Relatório Semanal U&M - InvestLinux – 07/12/2010

Uptime / Last OK

Espaço em Disco OK

Dmesg OK

Logs OK

Dat Anti-Vírus OK

Top - Memória / Processos / Carga OK

Processos OK

Portas Tcp Udp Abertas OK

MRTG - Tráfego OK

MRTG - Processador OK

Ipaudit Diário OK

Ipaudit Semanal OK

Squid Reports - TopSites OK

Squid Reports - TopUsers OK

Nagios - Disponibilidade HTTP 100,00%

Nagios - Disponibilidade SMTP 99,88%

Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas

[root@uem-gw]# uptime 11:40:12 up 57 days, 29 min, 1 user, load average: 4.19, 1.48, 1.15

[root@uem-gw]# last | sort -k 3 | morevpnuem ppp0 189.13.0.68 Mon Dec 6 19:57 - 20:30 (00:32) uem ftpd1214 189.3.236.211 Sat Dec 4 12:19 - 12:20 (00:01) uem ftpd1213 189.3.236.211 Sat Dec 4 12:19 - 12:29 (00:10) free ftpd7084 189.83.15.78 Wed Dec 1 12:14 - 12:32 (00:18) vpnuem ppp0 189.83.19.210 Mon Dec 6 22:38 - 22:40 (00:01) vpnuem ppp0 189.83.19.210 Mon Dec 6 22:41 - 22:48 (00:07) vpnuem ppp0 189.83.29.133 Thu Dec 2 22:46 - 07:44 (08:57) vpnuem ppp0 189.83.31.168 Thu Dec 2 21:59 - 22:30 (00:30) vpnuem ppp0 189.83.65.180 Sun Dec 5 20:43 - 21:11 (00:28) vpnuem ppp0 189.83.67.83 Sun Dec 5 18:01 - 20:39 (02:38) vpnuem ppp0 189.83.90.227 Sat Dec 4 21:02 - 22:17 (01:15) vpnuem ppp0 189.83.90.227 Sun Dec 5 08:07 - 17:33 (09:25) vpnuem ppp0 189.83.90.227 Sun Dec 5 17:33 - 17:35 (00:01) uem ftpd22485 189.84.30.195 Fri Dec 3 09:23 - 09:33 (00:09) uem ftpd22506 189.84.30.195 Fri Dec 3 09:23 - 09:33 (00:10) uem ftpd24441 189.84.30.195 Fri Dec 3 09:34 - 09:43 (00:08) uem ftpd24794 189.84.30.195 Fri Dec 3 09:48 - 09:58 (00:10) uem ftpd24963 189.84.30.195 Fri Dec 3 09:56 - 10:03 (00:07) uem ftpd25357 189.84.30.195 Fri Dec 3 10:13 - 10:13 (00:00) uem ftpd25469 189.84.30.195 Fri Dec 3 10:19 - 10:23 (00:04) uem ftpd28326 189.84.30.195 Fri Dec 3 10:37 - 10:38 (00:01) uem ftpd3350 189.84.30.195 Fri Dec 3 12:32 - 12:34 (00:02) uem ftpd3347 189.84.30.195 Fri Dec 3 12:32 - 12:41 (00:09) uem ftpd10299 189.84.30.195 Thu Dec 2 13:46 - 13:47 (00:00) uem ftpd10298 189.84.30.195 Thu Dec 2 13:46 - 13:56 (00:09) uem ftpd10308 189.84.30.195 Thu Dec 2 13:47 - 13:56 (00:09) uem ftpd10526 189.84.30.195 Thu Dec 2 13:57 - 14:06 (00:09) uem ftpd17828 189.84.30.195 Thu Dec 2 15:39 - 15:49 (00:09) uem ftpd17829 189.84.30.195 Thu Dec 2 15:40 - 15:45 (00:05) vpnuem ppp0 192.168.0.16 Fri Dec 3 18:00 - 18:02 (00:02) vpnuem ppp0 192.168.0.16 Fri Dec 3 18:05 - 18:31 (00:26) vpnuem ppp0 192.168.0.4 Tue Dec 7 06:59 - 08:04 (01:05) free ftpd32235 192.168.0.59 Wed Dec 1 10:10 - 10:10 (00:00) free ftpd32236 192.168.0.59 Wed Dec 1 10:11 - 10:21 (00:10) free ftpd681 192.168.0.59 Wed Dec 1 10:21 - 10:22 (00:00) vpnuem ppp1 192.168.0.63 Fri Dec 3 18:02 - 18:06 (00:03) collect ftpd6029 192.168.12.113 Tue Dec 7 05:37 - 05:40 (00:02) collect ftpd5987 192.168.12.113 Tue Dec 7 05:37 - 05:47 (00:09) collect ftpd4001 192.168.12.139 Mon Dec 6 09:12 - 09:12 (00:00) collect ftpd4002 192.168.12.139 Mon Dec 6 09:12 - 09:23 (00:10) collect ftpd5693 192.168.12.139 Mon Dec 6 09:24 - 09:33 (00:08) es1 ftpd24848 192.168.13.105 Sat Dec 4 09:47 - 09:47 (00:00)

Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 20G 16G 57% /varrun 1014M 276K 1014M 1% /var/runvarlock 1014M 4,0K 1014M 1% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 15G 33G 31% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 4,9G 16G 25% /ftp/Pessoal//192.168.0.105/Public 200G 184G 17G 92% /ftp/Public//192.168.0.105/Restrito 200G 184G 17G 92% /home/Restrito//192.168.0.100/CorporeRM 47G 16G 31G 35% /home/ponto//192.168.0.105/BKP-linux 78G 54G 24G 70% /backup-remoto

Dmesg

Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -

Logs

Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )

Dat Anti-Vírus

[root@uem-gw]# freshclamClamAV update process started at Tue Dec 7 11:43:58 2010WARNING: Your ClamAV installation is OUTDATED!WARNING: Local version: 0.96.3 Recommended version: 0.96.5DON'T PANIC! Read http://www.clamav.net/support/faqmain.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)daily.cld is up to date (version: 12365, sigs: 10954, f-level: 58, builder: guitar)bytecode.cld is up to date (version: 93, sigs: 16, f-level: 54, builder: edwin)

Semana Anterior:ClamAV update process started at Mon Nov 29 16:38:24 2010 main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) daily.cld is up to date (version: 12334, sigs: 6735, f-level: 54, builder: ccordes) bytecode.cld is up to date (version: 93, sigs: 16, f-level: 54, builder: edwin)

Top - Memória / Processos / Carga- Sem informações relevantes -

Processos- Sem informações relevantes -

Portas Tcp Udp Abertas

[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6506/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 6887/nrpe tcp 0 0 *:rsync *:* LISTEN 7070/rsync tcp 0 0 localhost:mysql *:* LISTEN 30766/mysqld tcp 0 0 *:webmin *:* LISTEN 7910/perl tcp 0 0 *:81 *:* LISTEN 13700/apache2 tcp 0 0 *:ftp *:* LISTEN 18322/proftpd: (acctcp 0 0 10.0.0.29:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.27:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.25:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.23:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.21:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.19:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.17:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.15:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.13:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.11:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.9:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.7:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.3:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.5:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.1:domain *:* LISTEN 5958/named tcp 0 0 192.168.1.1:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.50:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.11:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.10:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.9:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.8:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.7:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.6:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.4:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.3:domain *:* LISTEN 5958/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 5958/named

tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 5958/named tcp 0 0 192.168.0.1:domain *:* LISTEN 5958/named tcp 0 0 localhost:domain *:* LISTEN 5958/named tcp 0 0 *:3128 *:* LISTEN 2220/(squid) tcp 0 0 *:smtp *:* LISTEN 7050/master tcp 0 0 localhost:953 *:* LISTEN 5958/named tcp 0 0 *:1723 *:* LISTEN 7057/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7070/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 5958/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6283/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 22222/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 5958/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.

