relatório semanal u&m - investlinux –...
TRANSCRIPT
Relatório Semanal U&M - InvestLinux – 03/01/2011
Uptime / Last OK
Espaço em Disco OK
Dmesg OK
Logs OK
Dat Anti-Vírus OK
Top - Memória / Processos / Carga OK
Processos OK
Portas Tcp Udp Abertas OK
MRTG - Tráfego OK
MRTG - Processador OK
Ipaudit Diário OK
Ipaudit Semanal OK
Squid Reports - TopSites OK
Squid Reports - TopUsers OK
Nagios - Disponibilidade HTTP 99,58%
Nagios - Disponibilidade SMTP 99,77%
Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas
[root@uem-gw]# uptime 11:01:21 up 6 days, 21:20, 1 user, load average: 0.43, 0.20, 0.12
[root@uem-gw]# last | sort -k 3 | moreil-adm pts/0 200.243.67.66 Mon Jan 3 11:01 still logged in il-adm pts/0 200.243.67.66 Sun Jan 2 17:04 - 17:11 (00:07) ftp ftpd25107 213.219.217.76 Sun Jan 2 01:31 - 01:31 (00:00) wtmp begins Sun Jan 2 01:31:19 2011
Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 18G 18G 51% / varrun 1014M 264K 1014M 1% /var/run varlock 1014M 4,0K 1014M 1% /var/lock udev 1014M 52K 1014M 1% /dev devshm 1014M 0 1014M 0% /dev/shm /dev/sdb1 50G 15G 33G 31% /backup /dev/sda1 471M 140M 308M 32% /boot //192.168.0.105/Pessoal 20G 5,0G 15G 25% /ftp/Pessoal //192.168.0.105/Public 200G 189G 12G 95% /ftp/Public //192.168.0.105/Restrito 200G 189G 12G 95% /home/Restrito //192.168.0.100/CorporeRM 47G 16G 31G 35% /home/ponto //192.168.0.105/BKP-linux 78G 55G 23G 72% /backup-remoto
Dmesg
Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -
Logs
Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )
Dat Anti-Vírus
[root@uem-gw]# freshclamClamAV update process started at Mon Jan 3 11:10:50 2011 main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) daily.cld is up to date (version: 12472, sigs: 13615, f-level: 58, builder: ccordes) bytecode.cld is up to date (version: 114, sigs: 27, f-level: 58, builder: edwin)
Semana Anterior:ClamAV update process started at Mon Dec 27 08:58:01 2010 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.96.3 Recommended version: 0.96.5 DON'T PANIC! Read http://www.clamav.net/support/faq main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) daily.cld is up to date (version: 12442, sigs: 12142, f-level: 58, builder: guitar) bytecode.cld is up to date (version: 114, sigs: 27, f-level: 58, builder: edwin)
Top - Memória / Processos / Carga- Sem informações relevantes -
Processos- Sem informações relevantes -
Portas Tcp Udp Abertas
[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6597/postgrey.pid - tcp 0 0 192.168.0.1:5666 *:* LISTEN 31603/nrpe tcp 0 0 *:rsync *:* LISTEN 7174/rsync tcp 0 0 localhost:mysql *:* LISTEN 6514/mysqld tcp 0 0 *:webmin *:* LISTEN 8136/perl tcp 0 0 *:81 *:* LISTEN 7413/apache2 tcp 0 0 *:ftp *:* LISTEN 15040/proftpd: (acc tcp 0 0 10.0.0.29:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.27:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.25:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.23:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.21:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.19:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.17:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.15:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.13:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.11:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.9:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.7:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.3:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.5:domain *:* LISTEN 23871/named tcp 0 0 10.0.0.1:domain *:* LISTEN 23871/named tcp 0 0 192.168.1.1:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.50:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.11:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.10:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.9:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.8:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.7:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.6:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.4:domain *:* LISTEN 23871/named tcp 0 0 200.243.57.3:domain *:* LISTEN 23871/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 23871/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 23871/named
tcp 0 0 192.168.0.1:domain *:* LISTEN 23871/named tcp 0 0 localhost:domain *:* LISTEN 23871/named tcp 0 0 *:3128 *:* LISTEN 7536/(squid) tcp 0 0 localhost:953 *:* LISTEN 23871/named tcp 0 0 *:smtp *:* LISTEN 7155/master tcp 0 0 *:1723 *:* LISTEN 7162/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7174/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 23871/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6411/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 7011/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 23871/namedObs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.
