Relatório Semanal U&M - InvestLinux – 08/11/2010

Uptime / Last OK

Espaço em Disco OK

Dmesg OK

Logs OK

Dat Anti-Vírus OK

Top - Memória / Processos / Carga OK

Processos OK

Portas Tcp Udp Abertas OK

MRTG - Tráfego OK

MRTG - Processador OK

Ipaudit Diário OK

Ipaudit Semanal OK

Squid Reports - TopSites OK

Squid Reports - TopUsers OK

Nagios - Disponibilidade HTTP 100,00%

Nagios - Disponibilidade SMTP 100,00%

Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas

[root@uem-gw]# uptime 22:07:44 up 28 days, 10:57, 1 user, load average: 0.01, 0.07, 0.08

[root@uem-gw]# last | sort -k 3 | moreuem ftpd29470 187.116.184.201 Wed Nov 3 10:31 - 10:31 (00:00) uem ftpd29475 187.116.184.201 Wed Nov 3 10:31 - 10:57 (00:26) uem ftpd29703 187.116.184.201 Wed Nov 3 10:37 - 10:37 (00:00) uem ftpd29772 187.116.184.201 Wed Nov 3 10:40 - 10:55 (00:14) uem ftpd29839 187.116.184.201 Wed Nov 3 10:42 - 10:42 (00:00) uem ftpd29848 187.116.184.201 Wed Nov 3 10:42 - 10:44 (00:01) uem ftpd22661 187.116.90.188 Thu Nov 4 11:30 - 11:30 (00:00) uem ftpd22682 187.116.90.188 Thu Nov 4 11:30 - 11:40 (00:10) uem ftpd17711 189.2.22.62 Mon Nov 1 16:27 - 16:32 (00:04) uem ftpd17716 189.2.22.62 Mon Nov 1 16:28 - 16:30 (00:02) uem ftpd5816 189.3.236.211 Sat Nov 6 09:48 - 09:58 (00:09) uem ftpd5817 189.3.236.211 Sat Nov 6 09:48 - 09:58 (00:10) uem ftpd5916 189.3.236.211 Sat Nov 6 09:53 - 09:53 (00:00) uem ftpd26443 189.3.236.211 Tue Nov 2 14:37 - 14:47 (00:09) uem ftpd26444 189.3.236.211 Tue Nov 2 14:37 - 14:47 (00:10) uem ftpd26475 189.3.236.211 Tue Nov 2 14:39 - 14:39 (00:00) uem ftpd26476 189.3.236.211 Tue Nov 2 14:39 - 14:39 (00:00) uem ftpd26482 189.3.236.211 Tue Nov 2 14:40 - 14:40 (00:00) uem ftpd26483 189.3.236.211 Tue Nov 2 14:40 - 14:41 (00:01) uem ftpd26755 189.3.236.211 Tue Nov 2 14:51 - 14:51 (00:00) uem ftpd26756 189.3.236.211 Tue Nov 2 14:51 - 14:51 (00:00) uem ftpd26749 189.3.236.211 Tue Nov 2 14:51 - 14:57 (00:06) uem ftpd26800 189.3.236.211 Tue Nov 2 14:52 - 14:52 (00:00) uem ftpd26801 189.3.236.211 Tue Nov 2 14:52 - 14:53 (00:00) uem ftpd4276 189.3.236.211 Wed Nov 3 12:45 - 12:55 (00:10) uem ftpd4277 189.3.236.211 Wed Nov 3 12:45 - 12:55 (00:10) uem ftpd4291 189.3.236.211 Wed Nov 3 12:46 - 12:48 (00:01) uem ftpd4384 189.3.236.211 Wed Nov 3 12:48 - 12:49 (00:01) uem ftpd12250 189.3.236.211 Wed Nov 3 15:06 - 15:16 (00:09) uem ftpd12251 189.3.236.211 Wed Nov 3 15:07 - 15:17 (00:10) vpnuem ppp0 189.83.109.147 Sun Nov 7 21:08 - 22:58 (01:50) vpnuem ppp0 189.83.59.179 Thu Nov 4 18:41 - 06:50 (12:09) uem ftpd19526 189.84.30.195 Wed Nov 3 17:17 - 17:27 (00:09) uem ftpd19531 189.84.30.195 Wed Nov 3 17:17 - 17:28 (00:10) uem ftpd21612 189.84.30.195 Wed Nov 3 17:24 - 17:24 (00:00) uem ftpd21617 189.84.30.195 Wed Nov 3 17:24 - 17:25 (00:01) uem ftpd22089 189.84.30.195 Wed Nov 3 17:44 - 17:44 (00:00) uem ftpd22090 189.84.30.195 Wed Nov 3 17:44 - 17:54 (00:10) collect ftpd17956 192.168.12.113 Mon Nov 8 12:16 - 12:20 (00:03) collect ftpd17951 192.168.12.113 Mon Nov 8 12:16 - 12:26 (00:09) collect ftpd17968 192.168.12.113 Mon Nov 8 12:17 - 12:30 (00:13) collect ftpd18602 192.168.12.113 Mon Nov 8 12:18 - 12:19 (00:00)

Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 19G 17G 54% /varrun 1014M 272K 1014M 1% /var/runvarlock 1014M 4,0K 1014M 1% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 15G 33G 31% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 4,3G 16G 22% /ftp/Pessoal//192.168.0.105/Public 200G 182G 19G 91% /ftp/Public//192.168.0.105/Restrito 200G 182G 19G 91% /home/Restrito//192.168.0.100/CorporeRM 47G 17G 30G 36% /home/ponto//192.168.0.105/BKP-linux 78G 54G 24G 70% /backup-remoto

Dmesg

Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -

Logs

Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )

Dat Anti-Vírus

[root@uem-gw]# freshclamClamAV update process started at Mon Nov 8 22:10:31 2010main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)daily.cld is up to date (version: 12221, sigs: 145519, f-level: 53, builder: arnaud)bytecode.cld is up to date (version: 89, sigs: 10, f-level: 53, builder: edwin)

Semana Anterior:ClamAV update process started at Wed Nov 3 13:20:50 2010 main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven) daily.cld is up to date (version: 12199, sigs: 144347, f-level: 53, builder: guitar) bytecode.cld is up to date (version: 88, sigs: 10, f-level: 53, builder: edwin)

Top - Memória / Processos / Carga- Sem informações relevantes -

Processos- Sem informações relevantes -

Portas Tcp Udp Abertas

[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6506/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 6887/nrpe tcp 0 0 *:rsync *:* LISTEN 7070/rsync tcp 0 0 localhost:mysql *:* LISTEN 6386/mysqld tcp 0 0 *:webmin *:* LISTEN 7910/perl tcp 0 0 *:81 *:* LISTEN 396/apache2 tcp 0 0 *:ftp *:* LISTEN 15715/proftpd: (acctcp 0 0 10.0.0.29:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.27:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.25:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.23:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.21:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.19:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.17:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.15:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.13:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.11:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.9:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.7:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.3:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.5:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.1:domain *:* LISTEN 5958/named tcp 0 0 192.168.1.1:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.50:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.11:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.10:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.9:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.8:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.7:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.6:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.4:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.3:domain *:* LISTEN 5958/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 5958/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 5958/named tcp 0 0 192.168.0.1:domain *:* LISTEN 5958/named tcp 0 0 localhost:domain *:* LISTEN 5958/named tcp 0 0 *:3128 *:* LISTEN 27933/(squid) tcp 0 0 *:smtp *:* LISTEN 7050/master

tcp 0 0 localhost:953 *:* LISTEN 5958/named tcp 0 0 *:1723 *:* LISTEN 7057/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7070/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 5958/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6283/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 15927/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 5958/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.

root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6506/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 6887/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7070/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6386/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 7910/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 396/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 15715/proftpd: (acctcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 27933/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7050/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7057/pptpd tcp6 0 0 :::873 :::* LISTEN 7070/rsync tcp6 0 0 :::53 :::* LISTEN 5958/named tcp6 0 0 :::22 :::* LISTEN 6283/sshd tcp6 0 0 :::3000 :::* LISTEN 15927/ntop tcp6 0 0 ::1:953 :::* LISTEN 5958/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.

MRTG - Tráfego*

Internet – eth1

Roteador Embratel

VPN Embratel – eth2

VPN Itaboraí – tun0

*VPN sem tráfego desde 17/04/2010. Este gráfico mostra tráfego mínimo, praticamente nulo.

VPN Yamana – tun1

* Tráfego elevado no dia 07/11/2010 (domingo), causado principalmente pelo ip 192.168.8.190. Veja detalhes em: http://correio.uem.com.br:81/~ipaudit/cgi-bin/SearchIpauditData?date=2010-11-07-10:00&ip=192.168.008.190&sort=0

VPN Juruti

VPN Rio Capim – tun4

VPN Zâmbia – tun6

VPN Parapigmentos*Sem atividade

UeM ADM – CPU Utilization

UeM ADM – Load

UeM GW – CPU Utilization

UeM GW – Load

*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.

Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.

Ipaudit Diário

- Sem informações relevantes -

Ipaudit Semanal (Top 10)

IP Host Name Incoming(bytes)

Outgoing(bytes)

Total(bytes)

