relatório semanal u&m - investlinux –...
TRANSCRIPT
Relatório Semanal U&M - InvestLinux – 09/07/2012
Uptime / Last OK
Espaço em Disco OK
Dmesg OK
Logs OK
Dat Anti-Vírus OK
Top - Memória / Processos / Carga OK
Processos OK
Portas Tcp Udp Abertas OK
MRTG - Tráfego OK
MRTG - Processador OK
Ipaudit Diário OK
Ipaudit Semanal OK
Squid Reports - TopSites OK
Squid Reports - TopUsers OK
Nagios - Disponibilidade HTTP 100,00%
Nagios - Disponibilidade SMTP 99,75%
Uptime / LastUptime (Tempo Online do Servidor) Last (Conexões remotas)
[root@uem-gw]# uptime 08:39:22 up 4 days, 19:45, 2 users, load average: 1.21, 0.97, 0.70
[root@uem-gw]# last | sort -k 3 | moreuem ftpd20453 189.3.236.211 Wed Jul 4 11:37 - 11:37 (00:00) root pts/0 192.168.0.172 Thu Jul 5 08:35 - 13:28 (04:52) root pts/3 192.168.0.172 Wed Jul 4 15:17 - 15:56 (00:39) root pts/0 192.168.0.27 Wed Jul 4 19:26 - 19:26 (00:00) collect ftpd3235 196.212.253.162 Wed Jul 4 03:32 - 03:42 (00:09) collect ftpd3245 196.212.253.162 Wed Jul 4 03:32 - 03:42 (00:10) collect ftpd3289 196.212.253.162 Wed Jul 4 03:33 - 03:34 (00:01) collect ftpd9221 196.212.253.162 Wed Jul 4 04:37 - 04:39 (00:01) collect ftpd9313 196.212.253.162 Wed Jul 4 04:39 - 04:39 (00:00) collect ftpd9339 196.212.253.162 Wed Jul 4 04:40 - 04:47 (00:06) collect ftpd9338 196.212.253.162 Wed Jul 4 04:40 - 04:49 (00:09) collect ftpd9693 196.212.253.162 Wed Jul 4 04:50 - 04:51 (00:01) collect ftpd9683 196.212.253.162 Wed Jul 4 04:50 - 05:00 (00:09) collect ftpd9739 196.212.253.162 Wed Jul 4 04:52 - 04:53 (00:01) collect ftpd9732 196.212.253.162 Wed Jul 4 04:52 - 05:02 (00:09) collect ftpd13364 196.212.253.162 Wed Jul 4 05:21 - 05:31 (00:09) collect ftpd14020 196.212.253.162 Wed Jul 4 05:21 - 05:31 (00:10) collect ftpd14449 196.212.253.162 Wed Jul 4 05:24 - 05:24 (00:00) collect ftpd9883 196.212.54.42 Wed Jul 4 04:56 - 05:06 (00:09) collect ftpd9884 196.212.54.42 Wed Jul 4 04:56 - 05:06 (00:10) collect ftpd10489 196.212.54.42 Wed Jul 4 05:11 - 05:11 (00:00) collect ftpd10500 196.212.54.42 Wed Jul 4 05:11 - 05:12 (00:00) collect ftpd10499 196.212.54.42 Wed Jul 4 05:11 - 05:21 (00:09) collect ftpd10517 196.212.54.42 Wed Jul 4 05:12 - 05:21 (00:09) collect ftpd12116 196.212.54.42 Wed Jul 4 05:20 - 05:20 (00:00) free ftpd29345 200.204.55.142 Mon Jul 2 10:45 - 11:23 (00:37) uem ftpd25653 200.218.183.250 Fri Jul 6 10:00 - 10:00 (00:00) uem ftpd25654 200.218.183.250 Fri Jul 6 10:00 - 10:10 (00:10) uem ftpd28957 200.218.183.250 Fri Jul 6 15:01 - 15:01 (00:00) uem ftpd4668 200.218.183.250 Wed Jul 4 17:04 - 17:04 (00:00) uem ftpd4669 200.218.183.250 Wed Jul 4 17:04 - 17:09 (00:04) uem ftpd4723 200.218.183.250 Wed Jul 4 17:08 - 17:08 (00:00) il-adm pts/0 200.251.137.78 Wed Jul 4 12:37 - 18:02 (05:25) il-adm pts/1 200.251.137.78 Wed Jul 4 12:44 - 15:50 (03:06) reboot system boot 2.6.24.7investli Wed Jul 4 09:50 - 12:41 (02:51) reboot system boot 2.6.24.7investli Wed Jul 4 12:44 - 08:40 (4+19:55) free ftpd17598 c95165f3.virtua. Fri Jul 6 18:18 - 18:39 (00:20) wtmp begins Sun Jul 1 22:40:02 2012uem-adm pts/0 uemmbb162.uem.co Wed Jul 4 18:28 - 18:30 (00:02) uem-adm pts/0 uemmbb162.uem.co Wed Jul 4 19:26 - 19:30 (00:03) uem ftpd8494 uemmbb238.uem.co Fri Jul 6 11:59 - 12:01 (00:02) uem ftpd8488 uemmbb238.uem.co Fri Jul 6 11:59 - 12:09 (00:09) free ftpd8759 uemmbb238.uem.co Fri Jul 6 12:04 - 12:14 (00:09) Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 27G 8,6G 76% /varrun 1014M 264K 1014M 1% /var/runvarlock 1014M 0 1014M 0% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 18G 30G 38% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/BKP-linux 30G 13G 18G 41% /backup-remoto//192.168.0.105/Pessoal 20G 12G 9,0G 56% /ftp/Pessoal//192.168.0.105/Public 200G 152G 49G 76% /ftp/Public//192.168.0.105/Restrito 200G 152G 49G 76% /home/Restrito//192.168.0.100/CorporeRM 47G 24G 23G 51% /home/ponto
Dmesg
Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -
Logs
Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )
Dat Anti-Vírus
