Relatório Semanal U&M - InvestLinux – 26/12/2011
Uptime / Last OK
Espaço em Disco OK
Dmesg OK
Logs OK
Dat Anti-Vírus OK
Top - Memória / Processos / Carga OK
Processos OK
Portas Tcp Udp Abertas OK
MRTG - Tráfego OK
MRTG - Processador OK
Ipaudit Diário OK
Ipaudit Semanal OK
Squid Reports - TopSites OK
Squid Reports - TopUsers OK
Nagios - Disponibilidade HTTP 100,00%
Nagios - Disponibilidade SMTP 100,00%
Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas
[root@uem-gw]# uptime 09:59:50 up 44 days, 23:32, 1 user, load average: 0.41, 0.21, 0.19
[root@uem-gw]# last | sort -k 3 | morefree ftpd28336 177.19.158.74 Wed Dec 14 09:55 - 10:35 (00:39) free ftpd651 177.19.158.74 Wed Dec 14 10:45 - 11:02 (00:17) vpnuem ppp1 186.206.231.38 Wed Dec 21 13:57 - 13:58 (00:01) vpnuem ppp1 186.206.231.38 Wed Dec 21 14:01 - 14:05 (00:03) uem ftpd3505 186.221.84.251 Thu Dec 22 17:17 - 17:27 (00:09) uem ftpd3506 186.221.84.251 Thu Dec 22 17:18 - 17:28 (00:10) vpnuem ppp0 187.91.102.39 Thu Dec 15 23:54 - 02:11 (02:17) uem ftpd11625 189.3.236.211 Fri Dec 2 11:46 - 11:55 (00:09) uem ftpd11624 189.3.236.211 Fri Dec 2 11:46 - 11:56 (00:10) uem ftpd11951 189.3.236.211 Fri Dec 2 11:54 - 12:05 (00:10) uem ftpd14143 189.3.236.211 Fri Dec 2 12:27 - 12:30 (00:02) uem ftpd21442 189.3.236.211 Fri Dec 9 14:26 - 14:27 (00:01) uem ftpd16540 189.3.236.211 Mon Dec 19 14:30 - 14:40 (00:10) uem ftpd16552 189.3.236.211 Mon Dec 19 14:30 - 14:40 (00:10) uem ftpd16664 189.3.236.211 Mon Dec 19 14:31 - 14:32 (00:00) uem ftpd16659 189.3.236.211 Mon Dec 19 14:31 - 14:45 (00:14) uem ftpd16665 189.3.236.211 Mon Dec 19 14:32 - 14:32 (00:00) uem ftpd16719 189.3.236.211 Mon Dec 19 14:34 - 14:35 (00:01) uem ftpd16763 189.3.236.211 Mon Dec 19 14:36 - 14:42 (00:06) uem ftpd16764 189.3.236.211 Mon Dec 19 14:36 - 14:42 (00:06) uem ftpd16919 189.3.236.211 Mon Dec 19 14:42 - 14:48 (00:05) uem ftpd32193 189.3.236.211 Mon Dec 26 09:31 - 09:36 (00:04) uem ftpd32192 189.3.236.211 Mon Dec 26 09:31 - 09:41 (00:10) uem ftpd23399 189.3.236.211 Mon Dec 5 16:22 - 16:24 (00:01) uem ftpd24699 189.3.236.211 Mon Dec 5 17:08 - 17:18 (00:10) uem ftpd24700 189.3.236.211 Mon Dec 5 17:08 - 17:18 (00:10) uem ftpd24720 189.3.236.211 Mon Dec 5 17:09 - 17:19 (00:10) uem ftpd24721 189.3.236.211 Mon Dec 5 17:09 - 17:20 (00:10) uem ftpd24732 189.3.236.211 Mon Dec 5 17:10 - 17:20 (00:10) uem ftpd24731 189.3.236.211 Mon Dec 5 17:10 - 17:23 (00:13) uem ftpd24789 189.3.236.211 Mon Dec 5 17:11 - 17:12 (00:00) uem ftpd24788 189.3.236.211 Mon Dec 5 17:11 - 17:23 (00:11) uem ftpd24818 189.3.236.211 Mon Dec 5 17:12 - 17:12 (00:00) uem ftpd29021 189.3.236.211 Mon Dec 5 18:19 - 18:29 (00:10) uem ftpd29728 189.3.236.211 Sat Dec 10 11:29 - 11:32 (00:03) uem ftpd29725 189.3.236.211 Sat Dec 10 11:29 - 11:39 (00:10) uem ftpd29902 189.3.236.211 Sat Dec 10 11:30 - 11:30 (00:00) uem ftpd29877 189.3.236.211 Sat Dec 10 11:30 - 11:40 (00:10) uem ftpd31481 189.3.236.211 Sat Dec 17 10:31 - 10:35 (00:03) uem ftpd22919 189.3.236.211 Sat Dec 24 12:42 - 12:44 (00:01) uem ftpd22918 189.3.236.211 Sat Dec 24 12:42 - 12:52 (00:09) uem ftpd17570 189.3.236.211 Thu Dec 15 09:57 - 10:00 (00:02)
Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 21G 15G 59% /varrun 1014M 264K 1014M 1% /var/runvarlock 1014M 0 1014M 0% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 17G 32G 35% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 6,4G 14G 32% /ftp/Pessoal//192.168.0.105/Public 200G 123G 78G 62% /ftp/Public//192.168.0.105/Restrito 200G 123G 78G 62% /home/Restrito//192.168.0.100/CorporeRM 47G 19G 29G 39% /home/ponto//192.168.0.105/BKP-linux 30G 12G 19G 37% /backup-remoto
Dmesg
Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -
Logs
Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )
Dat Anti-Vírus
