操作系统是百度云提供的centos6.8

1.bcm-agent

感觉是虚拟机管理的软件，里面有很多collectdctl collectd-nagios collectd-tg utils_vl_lookup_test 监控程序

/opt/bcm-agent/var/lib/bcm-agent/bcm-agent.upgrader –update-url=http://download.bcm.baidubce.com/packages/collectd-x86_64.sh –signature-url=http://download.bcm.baidubce.com/packages/collectd-x86_64.sh.sig –certificate=/opt/bcm-agent/var/lib/bcm-agent/cert.pem /opt/bcm-agent/var/lib/bcm-agent/collectd-x86_64.sh

2.hosteye

这个应该是安全监控的
/opt/hosteye/bin/hosteye

3 hss

好像是做了一些系统日志监控
/opt/hss/bin/hsa
opt/hss/bin/hsa.upgrader –update-url=http://download.bcm.baidubce.com/packages/hsa –signature-url=http://download.bcm.baidubce.com/packages/hsa.sig –certificate=/opt/hss/lib/cert.pem –max-executable-size=104857600 /opt/hss/bin/hsa

opt目录下

avalokita（未知，后续有分析） bcm-agent hosteye hss rh

pstree系统进程

init─┬─NetworkManager─┬─dhclient
│ └─{NetworkManager}
├─abrtd
├─acpid
├─agetty
├─atd
├─auditd───{auditd}
├─bcm-agent.upgra───collectd───10*[{collectd}]
├─console-kit-dae───63*[{console-kit-da}]
├─crond
├─dbus-daemon
├─hald─┬─hald-runner─┬─hald-addon-acpi
│ │ └─hald-addon-inpu
│ └─{hald}
├─hosteye─┬─hosteye───15*[{hosteye}]
│ └─{hosteye}
├─hsa.upgrader───hsa───5*[{hsa}]
├─irqbalance
├─login───bash
├─5*[mingetty]
├─modem-manager
├─ntpd
├─rsyslogd───3*[{rsyslogd}]
├─sshd───sshd───bash───bash───pstree
├─turnserver───6*[{turnserver}]
├─udevd───2*[udevd]
└─wpa_supplicant

avalokita

Usage: avalokita [options] command_path [command options]

Options:

–restart-interval [seconds]

Interval of command restart. Can not less than 1. Default is 1.

–update-interval [seconds]

Interval of update URL check. Can not less than 1. Default is 300.

–update-url [URL]

Automatically fetch the newest version executable of the command from URL
and restart the command. This implies the argument --signature-url will
get a default value [URL + ".sig"] if --signature-url was not specified.

Thus, use --update-url without --signature-url is impossible.

–signature-url [URL]

Signature file for verify the executable which fetched from --update-url.
The certificate is specify by --certificate. Default is the URL specified
by --update-url and append ".sig".

The signature file was in PKCS#7 encoding and PEM format.

–certificate [filename]

Certificate(in PEM format) used for verify the signature. If this argument
absent, --signature-url and --update-url is ignored.

–max-executable-size [size]

The maximum executable size. If beyond the size, download will failed.
Default is 10485760(10MiB).

–file-lock [filename]

Singletonize the daemon by a file lock. If the file lock is locked, the
daemon will exit immediately. Default is "./daemon.pid".

–stdout-file [filename]

Redirect command's stdout to a file. Default is "./daemon.stdout.log".

–stderr-file [filename]

Redirect command's stderr to a file. Default is "./daemon.stderr.log".

–help

Print usage.

–version

Print version number.

Signals:

SIGTERM

kill command at first(first SIGTERM, then SIGKILL if command not exit in
several seconds), then quit.

SIGINT

just kill command(SIGTERM, after several seconds then SIGKILL), then
avalokita will run the command again.