root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6597/postgrey.pid - tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 31603/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7174/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6514/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 8136/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 7413/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 15040/proftpd: (acc tcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 23871/named tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 7536/(squid) tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 23871/named tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7155/master tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7162/pptpd tcp6 0 0 :::873 :::* LISTEN 7174/rsync tcp6 0 0 :::53 :::* LISTEN 23871/named tcp6 0 0 :::22 :::* LISTEN 6411/sshd tcp6 0 0 :::3000 :::* LISTEN 7011/ntop tcp6 0 0 ::1:953 :::* LISTEN 23871/namedObs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.
MRTG - Tráfego*
Internet – eth1
Roteador Embratel
VPN Embratel – eth2
VPN Itaboraí – tun0
*VPN sem tráfego desde 17/04/2010. Este gráfico mostra tráfego mínimo, praticamente nulo.
VPN Yamana – tun1
VPN Juruti
*Tráfego elevado no dia 29/12/2010 (quarta-feira), porém não foi possível detectar a origem do mesmo, por não estar entre os top 20.
VPN Rio Capim – tun4
VPN Zâmbia – tun6
VPN Parapigmentos*Sem atividade
UeM ADM – CPU Utilization
UeM ADM – Load
UeM GW – CPU Utilization
UeM GW – Load
*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.
Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.
Ipaudit Diário
- Sem informações relevantes -
Ipaudit Semanal (Top 10)
IP Host Name Incoming(bytes)
Outgoing(bytes)
Total(bytes)
192.168.000.001 - 2,153,215,461 13,964,014,236 16,117,229,697
200.243.057.005 uemnotes.uem.com.br 6,610,658,265 8,103,342,021 14,714,000,286
200.243.057.011 - 2,667,357,221 602,917,057 3,270,274,278
192.168.000.103 uemnotes.uem.com.br 2,247,419,289 498,504,412 2,745,923,701
192.168.012.115 - 1,419,575,518 349,215,494 1,768,791,012
192.168.008.190 uemop959.uem.com.br 726,065,018 91,314,989 817,380,007
192.168.012.229 - 412,128,801 24,701,534 436,830,335
192.168.000.107 uemantspam.uem.com.br 261,218,324 131,299,643 392,517,967
192.168.010.229 - 327,264,427 25,414,264 352,678,691
192.168.012.242 - 297,907,086 15,467,329 313,374,415
Squid Reports Semanal – 26/12/2010 a 02/01/2011
Squid Reports – TopSites
NUM ACCESSED SITE CONNECT BYTES TIME
1 osce80-en.url.trendmicro.com 92.71K 61.38M 41.23M
2 www.google-analytics.com 51.32K 30.25M 9.43M
3 s.glbimg.com 49.51K 219.25M 10.14M
4 www.globo.com 47.51K 110.35M 8.16M