[root@uem-gw]# freshclamClamAV update process started at Mon Dec 26 10:06:07 2011WARNING: Your ClamAV installation is OUTDATED!WARNING: Local version: 0.97.2 Recommended version: 0.97.3DON'T PANIC! Read http://www.clamav.net/support/faqmain.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)daily.cld is up to date (version: 14193, sigs: 54465, f-level: 63, builder: guitar)bytecode.cld is up to date (version: 158, sigs: 38, f-level: 63, builder: edwin)[LibClamAV] ***********************************************************[LibClamAV] *** This version of the ClamAV engine is outdated. ***[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***[LibClamAV] ***********************************************************[LibClamAV] ***********************************************************[LibClamAV] *** This version of the ClamAV engine is outdated. ***[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***[LibClamAV] ***********************************************************
Semana Anterior:main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cld is up to date (version: 14154, sigs: 53028, f-level: 63, builder: arnaud) bytecode.cld is up to date (version: 158, sigs: 38, f-level: 63, builder: edwin) [LibClamAV] *********************************************************** [LibClamAV] *** This version of the ClamAV engine is outdated. *** [LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq *** [LibClamAV] *********************************************************** [LibClamAV] *********************************************************** [LibClamAV] *** This version of the ClamAV engine is outdated. *** [LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq *** [LibClamAV] ***********************************************************
Top - Memória / Processos / Carga- Sem informações relevantes -
Processos- Sem informações relevantes -
Portas Tcp Udp Abertas
[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6718/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 7094/nrpe tcp 0 0 *:rsync *:* LISTEN 7336/rsync tcp 0 0 localhost:mysql *:* LISTEN 6635/mysqld tcp 0 0 *:webmin *:* LISTEN 8428/perl tcp 0 0 *:81 *:* LISTEN 4462/apache2 tcp 0 0 10.0.0.29:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.27:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.25:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.23:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.21:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.19:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.17:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.15:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.13:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.11:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.9:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.7:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.3:domain *:* LISTEN 4378/named
tcp 0 0 10.0.0.5:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.1:domain *:* LISTEN 4378/named tcp 0 0 192.168.1.1:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.12:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.50:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.11:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.10:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.9:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.8:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.7:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.6:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.4:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.3:domain *:* LISTEN 4378/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 4378/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 4378/named tcp 0 0 192.168.0.1:domain *:* LISTEN 4378/named tcp 0 0 localhost:domain *:* LISTEN 4378/named tcp 0 0 *:ftp *:* LISTEN 21046/proftpd: (acctcp 0 0 *:ssh *:* LISTEN 6532/sshd tcp 0 0 *:3128 *:* LISTEN 29620/(squid) tcp 0 0 localhost:953 *:* LISTEN 4378/named tcp 0 0 *:smtp *:* LISTEN 7317/master tcp 0 0 *:1723 *:* LISTEN 7322/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7336/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 4378/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6532/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 16237/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 4378/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.