root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6506/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 6887/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7070/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 30766/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 7910/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 13700/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 18322/proftpd: (acctcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 2220/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7050/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7057/pptpd tcp6 0 0 :::873 :::* LISTEN 7070/rsync tcp6 0 0 :::53 :::* LISTEN 5958/named tcp6 0 0 :::22 :::* LISTEN 6283/sshd tcp6 0 0 :::3000 :::* LISTEN 22222/ntop tcp6 0 0 ::1:953 :::* LISTEN 5958/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.

MRTG - Tráfego*

Internet – eth1

Roteador Embratel

VPN Embratel – eth2

VPN Itaboraí – tun0

*VPN sem tráfego desde 17/04/2010. Este gráfico mostra tráfego mínimo, praticamente nulo.

VPN Yamana – tun1

VPN Juruti

VPN Rio Capim – tun4

VPN Zâmbia – tun6

VPN Parapigmentos*Sem atividade

UeM ADM – CPU Utilization

UeM ADM – Load

UeM GW – CPU Utilization

UeM GW – Load

*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.

Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.

Ipaudit Diário

- Sem informações relevantes -

Ipaudit Semanal (Top 10)

IP Host Name Incoming(bytes)

Outgoing(bytes)

Total(bytes)

192.168.000.001 - 226,764,320 7,566,545,192 7,793,309,512

200.243.057.005 uemnotes.uem.com.br 2,491,020,693 2,292,986,441 4,784,007,134

192.168.000.103 uemnotes.uem.com.br 867,910,288 204,011,240 1,071,921,528

200.243.057.011 - 315,421,615 119,564,120 434,985,735

192.168.008.190 - 189,889,458 23,615,225 213,504,683

200.243.057.002 correio.uem.com.br 141,040,912 60,983,689 202,024,601

200.243.057.008 - 128,448,867 42,681,010 171,129,877

192.168.000.107 uemantspam.uem.com.br 128,074,512 40,810,817 168,885,329

192.168.012.221 - 126,551,562 4,073,976 130,625,538

192.168.000.105 uemfs.uem.com.br 12,374,914 108,884,131 121,259,045

Squid Reports Semanal – 28/11/2010 a 05/12/2010

Squid Reports – TopSites

NUM ACCESSED SITE CONNECT BYTES TIME

1 osce80-en.url.trendmicro.com 124.91K 82.25M 59.61M

2 armdl.adobe.com 70.41K 1.87G 132.46M

3 www.globo.com 69.57K 150.45M 17.16M

4 www.google-analytics.com 65.50K 36.23M 13.34M

5 imagem.buscape.com.br 54.56K 57.56M 4.73M

6 au.download.windowsupdate.com 42.41K 3.02G 90.65M

7 s.glbimg.com 33.92K 264.83M 12.85M

8 ad.yieldmanager.com 32.87K 133.22M 28.16M

9 www.google.com.br 31.55K 216.36M 33.05M

10 ads.img.globo.com 28.91K 205.96M 47.47M

11 clients1.google.com.br 26.20K 24.81M 8.07M

12 p2.trrsf.com.br 25.69K 45.69M 10.82M

13 portal.uem.com.br 25.35K 91.41M 18.00M

14 pixer.meaningtool.com 25.00K 45.37M 6.61M

15 www.estadao.com.br 23.55K 163.69M 19.45M