5 au.download.windowsupdate.com 26.91K 2.26G 106.79M
6 isodoc.uem.com.br 26.78K 108.30M 12.23M
7 armdl.adobe.com 25.04K 908.19M 28.53M
8 www.google.com.br 23.16K 152.36M 25.37M
9 clients1.google.com.br 21.41K 18.50M 5.74M
10 pagead2.googlesyndication.com 18.08K 66.29M 25.73M
11 portal.uem.com.br 15.45K 56.30M 8.98M
12 ads.img.globo.com 15.27K 93.08M 7.87M
13 l.yimg.com 14.28K 121.74M 23.54M
14 www.lusakatimes.com 14.11K 68.12M 48.34M
15 www.lancenet.com.br 13.76K 29.28M 2.93M
16 www.estadao.com.br 13.44K 30.96M 3.71M
17 p2.trrsf.com.br 13.32K 20.22M 1.90M
18 www.bb.com.br 12.56K 47.75M 1.97M
19 imagem.buscape.com.br 10.46K 14.43M 1.42M
20 globoesporte.globo.com 10.41K 69.64M 5.06M
Squid Reports – TopUsers
NUM USERID CONNECT BYTES %BYTES IN-CACHE-OUT ELAPSED TIME MILISEC %TIME
1 192.168.0.6 23.78K 861.55M 4.55% 2.98% 97.02% 04:21:32 15,692,307 0.57%
2 192.168.0.165 2.40K 727.77M 3.85% 1.54% 98.46% 01:07:48 4,068,267 0.15%
3 192.168.0.148 8.89K 649.52M 3.43% 4.17% 95.83% 02:23:55 8,635,315 0.31%
4 192.168.9.112 4.31K 611.18M 3.23% 0.92% 99.08% 13:23:36 48,216,744 1.75%
5 192.168.10.229 37.60K 586.36M 3.10% 4.27% 95.73% 13:34:54 48,894,783 1.77%
6 192.168.14.235 3.74K 504.24M 2.66% 0.56% 99.44% 08:51:05 31,865,595 1.15%
7 192.168.12.115 10.32K 446.96M 2.36% 0.74% 99.26% 14:00:00 50,400,653 1.82%
8 192.168.12.229 44.30K 441.86M 2.33% 4.28% 95.72% 10:25:42 37,542,217 1.36%
9 192.168.14.161 3.54K 386.25M 2.04% 2.24% 97.76% 04:57:59 17,879,172 0.65%
10 192.168.9.201 45.46K 358.52M 1.89% 16.72% 83.28% 13:48:09 49,689,988 1.80%
11 192.168.0.167 2.95K 337.13M 1.78% 3.76% 96.24% 00:35:55 2,155,207 0.08%
12 192.168.12.241 22.13K 317.47M 1.68% 6.24% 93.76% 11:42:02 42,122,238 1.53%
13 192.168.12.217 17.42K 305.84M 1.62% 4.46% 95.54% 10:34:54 38,094,238 1.38%
14 192.168.12.242 11.12K 303.56M 1.60% 3.11% 96.89% 05:29:00 19,740,599 0.71%
15 192.168.12.200 35.73K 280.22M 1.48% 15.62% 84.38% 09:33:02 34,382,504 1.24%
16 192.168.0.30 1.66K 232.88M 1.23% 1.12% 98.88% 00:32:05 1,925,039 0.07%
17 192.168.12.126 35.52K 232.84M 1.23% 12.72% 87.28% 08:02:43 28,963,594 1.05%
18 192.168.10.112 28.66K 226.63M 1.20% 1.48% 98.52% 41:09:32 148,172,733 5.37%
19 192.168.8.150 49.18K 215.27M 1.14% 20.38% 79.62% 06:49:33 24,573,811 0.89%
20 192.168.12.177 22.83K 207.01M 1.09% 9.09% 90.91% 11:24:36 41,076,614 1.49%
Squid Reports – Tentativas de acesso a Sites Indevidos
LOCAL ACESSADO IPwww.adultminigames.com 192.168.12.229 www.pornhub.com 192.168.12.229 www.porno-dvd-movies.com 192.168.12.229 www.sexboobtube.com 192.168.10.232 www.sexyfunpics.com 192.168.12.226 www.sexykristylust.com 192.168.12.229
Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.