root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6718/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 7094/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7336/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6635/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 8428/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 4462/apache2 tcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.12:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 21046/proftpd: (acctcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6532/sshd tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 29620/(squid) tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4378/named tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7317/master tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7322/pptpd tcp6 0 0 :::873 :::* LISTEN 7336/rsync tcp6 0 0 :::53 :::* LISTEN 4378/named tcp6 0 0 :::22 :::* LISTEN 6532/sshd tcp6 0 0 :::3000 :::* LISTEN 16237/ntop tcp6 0 0 ::1:953 :::* LISTEN 4378/namedObs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.
MRTG - Tráfego*
Internet – eth1
Roteador Embratel
VPN Embratel – eth2
VPN Yamana – tun1
VPN Juruti
VPN Rio Capim – tun4
VPN Zâmbia – tun6
Roteador Jangada189.52.77.26
Roteador Marabá – 189.16.176.6
UeM ADM – CPU Utilization
UeM ADM – Load
UeM GW – CPU Utilization
UeM GW – Load
*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.
Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.
Ipaudit Diário
- Sem informações relevantes -
Ipaudit Semanal (Top 10)
IP Host Name Incoming(bytes)
Outgoing(bytes)
Total(bytes)
200.243.057.005 uemnotes.uem.com.br 4,664,759,464 17,859,681,850 22,524,441,314
200.243.057.011 - 11,505,129,040 2,702,616,062 14,207,745,102
192.168.000.001 - 455,737,028 8,937,261,804 9,392,998,832
192.168.012.153 - 6,773,814,585 1,473,369,708 8,247,184,293
200.243.057.002 correio.uem.com.br 4,493,068,159 422,135,398 4,915,203,557
192.168.010.024 uemop416.uem.com.br 2,769,525,920 1,015,460,740 3,784,986,660
200.243.057.008 - 1,874,790,074 400,924,477 2,275,714,551
192.168.000.023 - 1,494,861,581 315,624,503 1,810,486,084
192.168.000.103 uemnotes.uem.com.br 260,780,967 536,884,147 797,665,114
192.168.000.107 uemantspam.uem.com.br 626,908,159 163,672,272 790,580,431
Squid Reports Semanal – 18/12/2011 a 25/12/2011
Squid Reports – TopSites
NUMACCESSED SITE CONNECT BYTES TIME
1 www.receita.fazenda.gov.br 250.23K 215.01M 19.39M
2 s.glbimg.com 199.31K 582.16M 25.72M
3 osce80-en.url.trendmicro.com 100.34K 67.59M 53.78M
4 mail.yimg.com 57.33K 142.52M 12.21M
5 au.download.windowsupdate.com 52.71K 2.42G 168.57M
6 s2.glbimg.com 51.05K 132.08M 5.90M
7 www.google-analytics.com 44.20K 29.62M 6.23M
8 www.google.com.br 30.92K 274.95M 34.94M
9 pagead2.googlesyndication.com 27.65K 138.91M 16.32M
10 clients1.google.com.br 25.60K 27.02M 8.97M
11 download.windowsupdate.com 25.13K 821.59M 58.98M
12 ads.img.globo.com 23.66K 105.72M 9.70M
13 safebrowsing-cache.google.com 15.87K 188.99M 12.63M
14 us.mg6.mail.yahoo.com 15.46K 28.84M 3.71M
15 l.yimg.com 15.31K 150.64M 19.93M
16 www.lusakatimes.com 15.29K 96.68M 21.54M
17 www.fleetboard.com 14.77K 234.18M 11.19M
18 googleads.g.doubleclick.net 14.22K 61.34M 7.32M
19 ad.yieldmanager.com 12.37K 44.55M 10.58M
20 www.bb.com.br 12.37K 35.91M 1.81M
Squid Reports – TopUsers
Squid Reports – Tentativas de acesso a Sites Indevidos
LOCAL ACESSADO IPwww.adultoafiliados.com.br 192.168.10.186www.adulttrafficads.com 192.168.12.114www.assistirsexyhot.com 192.168.8.190 192.168.9.178 192.168.9.240www.safadas.com 192.168.6.226
Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.