16 thumbnails.buscape.com.br 22.23K 16.59M 2.43M

17 pagead2.googlesyndication.com 21.61K 96.21M 16.73M

18 www.lusakatimes.com 21.52K 95.03M 18.69M

19 www.netshoesgrife.com 19.24K 10.79M 7.67M

20 ad.harrenmedianetwork.com 16.28K 36.89M 9.46M

Squid Reports – TopUsers

NUM USERID CONNECT BYTES %BYTES IN-CACHE-OUT ELAPSED TIME MILISEC %TIME

1 192.168.12.221 19.08K 2.31G 7.98% 0.75% 92.56% 13:01:09 46,869,301 1.53%

2 192.168.0.8 8.26K 1.34G 4.64% 1.47% 98.53% 02:11:21 7,881,647 0.26%

3 192.168.0.13 39.74K 940.82M 3.24% 3.90% 96.10% 13:14:45 47,685,986 1.56%

4 192.168.9.219 12.95K 845.07M 2.91% 1.02% 98.98% 11:23:19 40,999,594 1.34%

5 192.168.14.206 256.60K 763.76M 2.63% 17.91% 82.09% 44:15:23 159,323,229 5.20%

6 192.168.8.121 10.30K 720.06M 2.48% 1.27% 98.73% 08:09:21 29,361,773 0.96%

7 192.168.0.95 14.61K 615.02M 2.12% 1.21% 98.79% 08:46:25 31,585,803 1.03%

8 192.168.0.75 7.33K 581.03M 2.00% 1.75% 98.25% 04:13:20 15,200,671 0.50%

9 192.168.10.104 12.43K 523.22M 1.80% 0.73% 99.27% 06:26:15 23,175,190 0.76%

10 192.168.0.96 21.51K 522.04M 1.80% 4.75% 95.25% 02:30:49 9,049,676 0.30%

11 192.168.12.236 15.50K 480.15M 1.65% 1.03% 98.97% 10:41:17 38,477,984 1.26%

12 192.168.12.241 30.75K 467.99M 1.61% 3.46% 96.54% 10:18:32 37,112,837 1.21%

13 192.168.9.105 7.02K 436.53M 1.50% 0.62% 99.38% 05:17:58 19,078,479 0.62%

14 192.168.12.228 17.03K 427.82M 1.47% 1.83% 98.17% 20:20:42 73,242,681 2.39%

15 192.168.0.166 2.89K 389.92M 1.34% 2.69% 97.31% 00:44:15 2,655,783 0.09%

16 192.168.0.92 19.11K 354.16M 1.22% 6.86% 93.14% 01:42:04 6,124,573 0.20%

17 192.168.0.73 3.64K 343.10M 1.18% 3.01% 96.99% 00:56:25 3,385,699 0.11%

18 192.168.9.100 31.81K 329.59M 1.13% 22.59% 77.41% 12:48:46 46,126,030 1.51%

19 192.168.8.187 13.60K 324.55M 1.12% 5.26% 94.74% 12:42:06 45,726,663 1.49%

20 192.168.12.217 3.75K 310.52M 1.07% 2.77% 97.23% 12:21:59 44,519,967 1.45%

Squid Reports – Tentativas de acesso a Sites Indevidos

LOCAL ACESSADO IPwww.celebritymoviezone.com 192.168.12.228www.celebritynudeclips.net 192.168.12.228www.celebritysextapearchives.com 192.168.12.228www.celebritysiterank.com 192.168.12.101www.pornimghost.com 192.168.12.226

Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.

Trend Micro - InterScan Messaging Security Suite

DADOS DO SISTEMA

NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.200.1012 9.200.1012 9.120.1012Virus pattern 7.685.00 7.685.00 7.661.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.147.00 0.147.00 0.145.00IntelliTrap exceptions 0.609.00 0.609.00 0.607.00Anti-spam engine 6.0.1038 6.0.1038 6.0.1038Spam pattern 17816.000 17816.000 17798.006IMSS Version 7.0-Build_Linux_3216 N/A

ESTATÍSTICAS

PERÍODO: ÚLTIMOS 7 DIAS

RESUMO

Scanning Conditions Total %Malicious code 3 0%Spyware/grayware 0 0%Spam 33808 25.76%Phish 0 0%Attachment 0 0%Size 0 0%Content 556 0.42%Others 0 0%Scanning exceptions 18 0.01%

