本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用命令列下載 Network Flow Monitor 代理程式的預先建置套件
可以在 Amazon Linux 2023 中使用命令列將 Network Flow Monitor 代理程式安裝為套件,或下載並安裝 Network Flow Monitor 代理程式的預先建置套件。
下載預先建置套件之前或之後,可以選擇驗證套件簽章。如需詳細資訊,請參閱[驗證 Network Flow Monitor 代理程式套件簽章](#CloudWatch-NetworkFlowMonitor-agents-download-agent-commandline-verify-sig)。
請根據您使用的 Linux 作業系統以及所需的安裝類型,從以下說明中選擇相應步驟:
**Amazon Linux AMI**
Network Flow Monitor 代理程式可在 Amazon Linux 2023 中作為套件使用。如果您使用的是此作業系統,可以輸入下列命令來安裝套件:
`sudo yum install network-flow-monitor-agent`
還必須確定連結至執行個體的 IAM 角色已連結 [CloudWatchNetworkFlowMonitorAgentPublishPolicy](security-iam-awsmanpol-network-flow-monitor.md#security-iam-awsmanpol-CloudWatchNetworkFlowMonitorAgentPublishPolicy) 政策。如需詳細資訊,請參閱[設定代理程式的許可](CloudWatch-NetworkFlowMonitor-agents-ec2-permissions.md)。
**Amazon Linux 2023**
使用下列其中一個命令為您的架構安裝套件:
+ **x86\_64**:`sudo yum install https://networkflowmonitoragent.awsstatic.com/latest/x86_64/network-flow-monitor-agent.rpm`
+ **ARM64 (Graviton)**:`sudo yum install https://networkflowmonitoragent.awsstatic.com/latest/arm64/network-flow-monitor-agent.rpm`
執行下列命令並確認回應顯示代理程式已啟用且處於作用中狀態,以確認 Network Flow Monitor 代理程式已成功安裝:
```
service network-flow-monitor status
network-flow-monitor.service - Network Flow Monitor Agent
Loaded: loaded (/usr/lib/systemd/system/network-flow-monitor.service; enabled; preset: enabled)
Active: active (running) since Wed 2025-04-23 19:17:16 UTC; 1min 9s ago
```
**DEB 型發行 (Debian、Ubuntu)**
使用下列其中一個命令為您的架構安裝套件:
+ **x86\_64**:`wget https://networkflowmonitoragent.awsstatic.com/latest/x86_64/network-flow-monitor-agent.deb`
+ **ARM64 (Graviton)**:`wget https://networkflowmonitoragent.awsstatic.com/latest/arm64/network-flow-monitor-agent.deb`
使用以下命令安裝套件:`$ sudo apt-get install ./network-flow-monitor-agent.deb`
執行下列命令並確認回應顯示代理程式已啟用且處於作用中狀態,以確認 Network Flow Monitor 代理程式已成功安裝:
```
service network-flow-monitor status
network-flow-monitor.service - Network Flow Monitor Agent
Loaded: loaded (/usr/lib/systemd/system/network-flow-monitor.service; enabled; preset: enabled)
Active: active (running) since Wed 2025-04-23 19:17:16 UTC; 1min 9s ago
```