Trend Micro - InterScan Messaging Security Suite
DADOS DO SISTEMA
NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.200.1012 9.200.1012 9.120.1012Virus pattern 7.743.00 7.743.00 7.729.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.147.00 0.147.00 0.147.00IntelliTrap exceptions 0.617.00 0.617.00 0.615.00Anti-spam engine 6.5.1024 6.5.1024 6.5.1024Spam pattern 17872.002 17872.002 17856.006IMSS Version 7.0-Build_Linux_3216 N/A
ESTATÍSTICAS
PERÍODO: ÚLTIMOS 7 DIAS
RESUMO
Scanning Conditions Total %Malicious code 2 0%Spyware/grayware 0 0%Spam 17630 24.89%Phish 0 0%Attachment 0 0%Size 0 0%Content 246 0.35%Others 0 0%Scanning exceptions 1 0%
GRÁFICOS – PERÍODO 26/12/2010 A 01/01/2011Spam by Action
Spam ActionsDetections Message % Size (MB)
Total spam message count 62948 100.00 140.524
Quarantined 19705 31.30 140.524
Deleted 0 0.00 0.000
Tagged 19705 31.30 140.524
Other 0 0.00 0.000
Rejected by NRS 43243 68.70 N/A
Rejected by IP Profiler 0 0.00 N/A
Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %
[email protected] 218 154 70.64 0.929 [email protected] 168 135 80.36 0.890 [email protected] 210 133 63.33 2.322 [email protected] 169 132 78.11 0.804 [email protected] 240 123 51.25 0.728 [email protected] 163 121 74.23 1.003 [email protected] 185 120 64.86 2.106 [email protected] 146 113 77.40 0.986 [email protected] 137 113 82.48 0.415 30.36
[email protected] 127 112 88.19 1.029 70.84
Virus and Malicious Code Summary
Detections Message %
Total detections 3 100.00
Messages deleted 0 0.00
Messages quarantined 3 100.00
Attachments cleaned 0 0.00
Messages with attachments deleted 1 33.33
Messages blocked by IP Profiler 0 0.00
Top 10 Virus and Malicious Code Detections1PAK_Generic.001 22Possible_Virus 13N/A 04N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0
10N/A 0
Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %
[email protected] 25 2 8.00 4.225 [email protected] 1 1 100.00 0.698 100.003N/A 0 0 0.00 0.000 0.004N/A 0 0 0.00 0.000 0.005N/A 0 0 0.00 0.000 0.006N/A 0 0 0.00 0.000 0.007N/A 0 0 0.00 0.000 0.008N/A 0 0 0.00 0.000 0.009N/A 0 0 0.00 0.000 0.00
10N/A 0 0 0.00 0.000 0.00
CACTI – Gráficos
Período de 20/12/2010 a 27/12/2010
UEMFS
UEMICA
UEMNOTES
UEMPRD
UEMRMSA
Nagios
Disponibilidade – últimos 7 dias
Host Service % Time OK% Time Warning
% Time Unknown
% Time Critical
% Time Undetermined
internet_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
link-juruti Rede_Ping97.816% (97.816%)
0.000% (0.000%)
0.000% (0.000%)
2.184% (2.184%)
0.000%
link-riocapim Rede_Ping95.439% (95.439%)
0.049% (0.049%)
0.000% (0.000%)
4.512% (4.512%)
0.000%
link-yamana Rede_Ping99.385% (99.385%)
0.000% (0.000%)
0.000% (0.000%)
0.615% (0.615%)
0.000%
link-zambia Rede_Ping78.027% (78.027%)
0.000% (0.000%)
0.000% (0.000%)
21.973% (21.973%)
0.000%
nagios_remoto Rede_Http99.428% (99.428%)
0.000% (0.000%)
0.000% (0.000%)
0.572% (0.572%)
0.000%
router_intel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Telnet100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
site_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-119 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-120 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-B Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-C Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-D Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-E Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-F Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-adm Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:82100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-gw Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_backup100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_bkpremoto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_pessoal