GRÁFICOS – PERÍODO 28/11/2010 A 04/12/2010Spam by Action

Spam ActionsDetections Message % Size (MB)

Total spam message count 114340 100.00 335.960

Quarantined 35707 31.23 335.960

Deleted 0 0.00 0.000

Tagged 35707 31.23 335.960

Other 0 0.00 0.000

Rejected by NRS 78633 68.77 N/A

Rejected by IP Profiler 0 0.00 N/A

Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %

1informatica@uem.com.br 1001 322 32.17 4.331 20.882diretoria@uem.com.br 533 317 59.47 4.665 12.353comercial@uem.com.br 563 266 47.25 4.312 8.924jamily.fazza@uem.com.br 414 243 58.70 3.848 31.345claudia.santos@uem.com.br 321 235 73.21 3.649 33.196angelo.navarro@uem.com.br 453 220 48.57 1.577 4.397tatiana.assis@uem.com.br 457 219 47.92 2.459 6.308clovis@uem.com.br 259 214 82.63 3.339 22.179kiko.schlinz@uem.com.br 426 213 50.00 3.846 14.85

10angelo@uem.com.br 259 208 80.31 1.859 49.76

Virus and Malicious Code Summary

Detections Message %

Total detections 4 100.00

Messages deleted 0 0.00

Messages quarantined 4 100.00

Attachments cleaned 0 0.00

Messages with attachments deleted 4 100.00

Messages blocked by IP Profiler 0 0.00

Top 10 Virus and Malicious Code Detections1Possible_Virus 22JS_REDIREC.SMZ 13JS_NIMDA.A 14N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0

10N/A 0

Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %

1maximira.anjos@uem.com.br 30 1 3.33 0.699 33.822caique@uem.com.br 166 1 0.60 0.004 0.303atanael.alexandre@uem.com.br 2 1 50.00 0.004 51.914dalila.mendes@uem.com.br 8 1 12.50 0.699 96.815N/A 0 0 0.00 0.000 0.006N/A 0 0 0.00 0.000 0.007N/A 0 0 0.00 0.000 0.008N/A 0 0 0.00 0.000 0.009N/A 0 0 0.00 0.000 0.00

10N/A 0 0 0.00 0.000 0.00

CACTI – Gráficos

Período de 30/11/2010 a 07/12/2010

UEMFS

UEMICA

UEMNOTES

UEMPRD

UEMRMSA

Nagios

Disponibilidade – últimos 7 dias

Host Service % Time OK% Time Warning

% Time Unknown

% Time Critical

% Time Undetermined

internet_embratel Rede_Ping99.932% (99.932%)

0.000% (0.000%)

0.000% (0.000%)

0.068% (0.068%) 0.000%

link-juruti Rede_Ping93.880% (93.880%)

0.000% (0.000%)

0.000% (0.000%)

6.120% (6.120%) 0.000%

link-riocapim Rede_Ping90.552% (90.552%)

0.035% (0.035%)

0.000% (0.000%)

9.413% (9.413%) 0.000%

link-yamana Rede_Ping99.607% (99.607%)

0.000% (0.000%)

0.000% (0.000%)

0.393% (0.393%) 0.000%

link-zambia Rede_Ping97.249% (97.249%)

0.000% (0.000%)

0.000% (0.000%)

2.751% (2.751%) 0.000%

nagios_remoto Rede_Http99.873% (99.873%)

0.000% (0.000%)

0.000% (0.000%)

0.127% (0.127%) 0.000%

router_ebt_voip Rede_Ping99.879% (99.879%)

0.000% (0.000%)

0.000% (0.000%)

0.121% (0.121%) 0.000%

Rede_Telnet99.899% (99.899%)

0.000% (0.000%)

0.000% (0.000%)

0.101% (0.101%) 0.000%

router_intel Rede_Ping99.896% (99.896%)

0.000% (0.000%)

0.000% (0.000%)