## 驗證 Network Flow Monitor 代理程式套件的簽章
Linux 執行個體的 Network Flow Monitor Agent rpm 和 deb 安裝程式套件都經過加密簽署。您可以使用公有金鑰來驗證代理程式套件為原版且未經修改。如果檔案損壞或遭到修改,驗證會失敗。您可以使用 RPM 或 GPG 來驗證安裝程式套件的簽章。下列資訊適用於 Network Flow Monitor 代理程式 0.1.3 或更高版本。
若要尋找每個架構和作業系統的正確簽章檔案,請參閱下表。
| Architecture | 平台 | 下載連結 | 簽章檔案連結 |
| --- | --- | --- | --- |
| x86-64 | Amazon Linux 2023 | https://networkflowmonitoragent.awsstatic.com/latest/x86\_64/network-flow-monitor-agent.rpm | https://networkflowmonitoragent.awsstatic.com/latest/x86\_64/network-flow-monitor-agent.rpm.sig |
| ARM64 | Amazon Linux 2023 | https://networkflowmonitoragent.awsstatic.com/latest/arm64/network-flow-monitor-agent.rpm | https://networkflowmonitoragent.awsstatic.com/latest/arm64/network-flow-monitor-agent.rpm.sig |
| x86-64 | Debian/Ubuntu | https://networkflowmonitoragent.awsstatic.com/latest/x86\_64/network-flow-monitor-agent.deb | https://networkflowmonitoragent.awsstatic.com/latest/x86\_64/network-flow-monitor-agent.deb.sig |
| ARM64 | Debian/Ubuntu | https://networkflowmonitoragent.awsstatic.com/latest/arm64/network-flow-monitor-agent.deb | https://networkflowmonitoragent.awsstatic.com/latest/arm64/network-flow-monitor-agent.deb.sig |
請依循此處的步驟來驗證 Network Flow Monitor 代理程式的簽章。
**驗證 Amazon S3 套件的 Network Flow Monitor 代理程式簽章**
1. 安裝 GnuPG,以便您可以執行 gpg 命令。需要 GnuPG 來驗證為 Amazon S3 套件下載之 Network Flow Monitor 代理程式的真實性和完整性。GnuPG 預設安裝在 Amazon Linux Amazon Machine Image (AMI) 上。
1. 複製下列公有金鑰,並將其儲存至名為 `nfm-agent.gpg` 的檔案。
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGf0b5IBEAC6YQc0aYrTbcHNWWMbLuqsqfspzWrtCvoU0yQ62ld7nvCGBha9
lu4lbhtiwoDawC3h6Xsxc3Pmm6kbMQfZdbo4Gda4ahf6zDOVI5zVHs3Yu2VXC2AU
5BpKQJmYddTb7dMI3GBgEodJY05NHQhq1Qd2ptdh03rsX+96Fvi4A6t+jsGzMLJU
I+hGEKGif69pJVyptJSibK5bWCDXh3eS/+vB/CbXumAKi0sq4rXv/VPiIhn6bsCI
A2lmzFd3vMJQUM/T7m7skrqetZ4mWHr1LPDFPK/H/81s8TJawx7MACsK6kIRUxu+
oicW8Icmg9S+BpIgONT2+Io5P1tYO5a9AyVF7X7gU0VgHUA1RoLnjHQHXbCmnFtW
cYEuwhUuENMl+tLQCZ+fk0kKjOlIKqeS9AVwhks92oETh8wpTwTE+DTBvUBP9aHo
S39RTiJCnUmA6ZCehepgpwW9AYCc1lHv/xcahD418E0UHV22qIw943EwAkzMDA4Q
damdRm0Nud0OmilCjo9oogEB+NUoy//5XgQMH1hhfsHquVLU/tneYexXYMfo/Iu5
TKyWL2KdkjKKP/dMR4lMAXYi0RjTJJ5tg5w/VrHhrHePFfKdYsgN6pihWwj2Px/M