[root@uem-gw]# freshclamClamAV update process started at Mon Jul 9 08:42:55 2012main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)daily.cld is up to date (version: 15119, sigs: 228024, f-level: 63, builder: guitar)WARNING: Current functionality level = 62, recommended = 63Please check if ClamAV tools are linked against the proper version of libclamavDON'T PANIC! Read http://www.clamav.net/support/faqbytecode.cld is up to date (version: 187, sigs: 37, f-level: 63, builder: neo)WARNING: Current functionality level = 62, recommended = 63Please check if ClamAV tools are linked against the proper version of libclamavDON'T PANIC! Read http://www.clamav.net/support/faq[LibClamAV] ***********************************************************[LibClamAV] *** This version of the ClamAV engine is outdated. ***[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***[LibClamAV] ***********************************************************[LibClamAV] ***********************************************************[LibClamAV] *** This version of the ClamAV engine is outdated. ***[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***[LibClamAV] ***********************************************************
Semana Anterior:ClamAV update process started at Mon Jul 2 15:13:35 2012 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.97.2 Recommended version: 0.97.5 DON'T PANIC! Read http://www.clamav.net/support/faq main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cld is up to date (version: 15106, sigs: 224951, f-level: 63, builder: ccordes) bytecode.cld is up to date (version: 185, sigs: 39, f-level: 63, builder: neo) [LibClamAV] *********************************************************** [LibClamAV] *** This version of the ClamAV engine is outdated. *** [LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq *** [LibClamAV] *********************************************************** [LibClamAV] *********************************************************** [LibClamAV] *** This version of the ClamAV engine is outdated. *** [LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq *** [LibClamAV] ***********************************************************
Top - Memória / Processos / Carga- Sem informações relevantes -
Processos- Sem informações relevantes -
Portas Tcp Udp Abertas[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6444/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 6951/nrpe tcp 0 0 *:rsync *:* LISTEN 7172/rsync tcp 0 0 localhost:mysql *:* LISTEN 6364/mysqld tcp 0 0 *:webmin *:* LISTEN 8855/perl tcp 0 0 *:81 *:* LISTEN 1190/apache2 tcp 0 0 192.168.0.2:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.29:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.27:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.25:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.23:domain *:* LISTEN 6032/named
tcp 0 0 10.0.0.21:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.19:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.17:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.15:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.13:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.11:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.9:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.7:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.3:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.5:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.1:domain *:* LISTEN 6032/named tcp 0 0 *:ftp *:* LISTEN 7349/proftpd: (accetcp 0 0 192.168.1.1:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.12:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.50:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.11:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.10:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.9:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.8:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.7:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.6:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.4:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.3:domain *:* LISTEN 6032/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 6032/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 6032/named tcp 0 0 192.168.0.1:domain *:* LISTEN 6032/named tcp 0 0 localhost:domain *:* LISTEN 6032/named tcp 0 0 *:ssh *:* LISTEN 6458/sshd tcp 0 0 *:3128 *:* LISTEN 19493/(squid) tcp 0 0 *:smtp *:* LISTEN 7153/master tcp 0 0 localhost:953 *:* LISTEN 6032/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.