0.104% (0.104%) 0.000%

Rede_Telnet99.899% (99.899%)

0.000% (0.000%)

0.000% (0.000%)

0.101% (0.101%) 0.000%

site_embratel Rede_Ping99.949% (99.949%)

0.000% (0.000%)

0.000% (0.000%)

0.051% (0.051%) 0.000%

storage-119 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

storage-120 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-B Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-C Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-D Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-E Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-F Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

uem-adm Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Processos100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Users100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Http:82100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

uem-gw Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_backup

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_bkpremoto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_pessoal

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_public

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_home_ponto

99.950% (99.950%)

0.000% (0.000%)

0.000% (0.000%)

0.050% (0.050%)

0.000%

Local_Disk_home_restrito

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Processos 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Users 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Dns 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ftp 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Http:81 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Squid:3128 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemantspam-imss Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TrendImss 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TrendPolices

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemap-aplicacao Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembdc Rede_Active Directory

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembes-blackberry Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_LotusDomino

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemdev Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemfs-fileserver Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_NetBios 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemica-metaframe Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Metaframe 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TS 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemmine-database Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Sql 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemnotes-correio Rede_Https 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ldap 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Smtp 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemprd Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemrmsa-database Rede_Oracle 99.919% (99.919%)

0.000% (0.000%)

0.000% (0.000%)

0.081% (0.081%)

0.000%

Rede_Ping 99.919% (99.919%)

0.000% (0.000%)

0.000% (0.000%)

0.081% (0.081%)

0.000%

uemvm-vmware Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

vm-isodoc Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Postgresql 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Average 99.732% (99.732%)

0.000% (0.000%)

0.000% (0.000%)

0.268% (0.268%)

0.000%

NTOP

Trend Micro - Office Scan

Update Status for Networked Computers

* itens marcados com a cor amarela possuem a mesma versão da semana anterior

Top 10 Security Risk Statistics for Networked Computers

Virus/Malware Statistics:

Virus/Malware

Name Infections

HTML_IFRAME.AUO 13597

Mal_Otorun1 4005

PE_MABEZAT.B-O 3835

Mal_Sality 1607

TSC_GENCLEAN 1224

WORM_OTOIT.SMT 1181

TROJ_Generic.DIT 1098

TROJ_DLOADE.FF 975

Mal_Otorun2 940

PAK_Generic.001 890

Infected Computers

Name Detections Log

UEMMBB27 8264 View

UEMMBB202 5328 View

SAFETY 4101 View

UEMPABX 1122 View

UEMFS 700 View

UEMMBB312 443 View

UEMOP956 349 View

UEMOP509 247 View

UEMOP954 247 View

UEMMBB204 238 View

Infection Source

Name Detections

192.168.9.242\ADMINISTRADOR 70

192.168.4.12\KEILLA REGINA 35

192.168.9.38\ADMINISTRADOR 34

\\192.168.0.133\GUEST 22

\\192.168.0.131\GUEST 21

RAR-29A45523705\ROTINARC 19

192.168.9.250\ADMINISTRADOR 16

\\[fe80::c5b5:9711:6e96:4124]\Guest 16

\\UEMZMSPL\Guest 16

\\UEMZMSPL\ANONYMOUS LOGON 16

Spyware/Grayware Statistics:

Spyware/Grayware

Name Infections

GRAY_Gen 171

HKTL_ULTRASURF 76

SPYW_ARDAKEY 69

GRAY_GEN.0Z1013S 69

CRCK_KEYGEN 50

ADW_SAVENOW.BO 29

HKTL_USURF 25

GRAY_Sml 22

CRCK_JBEAN 21

ADW_WEBDIR.AC 12

Infected Computers

Name Detections Log

UEMFS 217 View

UEMPABX 71 View

UEMICA 69 View

UEMOP421 14 View

UEMMBB163 13 View

UEMOP964 10 View

UEMMBB53 8 View

UEMOP416 5 View

UEMOP954 5 View

UEMMBB01 4 View