Trend Micro - InterScan Messaging Security Suite
DADOS DO SISTEMA
NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.500.1005 9.500.1005 9.500.1005Virus pattern 8.667.00 8.667.00 8.655.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.163.00 0.163.00 0.163.00IntelliTrap exceptions 0.723.00 0.723.00 0.723.00Anti-spam engine 6.8.1017 6.8.1017 6.8.1017Spam pattern 18606.007 18606.007 18596.000IMSS Version 7.0-Build_Linux_3216 N/A
ESTATÍSTICAS
PERÍODO: ÚLTIMOS 7 DIAS
RESUMO
Scanning Conditions Total %Malicious code 1 0%Spyware/grayware 0 0%Spam 12008 20.4%Phish 1 0%Attachment 0 0%Size 64 0.11%Content 567 0.96%Others 0 0%Scanning exceptions 71 0.12%
GRÁFICOS – PERÍODO 18/12/2011 A 24/12/2011Spam by Action
Spam ActionsDetections Message % Size (MB)
Total spam message count 39027 100.00 195.077
Quarantined 12002 30.75 195.077
Deleted 0 0.00 0.000
Tagged 12001 30.75 195.075
Other 0 0.00 0.000
Rejected by NRS 27025 69.25 N/A
Rejected by IP Profiler 0 0.00 N/A
Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %
[email protected] 485 255 52.58 4.848 [email protected] 352 222 63.07 3.129 [email protected] 318 207 65.09 4.533 [email protected] 415 201 48.43 3.350 [email protected] 767 189 24.64 2.559 [email protected] 252 180 71.43 3.078 [email protected] 430 178 41.40 3.149 [email protected] 256 172 67.19 3.340 [email protected] 210 162 77.14 4.265 51.95
[email protected] 358 161 44.97 3.613 8.07
Virus and Malicious Code Summary
Detections Message %
Total detections 1 100.00
Messages deleted 1 100.00
Messages quarantined 0 0.00
Attachments cleaned 0 0.00
Messages with attachments deleted 0 0.00
Messages blocked by IP Profiler 0 0.00
Top 10 Virus and Malicious Code Detections1WORM_MYDOOM.GEN 12N/A 03N/A 04N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0
10N/A 0
Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %
[email protected] 82 1 1.22 0.040 0.082N/A 0 0 0.00 0.000 0.003N/A 0 0 0.00 0.000 0.004N/A 0 0 0.00 0.000 0.005N/A 0 0 0.00 0.000 0.006N/A 0 0 0.00 0.000 0.007N/A 0 0 0.00 0.000 0.008N/A 0 0 0.00 0.000 0.009N/A 0 0 0.00 0.000 0.00
10N/A 0 0 0.00 0.000 0.00
CACTI – Gráficos
Período de 19/12/2011 a 26/12/2011
UEMFS
UEMICA
UEMNOTES
UEMPRD
UEMRMSA
Nagios
Disponibilidade – últimos 7 dias
Host Service % Time OK% Time Warning
% Time Unknown
% Time Critical
% Time Undetermined
internet_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
link-jangada Rede_Ping93.554% (93.554%)
0.000% (0.000%)
0.000% (0.000%)
6.446% (6.446%)
0.000%
link-juruti Rede_Ping95.872% (95.872%)
0.148% (0.148%)
0.000% (0.000%)
3.980% (3.980%)
0.000%
uem1_Rede_Ping96.234% (96.234%)
0.000% (0.000%)
0.000% (0.000%)
3.766% (3.766%)
0.000%
link-riocapim Rede_Ping99.356% (99.356%)
0.297% (0.297%)
0.000% (0.000%)
0.347% (0.347%)
0.000%
uem1_Rede_Ping99.456% (99.456%)
0.248% (0.248%)
0.000% (0.000%)
0.296% (0.296%)
0.000%
link-yamana Rede_Ping99.869% (99.869%)
0.000% (0.000%)
0.000% (0.000%)
0.131% (0.131%)
0.000%
uem1_Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
link-zambia Rede_Ping71.897% (71.897%)
0.079% (0.079%)
0.000% (0.000%)
28.024% (28.024%)
0.000%
uem1_Rede_Ping76.793% (76.793%)
0.000% (0.000%)
0.000% (0.000%)
23.207% (23.207%)
0.000%
nagios_remoto Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
router_cisco Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Telnet100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-119 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-120 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-B Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-C Rede_Ping99.957% (99.957%)
0.000% (0.000%)
0.000% (0.000%)
0.043% (0.043%)
0.000%
switch-3com-D Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-E Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-F Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-adm Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:82100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-gw Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_backup100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_bkpremoto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_pessoal