ids3W1Ce50LOEBc2MOKXYXGd9OZWyR8l15ZGkySvLqVlRGwDwKGMC/nS2wARAQAB
tEJOZXR3b3JrIEZsb3cgTW9uaXRvciBBZ2VudCA8bmV0d29yay1mbG93LW1vbml0
b3ItYWdlbnRAYW1hem9uLmNvbT6JAlcEEwEIAEEWIQR2c2ypl63T6dJ3JqjvvaTM
vJX60QUCZ/RvkgIbAwUJBaOagAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAK
CRDvvaTMvJX60euSD/9cIu2BDL4+MFFHhyHmG3/se8+3ibW0g8SyP3hsnq7qN+bm
ZzLAhll7DVoveNmEHI1VC7Qjwb30exgLcyK2Ld6uN6lwjjK0qiGGz943t230pJ3z
u7V2fVtAN+vgDVmD7agE6iqrRCWu3WfcgzFlEkE/7nkhtbWzlaK+NkdEBzNZ+W7/
FmLClzIbMjIBW2M8LdeZdQX0SWljy18x7NGNukWeNTJxmkDsjAeKl+zkXYk9h7ay
n3AVl1KrLZ5P9vQ5XsV5e4T6qfQ3XNY1lm54cpa+eD7NyYcTGRDK+vIxO4xD8i2M
yl1iNf2+84Tt6/SAgR/P9SJ5tbKD0iU9n4g1eBJVGmHDuXTtDR4H/Ur7xRSxtuMl
yZP/sLWm8p7+Ic7aQJ5OVw36MC7Oa7/K/zQEnLFFPmgBwGGiNiw5cUSyCBHNvmtv
FK0Q2XMXtBEBU9f44FMyzNJqVdPywg8Y6xE4wc/68uy7G6PyqoxDSP2ye/p+i7oi
OoA+OgifchZfDVhe5Ie0zKR0/nMEKTBV0ecjglb/WhVezEJgUFsQcjfOXNUBesJW
a9kDGcs3jIAchzxhzp/ViUBmTg6SoGKh3t+3uG/RK2ougRObJMW3G+DI7xWyY+3f
7YsLm0eDd3dAZG3PdltMGp0hKTdslvpws9qoY8kyR0Fau4l222JvYP27BK44qg==
=INr5
-----END PGP PUBLIC KEY BLOCK-----
```
1. 將公有金鑰匯入至您的 keyring,並記下傳回的值。
```
PS> rpm --import nfm-agent.gpg
gpg: key 3B789C72: public key "Network Flow Monitor Agent" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
```
請記下金鑰的值,因為您的下一個步驟將需要它。在範例中,鍵值為 `3B789C72`。
1. 執行下列命令,驗證指紋:請務必將 {{key-value}} 取代為上述步驟中的值。即使您使用 RPM 來驗證安裝程式套件,我們仍建議您使用 GPG 來驗證指紋。
```
PS> gpg --fingerprint {{key-value}}
pub rsa4096 2025-04-08 [SC] [expires: 2028-04-07]
7673 6CA9 97AD D3E9 D277 26A8 EFBD A4CC BC95 FAD1
uid Network Flow Monitor Agent
```
指紋字串應等於:
`7673 6CA9 97AD D3E9 D277 26A8 EFBD A4CC BC95 FAD1`
若指紋字串不相符,請勿安裝代理程式。請聯絡 Amazon Web Services。
您驗證指紋之後,即可使用它來驗證 Network Flow Monitor 代理程式套件的簽章。
1. 如果尚未下載簽章檔案,請根據執行個體的架構和作業系統下載。
1. 確認安裝程式套件簽章。請務必將 `signature-filename` 和 `agent-download-filename` 替換為您下載簽章檔案和代理程式時指定的值,如本主題稍早的資料表中所示。
```
PS> gpg --verify {{sig-filename}} {{agent-download-filename}}
gpg: Signature made Tue Apr 8 00:40:02 2025 UTC
gpg: using RSA key 77777777EXAMPLEKEY
gpg: issuer "network-flow-monitor-agent@amazon.com"
gpg: Good signature from "Network Flow Monitor Agent " [unknown]
gpg: WARNING: Using untrusted key!
