手动安装被视为*基于代理的扫描*,不需要亚马逊 EC2 Systems Manager (SSM)。
**注意**
如果您在 Amazon Inspector 控制台中启用增强型 EC2 扫描,Amazon Inspector 会使用 SSM 自动安装和管理虚拟机扫描器。仅当您无法使用 SSM 或更喜欢独立管理扫描仪时,才需要手动安装。
## 手动安装和卸载 Inspector VM Scanner
Inspector VM Scanner 可通过以下链接进行独立安装:
**Inspector 虚拟机扫描器**
| **Package 类型** | **架构** | **URL** |
| --- | --- | --- |
| .apk | ARM | https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner-latest-r0.apk |
| | X86\_64 | https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86\_64/inspector-vm-scanner-latest-r0.apk |
| .deb | ARM | https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner\_latest\_arm64.deb |
| | X86\_64 | https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86\_64/inspector-vm-scanner\_latest\_amd64.deb |
| .msi | X86\_64 | https://inspector-vm-scanner.s3.amazonaws.com/latest/MSI-X86\_64/inspector-vm-scanner-x86\_64-latest.msi |
| .pkg | ARM | https://inspector-vm-scanner.s3.amazonaws.com/latest/PKG-ARM/inspector-vm-scanner.latest.arm64.pkg |
| .rpm | ARM | https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner-latest.arm64.rpm |
| | X86\_64 | https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86\_64/inspector-vm-scanner-latest.x86\_64.rpm |
要查看在指定的包管理器上手动安装 Inspector VM Scanner 的过程,请从以下列表中选择一个链接:
+ [APK](#inspector-vm-scanner-apk)
+ [DEB](#inspector-vm-scanner-deb)
+ [MSI](#inspector-vm-scanner-msi)
+ [PKG](#inspector-vm-scanner-pkg)
+ [RPM](#inspector-vm-scanner-rpm)
### APK
#### 安装
**ARM**
```
curl --output-dir /etc/apk/keys -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner.pem.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-ARM/inspector-vm-scanner-latest-r0.apk
apk add inspector-vm-scanner-latest-r0.apk
```
**X86\_64**
```
curl --output-dir /etc/apk/keys -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86_64/inspector-vm-scanner.pem.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/APK-X86_64/inspector-vm-scanner-latest-r0.apk
apk add inspector-vm-scanner-latest-r0.apk
```
#### 卸载
```
apk del inspector-vm-scanner
```
### DEB
#### 安装
**ARM**
```
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-ARM/inspector-vm-scanner_latest_arm64.deb
gpg --import inspector-vm-scanner.gpg.pub
gpg --verify inspector-vm-scanner_latest_arm64.deb
sudo dpkg -i inspector-vm-scanner_latest_arm64.deb
```
**X86\_64**
```
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86_64/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/DEB-X86_64/inspector-vm-scanner_latest_amd64.deb
gpg --import inspector-vm-scanner.gpg.pub
gpg --verify inspector-vm-scanner_latest_amd64.deb
sudo dpkg -i inspector-vm-scanner_latest_amd64.deb
```
#### 卸载
```
sudo dpkg -r inspector-vm-scanner
```
### MSI
#### 安装
**X86\_64**
```
Invoke-WebRequest https://inspector-vm-scanner.s3.amazonaws.com/latest/MSI-X86_64/inspector-vm-scanner-x86_64-latest.msi -OutFile inspector-vm-scanner-x86_64-latest.msi
msiexec /i inspector-vm-scanner-x86_64-latest.msi /qn
```
#### 卸载
要卸载 Inspector VM ScannerWindows,请使用 “Windows程序和功能” 控制面板或以下 PowerShell 命令:
```
Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq "Inspector VM Scanner"} | ForEach-Object {$_.Uninstall()}
```
### PKG
#### 安装
**ARM**
```
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/PKG-ARM/inspector-vm-scanner.latest.arm64.pkg
pkgutil --check-signature inspector-vm-scanner.latest.arm64.pkg
sudo installer -pkg inspector-vm-scanner.latest.arm64.pkg -target /
```
#### 卸载
```
sudo rm /opt/aws/inspector/bin/inspector-vm-scanner
sudo rm -rf /var/lib/amazon/inspector
```
### RPM
#### 安装
**ARM**
```
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-ARM/inspector-vm-scanner-latest.arm64.rpm
rpm --import inspector-vm-scanner.gpg.pub
rpm --checksig inspector-vm-scanner-latest.arm64.rpm
sudo yum install inspector-vm-scanner-latest.arm64.rpm
```
**X86\_64**
```
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86_64/inspector-vm-scanner.gpg.pub
curl -O https://inspector-vm-scanner.s3.amazonaws.com/latest/RPM-X86_64/inspector-vm-scanner-latest.x86_64.rpm
rpm --import inspector-vm-scanner.gpg.pub
rpm --checksig inspector-vm-scanner-latest.x86_64.rpm
sudo yum install inspector-vm-scanner-latest.x86_64.rpm
```
#### 卸载
```
sudo yum remove inspector-vm-scanner
```
## 安装路径
在所有 Unix-based 操作系统(包括 macOS)上,Inspector VM Scanner 都会安装到。`/opt/aws/inspector/bin/inspector-vm-scanner`唯一的例外是使用备用路径的 Alpine-based 操作系统(包括 Chainguard)。`/usr/opt/aws/inspector/bin/inspector-vm-scanner`
开启Windows,Inspector VM Scanner 安装`C:\Program Files\Amazon\Inspector\inspector-vm-scanner.exe`到
这些安装路径(Alpine 除外)与 Inspector SSM 插件相同,后者将所有 Inspector 二进制文件存储在一个位置。
## 卸载 Inspector 虚拟机扫描器
如果您禁用增强型 EC2 扫描,Inspector 会自动在所有 Inspector-managed 实例上卸载 Inspector VM Scanner。要删除手动安装,请参阅前几节中适用于您的软件包管理器的卸载说明。
## 正在运行 Inspector VM
Inspector VM Scanner 希望将**扫描类型**作为第一个参数传递。目前,唯一支持的值是`sbom`。
默认用法命令:
```
./inspector-vm-scanner sbom --send-results telemetry
```
SBOM 扫描的打印选项:
```
./inspector-vm-scanner sbom --help
```
## 查看输出
默认的 Inspector 工作流程不会在本地保存 SBOM。但是,如果通过遥测发送资源 SBOM 时出现任何故障,则会将其写入以下位置:
+ `/var/lib/amazon/inspector/state/sbom.json`在 Unix
+ Windows 上的 `C:\ProgramData\Amazon\Inspector\State\sbom.json`
用户可以在调用 VM Scanner 期间覆盖此路径。有关更多信息,请参阅[高级配置](inspector-vm-scanner-advanced-config.md)。