root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6444/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 6951/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7172/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6364/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 8855/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 1190/apache2 tcp 0 0 192.168.0.2:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 7349/proftpd: (accetcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.12:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6458/sshd tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 19493/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7153/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6032/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7160/pptpd tcp6 0 0 :::873 :::* LISTEN 7172/rsync tcp6 0 0 :::53 :::* LISTEN 6032/named tcp6 0 0 :::22 :::* LISTEN 6458/sshd
tcp6 0 0 ::1:953 :::* LISTEN 6032/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.
MRTG - Tráfego*
Internet – eth1
Roteador Embratel
VPN Embratel – eth2
VPN Yamana – tun1
VPN Juruti
VPN Rio Capim – tun4
VPN Zâmbia – tun6
VPN Carajás – tun7
Roteador Jangada – 189.52.77.26
Roteador Marabá – 189.16.176.6
UeM ADM – CPU Utilization
UeM ADM – Load
UeM GW – CPU Utilization
UeM GW – Load
*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.
Ipaudit Diário
- Sem informações relevantes -
Ipaudit Semanal (Top 10)
IP Host Name Incoming(bytes)
Outgoing(bytes)
Total(bytes)
200.243.057.005 uemnotes.uem.com.br 2,692,536,929 7,759,898,531 10,452,435,460
200.243.057.011 - 3,805,840,312 1,445,889,970 5,251,730,282
200.243.057.002 correio.uem.com.br 3,725,761,692 341,744,588 4,067,506,280
192.168.000.001 - 1,260,199,789 2,440,935,711 3,701,135,500
192.168.008.127 pbrl0158.uem.com.br 1,765,129,445 45,355,929 1,810,485,374
192.168.012.112 - 710,739,299 598,065,148 1,308,804,447
200.243.057.008 - 801,420,280 151,011,853 952,432,133
192.168.000.210 - 833,114,213 22,233,244 855,347,457
192.168.000.107 uemantspam.uem.com.br 385,849,727 265,487,883 651,337,610
192.168.000.103 uemnotes.uem.com.br 214,405,225 418,256,202 632,661,427
Squid Reports Semanal – 01/07/2012 a 08/07/2012
Squid Reports – TopSites
NUM ACCESSED SITE CONNECT BYTES TIME
1 s.glbimg.com 248.32K 764.42M 49.26M
2 s2.glbimg.com 164.16K 686.10M 59.78M
3 osce80-en.url.trendmicro.com 146.75K 98.96M 77.76M
4 mail.yimg.com 64.64K 141.48M 7.25M
5 www.google-analytics.com 52.23K 36.82M 10.31M
6 au.download.windowsupdate.com 48.94K 2.39G 154.92M
7 www.orolixtechnologies.com 46.99K 21.48M 1.21M
8 download.skype.com 41.94K 2.01G 158.48M
9 clients1.google.com.br 37.33K 30.14M 9.32M
10 www.google.com.br 32.60K 377.26M 69.17M
11 isodoc.uem.com.br 32.36K 358.25M 41.97M
12 ads.img.globo.com 29.95K 135.49M 19.62M
13 download.windowsupdate.com 28.56K 567.59M 75.70M
14 p2.trrsf.com.br 25.09K 49.37M 4.49M
15 pagead2.googlesyndication.com 23.87K 213.77M 18.08M
16 www.google.com 20.90K 364.95M 43.03M
17 postzambia.com 20.47K 188.04M 46.23M
18 api.globo.com 20.44K 21.35M 2.24M
19 crl.microsoft.com 19.09K 7.01M 834.81K
20 us.mg6.mail.yahoo.com 17.06K 31.35M 3.87M
Squid Reports – TopUsers
Squid Reports – Tentativas de acesso a Sites Indevidos
LOCAL ACESSADO IPwww.animalsex.com 192.168.12.130www.ebuddy.com 192.168.10.226www.jfsexy.com.br 192.168.12.191www.pesdasfamosas.blogspot.com 192.168.12.247
Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.
Obs2: Não estão sendo reportadas mais as URLs do facebook, já bloqueadas.