```
如果輸出包含 `BAD signature` 片語,請檢查以確定您已正確執行程序。如果持續收到此回應,請聯絡 [AWS 支援人員](https://aws.amazon.com/premiumsupport/),並避免使用下載的檔案。
請注意有關信任的警告。只有您或您信任者所簽章的金鑰才能信任。這不表示該簽章是無效的,只是您尚未驗證該公有金鑰。
接著,請依循此處的步驟驗證 RPM 套件。
**驗證 RPM 套件的簽章**
1. 複製下列公有金鑰,並將其儲存至名為 `nfm-agent.gpg` 的檔案。
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGf0b5IBEAC6YQc0aYrTbcHNWWMbLuqsqfspzWrtCvoU0yQ62ld7nvCGBha9
lu4lbhtiwoDawC3h6Xsxc3Pmm6kbMQfZdbo4Gda4ahf6zDOVI5zVHs3Yu2VXC2AU
5BpKQJmYddTb7dMI3GBgEodJY05NHQhq1Qd2ptdh03rsX+96Fvi4A6t+jsGzMLJU
I+hGEKGif69pJVyptJSibK5bWCDXh3eS/+vB/CbXumAKi0sq4rXv/VPiIhn6bsCI
A2lmzFd3vMJQUM/T7m7skrqetZ4mWHr1LPDFPK/H/81s8TJawx7MACsK6kIRUxu+
oicW8Icmg9S+BpIgONT2+Io5P1tYO5a9AyVF7X7gU0VgHUA1RoLnjHQHXbCmnFtW
cYEuwhUuENMl+tLQCZ+fk0kKjOlIKqeS9AVwhks92oETh8wpTwTE+DTBvUBP9aHo
S39RTiJCnUmA6ZCehepgpwW9AYCc1lHv/xcahD418E0UHV22qIw943EwAkzMDA4Q
damdRm0Nud0OmilCjo9oogEB+NUoy//5XgQMH1hhfsHquVLU/tneYexXYMfo/Iu5
TKyWL2KdkjKKP/dMR4lMAXYi0RjTJJ5tg5w/VrHhrHePFfKdYsgN6pihWwj2Px/M
ids3W1Ce50LOEBc2MOKXYXGd9OZWyR8l15ZGkySvLqVlRGwDwKGMC/nS2wARAQAB
tEJOZXR3b3JrIEZsb3cgTW9uaXRvciBBZ2VudCA8bmV0d29yay1mbG93LW1vbml0
b3ItYWdlbnRAYW1hem9uLmNvbT6JAlcEEwEIAEEWIQR2c2ypl63T6dJ3JqjvvaTM
vJX60QUCZ/RvkgIbAwUJBaOagAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAK
CRDvvaTMvJX60euSD/9cIu2BDL4+MFFHhyHmG3/se8+3ibW0g8SyP3hsnq7qN+bm
ZzLAhll7DVoveNmEHI1VC7Qjwb30exgLcyK2Ld6uN6lwjjK0qiGGz943t230pJ3z
u7V2fVtAN+vgDVmD7agE6iqrRCWu3WfcgzFlEkE/7nkhtbWzlaK+NkdEBzNZ+W7/
FmLClzIbMjIBW2M8LdeZdQX0SWljy18x7NGNukWeNTJxmkDsjAeKl+zkXYk9h7ay
n3AVl1KrLZ5P9vQ5XsV5e4T6qfQ3XNY1lm54cpa+eD7NyYcTGRDK+vIxO4xD8i2M
yl1iNf2+84Tt6/SAgR/P9SJ5tbKD0iU9n4g1eBJVGmHDuXTtDR4H/Ur7xRSxtuMl
yZP/sLWm8p7+Ic7aQJ5OVw36MC7Oa7/K/zQEnLFFPmgBwGGiNiw5cUSyCBHNvmtv
FK0Q2XMXtBEBU9f44FMyzNJqVdPywg8Y6xE4wc/68uy7G6PyqoxDSP2ye/p+i7oi
OoA+OgifchZfDVhe5Ie0zKR0/nMEKTBV0ecjglb/WhVezEJgUFsQcjfOXNUBesJW
a9kDGcs3jIAchzxhzp/ViUBmTg6SoGKh3t+3uG/RK2ougRObJMW3G+DI7xWyY+3f
7YsLm0eDd3dAZG3PdltMGp0hKTdslvpws9qoY8kyR0Fau4l222JvYP27BK44qg==
=INr5
-----END PGP PUBLIC KEY BLOCK-----
```
1. 將公開金鑰匯入至您的 keyring。
```
PS> rpm --import nfm-agent.gpg
```
1. 確認安裝程式套件簽章。請務必將 `agent-download-filename` 替換為您下載代理程式時指定的值,如本主題稍早的資料表中所示。
```
PS> rpm --checksig {{agent-download-filename}}
```
例如,對於 Amazon Linux 2023 上的 x86\_64 架構,請使用下列命令:
```
PS> rpm --checksig network-flow-monitor-agent.rpm
```
此命令會傳回類似以下的輸出。
```
network-flow-monitor-agent.rpm: digests signatures OK
```
如果輸出包含 `NOT OK (MISSING KEYS: (MD5) key-id)` 片語,請檢查您是否已正確執行程序。如果持續收到此回應,請聯絡 [AWS 支援人員](https://aws.amazon.com/premiumsupport/),並且不要安裝代理程式。