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_public
27.488% (27.488%)
72.512% (72.512%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_ponto
99.902% (99.902%)
0.000% (0.000%)
0.000% (0.000%)
0.098% (0.098%)
0.000%
Local_Disk_home_restrito
27.484% (27.484%)
72.516% (72.516%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Dns100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ftp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:81100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Squid:3128100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemantspam-imss Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendImss100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendPolices100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemap-aplicacao Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembdcRede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembes-blackberry Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_LotusDomino100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemdev Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemfs-fileserver Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemica-metaframe Rede_Http99.955% (99.955%)
0.000% (0.000%)
0.000% (0.000%)
0.045% (0.045%)
0.000%
Rede_Metaframe99.955% (99.955%)
0.000% (0.000%)
0.000% (0.000%)
0.045% (0.045%)
0.000%
Rede_Ping99.955% (99.955%)
0.000% (0.000%)
0.000% (0.000%)
0.045% (0.045%)
0.000%
Rede_TS99.955% (99.955%)
0.000% (0.000%)
0.000% (0.000%)
0.045% (0.045%)
0.000%
uemmine-database Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemnotes-correio Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ldap100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Smtp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemprd Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemrmsa-database Rede_Oracle99.906% (99.906%)
0.000% (0.000%)
0.000% (0.000%)
0.094% (0.094%)
0.000%
Rede_Ping99.906% (99.906%)
0.000% (0.000%)
0.000% (0.000%)
0.094% (0.094%)
0.000%
uemvm-vmware Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vm-isodoc Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Postgresql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Average97.530% (97.530%)
2.043% (2.043%)
0.000% (0.000%)
0.427% (0.427%)
0.000%
NTOP
Trend Micro - Office Scan
Update Status for Networked Computers
* itens marcados com a cor amarela possuem a mesma versão da semana anterior
Top 10 Security Risk Statistics for Networked Computers
Virus/Malware Statistics:
Virus/Malware
Name Infections
HTML_IFRAME.AUO 13924
Mal_Otorun1 4009
PE_MABEZAT.B-O 3835
Mal_Sality 1607
TSC_GENCLEAN 1354
WORM_OTOIT.SMT 1182
TROJ_Generic.DIT 1098
PAK_Generic.001 996
TROJ_DLOADE.FF 975
Mal_Otorun2 957
Infected Computers
Name Detections Log
UEMMBB27 8264 View
UEMMBB202 5656 View
SAFETY 4101 View
UEMPABX 1134 View
UEMFS 706 View
UEMMBB312 447 View
UEMOP956 349 View
UEMOP509 265 View
UEMOP706 264 View
UEMOP954 260 View
Infection Source
Name Detections
192.168.9.242\ADMINISTRADOR 70
192.168.4.12\KEILLA REGINA 35
192.168.9.38\ADMINISTRADOR 34
\\192.168.0.133\GUEST 22
\\192.168.0.131\GUEST 21
RAR-29A45523705\ROTINARC 19
192.168.9.250\ADMINISTRADOR 16
\\[fe80::c5b5:9711:6e96:4124]\Guest 16
\\UEMZMSPL\Guest 16
\\UEMZMSPL\ANONYMOUS LOGON 16
Spyware/Grayware Statistics:
Spyware/Grayware
Name Infections
GRAY_Gen 171
SPYW_ARDAKEY 89
CRCK_KEYGEN 87
HKTL_ULTRASURF 77
GRAY_GEN.0Z1013S 71
ADW_SAVENOW.BO 29
HKTL_USURF 25
CRCK_JBEAN 22
GRAY_Sml 22
ADW_WEBDIR.AC 12
Infected Computers
Name Detections Log
UEMFS 217 View
UEMPABX 91 View
UEMICA 71 View
UEMOP964 47 View
UEMOP421 14 View
UEMMBB163 13 View
UEMMBB53 9 View
UEMOP416 5 View
UEMOP954 5 View
UEMMBB01 4 View