Trend Micro - InterScan Messaging Security Suite
DADOS DO SISTEMA
NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.500.1005 9.500.1005 9.500.1005Virus pattern 9.245.00 9.245.00 9.229.00Spyware/grayware pattern 1.303.00 1.303.00 1.301.00IntelliTrap pattern 0.167.00 0.167.00 0.167.00IntelliTrap exceptions 0.781.00 0.781.00 0.779.00Anti-spam engine 6.800.1017 6.800.1017 6.800.1017Spam pattern 19030.000 19030.000 19014.002URL Filtering Engine 3.500.1047 3.000.1029 3.500.1047
GRÁFICOS – PERÍODO 01/07/2012 A 07/07/2012
Scanning ConditionsTotal Message % Incoming Outgoing
Total message count 94236 100.00 88827 5409
Virus or malicious code 1 0.00 1 0
Spyware/grayware 0 0.00 0 0
Spam 14370 15.25 14302 68
Phish 0 0.00 0 0
Suspicious URLs - Web Reputation 0 0.00 0 0
DKIM enforcement 0 0.00 0 0
Attachment 0 0.00 0 0
Size 40 0.04 22 18
Content 213 0.23 197 16
Compliance 0 0.00 0 0
Others 0 0.00 0 0
Scanning exceptions 2 0.00 2 0
Spam Tagged by Cloud Pre-Filter 0 0.00 0 0
IP Profiler 3500 3.71 3500 0
Email reputation 50801 53.91 50801 0
Clean email 25309 26.86 20002 5307
Trend Micro Email Encryption 0 0.00 0 0
Spam by Action
Spam ActionsDetections Message % Size (MB)
Total spam message count 68671 100.00 232.996
Quarantined 14370 20.93 232.996
Deleted 0 0.00 0.000
Tagged 14370 20.93 232.996
Other 0 0.00 0.000
Rejected by Email reputation 50801 73.98 N/A
Rejected by IP Profiler 3500 5.10 N/A
Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %
[email protected] 489 321 65.64 5.862 [email protected] 549 300 54.64 4.729 [email protected] 909 291 32.01 6.117 [email protected] 542 284 52.40 3.780 [email protected] 702 259 36.89 4.359 [email protected] 455 240 52.75 4.792 [email protected] 460 211 45.87 8.035 [email protected] 347 208 59.94 4.914 [email protected] 317 194 61.20 3.631 24.18
[email protected] 301 193 64.12 3.982 17.96
Virus and Malicious Code Summary
Detections Message %
Total detections 1 100.00
Messages deleted 0 0.00
Messages quarantined 1 100.00
Attachments cleaned 0 0.00
Messages with attachments deleted 1 100.00
Messages blocked by IP Profiler 0 0.00
Top 10 Virus and Malicious Code Detections1TROJ_DLOADER.TZ 12N/A 03N/A 04N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0
10N/A 0
Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %
[email protected] 28 1 3.57 0.272 5.612N/A 0 0 0.00 0.000 0.003N/A 0 0 0.00 0.000 0.004N/A 0 0 0.00 0.000 0.005N/A 0 0 0.00 0.000 0.006N/A 0 0 0.00 0.000 0.007N/A 0 0 0.00 0.000 0.008N/A 0 0 0.00 0.000 0.009N/A 0 0 0.00 0.000 0.00
10N/A 0 0 0.00 0.000 0.00
CACTI – Gráficos
Período de 02/07/2012 a 09/07/2012
UEMFS
UEMICA
UEMNOTES
UEMPRD
UEMRMSA
Nagios
Disponibilidade – últimos 7 dias
Host Service % Time OK% Time Warning
% Time Unknown
% Time Critical
% Time Undetermined
internet_embratel Rede_Ping99.549% (99.549%)
0.000% (0.000%)
0.000% (0.000%)
0.451% (0.451%)
0.000%
uem1_Rede_Ping99.619% (99.619%)
0.000% (0.000%)
0.000% (0.000%)
0.381% (0.381%)
0.000%
link-carajas Rede_Ping90.788% (90.788%)
0.000% (0.000%)
0.000% (0.000%)
9.212% (9.212%)
0.000%
link-ebt-jangada Rede_Ping99.582% (99.582%)
0.000% (0.000%)
0.000% (0.000%)
0.418% (0.418%)
0.000%
link-jangada Rede_Ping99.652% (99.652%)
0.000% (0.000%)
0.000% (0.000%)
0.348% (0.348%)
0.000%
link-juruti Rede_Ping97.378% (97.378%)
0.000% (0.000%)
0.000% (0.000%)
2.622% (2.622%)
0.000%
uem1_Rede_Ping97.621% (97.621%)
0.036% (0.036%)