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_public
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_ponto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_restrito
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Dns100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ftp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:81100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Squid:3128100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Local_Disk_ftp_public
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Local_Disk_home_ponto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemantspam-imss Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendImss100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendPolices100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemap-aplicacao Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembdcRede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembes-blackberry Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_LotusDomino100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemdev Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemfs-fileserver Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemica-metaframe Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Metaframe100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Metaframe
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_TS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemmine-database Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemnotes-correio Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ldap100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Smtp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Smtp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemprd Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemrmsa-database Rede_Oracle100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Oracle100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemvm-vmware Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vm-isodoc Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Postgresql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Postgresql
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Average99.264% (99.264%)
0.008% (0.008%)
0.000% (0.000%)
0.728% (0.728%)
0.000%
NTOP
Trend Micro - Office Scan
Update Status for Networked Computers
* itens marcados com a cor amarela possuem a mesma versão da semana anterior
Top 10 Security Risk Statistics for Networked Computers
Virus/Malware Statistics:
Virus/Malware
Name Infections
HTML_IFRAME.AUO 13927
Mal_Otorun1 4172
PE_MABEZAT.B-O 3835
TSC_GENCLEAN 3005
PE_VIRUX.R 2354
PE_SALITY.EN-1 1771
PAK_Generic.001 1695
Mal_Sality 1614
EXPL_CPLNK.SM 1319
WORM_OTOIT.SMT 1257
Infected Computers
Name Detections Log
UEM-SAFETY 2441 View
HP21900126961 2046 View
HP-DISPATCH1 2023 View
UEMPABX 1278 View
UEMOP503 945 View
UEMFS 937 View
UEMOP706 792 View
UEMZMSURVEY 682 View
UEMOP807 596 View
UEMMBB312 465 View
Infection Source
Name Detections
HP-DISPATCH2\ADMINISTRATOR 1169
HP33671896628\EDWIN SIKAKENA 349
HP33671896628\OLIVER CHILESHE 105
HP33671896628\GILLY NYIRENDA 98
192.168.9.242\ADMINISTRADOR 70
HP33671896628\LOMBE CHOMBA 64
U-92CFD590AD0D4\MAINTENANCE 45
192.168.4.12\KEILLA REGINA 35
192.168.9.38\ADMINISTRADOR 34
192.168.12.124\EAMONN BROWNE 22
Spyware/Grayware Statistics:
Spyware/Grayware
Name Infections
CRCK_KEYGEN 1348
HKTL_ULTRASURF 1190
SPYW_ARDAKEY 285
GRAY_Gen 177
GRAY_GEN.0Z1013S 71
TSPY_KEYLOG 32
ADW_SAVENOW.BO 29
ADW_YABECTOR.SM 28
HKTL_USURF 25
CRCK_JBEAN 23
Infected Computers
Name Detections Log
UEMPABX 286 View
UEMFS 218 View
UEMMBB45 73 View
UEMICA 71 View
UEMNOTES 30 View
UEMOP957 7 View
UEMOP404 6 View
UEMOP807 6 View
UEMOP416 5 View
UEMOP953 4 View