0.000% (0.000%)
2.343% (2.343%)
0.000%
link-riocapim Rede_Ping89.828% (89.828%)
0.045% (0.045%)
0.000% (0.000%)
10.127% (10.127%)
0.000%
uem1_Rede_Ping98.721% (98.721%)
0.000% (0.000%)
0.000% (0.000%)
1.279% (1.279%)
0.000%
link-yamana Rede_Ping99.341% (99.341%)
0.049% (0.049%)
0.000% (0.000%)
0.609% (0.609%)
0.000%
uem1_Rede_Ping99.618% (99.618%)
0.000% (0.000%)
0.000% (0.000%)
0.382% (0.382%)
0.000%
nagios_remoto Rede_Http99.280% (99.280%)
0.000% (0.000%)
0.000% (0.000%)
0.720% (0.720%)
0.000%
uem1_Rede_Http99.356% (99.356%)
0.000% (0.000%)
0.000% (0.000%)
0.644% (0.644%)
0.000%
router_cisco Rede_Ping99.602% (99.602%)
0.000% (0.000%)
0.000% (0.000%)
0.398% (0.398%)
0.000%
Rede_Telnet99.486% (99.486%)
0.000% (0.000%)
0.000% (0.000%)
0.514% (0.514%)
0.000%
uem1_Rede_Ping99.602% (99.602%)
0.000% (0.000%)
0.000% (0.000%)
0.398% (0.398%)
0.000%
storage-119 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-120 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-B Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-C Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-D Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-E Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-F Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-adm Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:82100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-gw Local_Carga99.652% (99.652%)
0.000% (0.000%)
0.000% (0.000%)
0.348% (0.348%)
0.000%
Local_Disk_Root99.652% (99.652%)
0.000% (0.000%)
0.000% (0.000%)
0.348% (0.348%)
0.000%
Local_Disk_backup99.652% (99.652%)
0.000% (0.000%)
0.000% (0.000%)
0.348% (0.348%)
0.000%
Local_Disk_bkpremoto
99.610% (99.610%)
0.000% (0.000%)
0.000% (0.000%)
0.390% (0.390%)
0.000%
Local_Disk_ftp_pessoal
99.653% (99.653%)
0.000% (0.000%)
0.000% (0.000%)
0.347% (0.347%)
0.000%
Local_Disk_ftp_public
99.653% (99.653%)
0.000% (0.000%)
0.000% (0.000%)
0.347% (0.347%)
0.000%
Local_Disk_home_ponto
99.609% (99.609%)
0.000% (0.000%)
0.000% (0.000%)
0.391% (0.391%)
0.000%
Local_Disk_home_restrito
99.653% (99.653%)
0.000% (0.000%)
0.000% (0.000%)
0.347% (0.347%)
0.000%
Local_Processos99.602% (99.602%)
0.000% (0.000%)
0.000% (0.000%)
0.398% (0.398%)
0.000%
Local_Users99.609% (99.609%)
0.000% (0.000%)
0.000% (0.000%)
0.391% (0.391%)
0.000%
Rede_Dns99.652% (99.652%)
0.000% (0.000%)
0.000% (0.000%)
0.348% (0.348%)
0.000%
Rede_Ftp99.652% (99.652%)
0.000% (0.000%)
0.000% (0.000%)
0.348% (0.348%)
0.000%
Rede_Http:8199.607% (99.607%)
0.000% (0.000%)
0.000% (0.000%)
0.393% (0.393%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH99.652% (99.652%)
0.000% (0.000%)
0.000% (0.000%)
0.348% (0.348%)
0.000%
Rede_Squid:312899.602% (99.602%)
0.000% (0.000%)
0.000% (0.000%)
0.398% (0.398%)
0.000%
uem1_Local_Disk_ftp_public
99.653% (99.653%)
0.000% (0.000%)
0.000% (0.000%)
0.347% (0.347%)
0.000%
uem1_Local_Disk_home_ponto
99.653% (99.653%)
0.000% (0.000%)
0.000% (0.000%)
0.347% (0.347%)
0.000%
uemantspam-imss Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemap-aplicacao Rede_Ping99.833% (99.833%)
0.000% (0.000%)
0.000% (0.000%)
0.167% (0.167%)
0.000%
uembdcRede_Active Directory
30.826% (30.826%)
0.000% (0.000%)
0.000% (0.000%)
69.174% (69.174%)
0.000%
Rede_Ping30.799% (30.799%)
0.000% (0.000%)
0.000% (0.000%)
69.201% (69.201%)
0.000%
uem1_Rede_Active Directory
30.836% (30.836%)
0.000% (0.000%)
0.000% (0.000%)
69.164% (69.164%)
0.000%
uembes-blackberry Rede_Http99.969% (99.969%)
0.000% (0.000%)
0.000% (0.000%)
0.031% (0.031%)
0.000%
Rede_LotusDomino99.969% (99.969%)
0.000% (0.000%)
0.000% (0.000%)
0.031% (0.031%)
0.000%
Rede_Ping99.952% (99.952%)
0.000% (0.000%)
0.000% (0.000%)
0.048% (0.048%)
0.000%
uemdev Rede_Ping99.807% (99.807%)
0.000% (0.000%)
0.000% (0.000%)
0.193% (0.193%)
0.000%
Rede_SAP99.702% (99.702%)
0.000% (0.000%)
0.000% (0.000%)
0.298% (0.298%)
0.000%
uemfs-fileserver Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemica-metaframe Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Metaframe100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Metaframe
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_TS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemmine-database Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemnotes-correio Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ldap100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Smtp99.755% (99.755%)
0.000% (0.000%)
0.000% (0.000%)
0.245% (0.245%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Smtp99.807% (99.807%)
0.000% (0.000%)
0.000% (0.000%)
0.193% (0.193%)
0.000%
uemprd Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemrmsa-database Rede_Oracle100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Oracle100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemvm-vmware Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vm-isodoc Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping99.960% (99.960%)
0.000% (0.000%)
0.000% (0.000%)
0.040% (0.040%)
0.000%
Rede_Postgresql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Postgresql
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Average97.327% (97.327%)
0.001% (0.001%)
0.000% (0.000%)
2.672% (2.672%)
0.000%
NTOP
Indisponível no momento
Trend Micro - Office Scan
Update Status for Networked Computers
* itens marcados com a cor amarela possuem a mesma versão da semana anterior
Top 10 Security Risk Statistics for Networked Computers
Virus/Malware Statistics:
Virus/Malware
Name Infections
TSPY_ZBOT.SKA 924
TSC_GENCLEAN 915
TROJ_SIREFEF.EM 366
TROJ_SIREFEF.DD 288
TROJ_SIREFEF.QA 273
TROJ_SIREFEF.SD 207
TROJ_SIREFEF.ERO 206
TROJ_SIREFEF.KBY 100
TROJ_SPNR.19G412 99
TROJ_SIREFEF.DAM 95
Last reset:22/5/2012 16:11:20
Infected Computers
Name Detections Log
UEM-WAREHOUSE 2116 View
USER-HP 930 View
UEMMBB151 640 View
UEM-SAFETY 279 View
HP24565236893 167 View
UEMFS 111 View
UEMZMMNT10 82 View
UEMOP709 64 View
UEMOP804 49 View
UEMOP504 42 View
Last reset:22/5/2012 16:11:49
Infection Source
Name Detections
HP-DISPATCH2\ADMINISTRATOR 1210
HP33671896628\EDWIN SIKAKENA 349
HP33671896628\OLIVER CHILESHE 105
HP33671896628\GILLY NYIRENDA 98
192.168.9.242\ADMINISTRADOR 70
HP33671896628\LOMBE CHOMBA 64
U-92CFD590AD0D4\MAINTENANCE 45
192.168.4.12\KEILLA REGINA 35
192.168.9.38\ADMINISTRADOR 34
UEMOP856\LUCIANO RODRIGUES 30
Spyware/Grayware Statistics:
Spyware/Grayware
Name Infections
HKTL_KEYGEN 17
CRCK_KEYGEN 11
HKTL_CRACKCF 10
CRCK_PATCH 6
CRCK_PATCHER 4
CRCK_SNDP 2
Dialer_Coulomb 1
ADW_TOOLBAR 1
ADW_BHO 1
HKTL_USURF 1
Last reset:22/5/2012 16:11:57
Infected Computers
Name Detections Log
UEMOP982 21 View
UEMOP423 16 View
UEMOP928 8 View
PC07VP 2 View
UEMMBB245 2 View
UEMMBB123123 1 View
UEMOP511 1 View
USER-HP 1 View
UEMOP973 1 View
UEMOP954 1 View
Last reset:22/5/2012 16:12:04