200.243.057.005 uemnotes.uem.com.br 9,059,776,065 5,375,161,419 14,434,937,484

192.168.000.001 - 1,327,002,961 7,513,778,203 8,840,781,164

192.168.000.035 uemop607.uem.com.br 2,906,728,859 57,698,003 2,964,426,862

192.168.000.103 uemnotes.uem.com.br 1,058,358,862 791,859,599 1,850,218,461

200.243.057.008 - 1,089,780,721 229,036,372 1,318,817,093

200.243.057.011 - 921,660,275 371,453,856 1,293,114,131

192.168.008.190 uemop959.uem.com.br 795,004,672 94,296,529 889,301,201

192.168.000.107 uemantspam.uem.com.br 494,416,469 165,667,073 660,083,542

192.168.000.007 uemmbb36.uem.com.br 615,114,800 21,948,182 637,062,982

200.243.057.002 correio.uem.com.br 483,865,114 77,575,061 561,440,175

Squid Reports Semanal – 31/10/2010 a 07/11/2010

Squid Reports – TopSites

NUM ACCESSED SITE CONNECT BYTES TIME

1 osce80-en.url.trendmicro.com 131.19K 85.58M 65.43M

2 armdl.adobe.com 85.28K 1.92G 49.83M

3 imagem2.buscape.com.br 83.87K 68.03M 5.51M

4 www.globo.com 59.60K 126.07M 16.09M

5 www.google-analytics.com 59.45K 36.76M 14.52M

6 www.ufxbank.com 46.84K 28.19M 17.23M

7 au.download.windowsupdate.com 46.44K 1.13G 97.02M

8 s.glbimg.com 35.67K 383.28M 14.63M

9 www.google.com.br 24.89K 159.92M 20.27M

10 ads.img.globo.com 23.86K 151.53M 22.97M

11 www.netshoes.com.br 23.31K 136.96M 12.81M

12 clients1.google.com.br 22.08K 11.79M 7.38M

13 portal.uem.com.br 18.97K 143.45M 11.69M

14 www.postzambia.com 17.40K 93.87M 23.78M

15 p2.trrsf.com.br 15.28K 21.90M 2.81M

16 l.yimg.com 14.81K 97.59M 8.69M

17 pagead2.googlesyndication.com 13.84K 59.95M 7.39M

18 globoesporte.globo.com 13.38K 78.76M 5.68M

19 g1.globo.com 13.00K 74.36M 8.37M

20 www.estadao.com.br 12.15K 79.57M 54.61M

Squid Reports – TopUsers

NUMUSERID CONNECT BYTES %BYTES IN-CACHE-OUT ELAPSED TIME MILISEC %TIME

1 192.168.0.35 8.59K 9.20G 26.20% 0.07% 23.32% 10:20:36 37,236,080 1.36%

2 192.168.0.7 27.10K 3.01G 8.57% 0.79% 71.30% 10:45:38 38,738,281 1.41%

3 192.168.0.12 7.72K 1.43G 4.08% 0.39% 99.61% 04:29:44 16,184,276 0.59%

4 192.168.0.29 17.61K 876.29M 2.49% 2.57% 97.43% 05:07:58 18,478,463 0.67%

5 192.168.0.76 1.20K 756.73M 2.15% 0.05% 99.95% 06:47:39 24,459,142 0.89%

6 192.168.0.5 19.38K 626.39M 1.78% 1.74% 98.26% 06:09:23 22,163,787 0.81%

7 192.168.8.190 32.83K 561.51M 1.60% 7.43% 92.57% 10:03:30 36,210,618 1.32%

8 192.168.12.241 26.87K 495.58M 1.41% 2.85% 97.15% 13:40:41 49,241,832 1.79%

9 192.168.12.227 44.16K 480.61M 1.37% 18.94% 81.06% 22:58:17 82,697,002 3.01%

10 192.168.9.100 38.45K 453.95M 1.29% 11.94% 88.06% 10:55:55 39,355,557 1.43%

11 192.168.10.162 14.21K 431.13M 1.23% 3.96% 96.04% 14:37:06 52,626,388 1.92%

12 192.168.10.217 82.00K 396.64M 1.13% 12.40% 87.60% 16:33:40 59,620,733 2.17%

13 192.168.12.174 19.48K 393.44M 1.12% 4.73% 95.27% 07:04:39 25,479,277 0.93%

14 192.168.12.201 24.27K 378.44M 1.08% 4.33% 95.67% 09:48:54 35,334,063 1.29%

15 192.168.0.48 9.11K 368.62M 1.05% 3.02% 96.98% 03:41:17 13,277,339 0.48%

16 192.168.0.79 18.18K 343.24M 0.98% 1.16% 98.84% 02:06:00 7,560,489 0.28%

17 192.168.12.126 41.46K 337.09M 0.96% 8.89% 91.11% 11:47:43 42,463,456 1.55%

18 192.168.12.204 3.42K 321.37M 0.91% 0.77% 99.23% 05:41:31 20,491,421 0.75%

19 192.168.12.226 11.52K 317.32M 0.90% 4.99% 95.01% 13:24:59 48,299,472 1.76%

20 192.168.12.218 9.28K 313.95M 0.89% 2.57% 97.43% 04:52:58 17,578,380 0.64%

Squid Reports – Tentativas de acesso a Sites Indevidos

LOCAL ACESSADO IPwww.adult-profit-files.com 192.168.12.234www.celebrity-worship.com 192.168.12.234www.celebrityf.com 192.168.12.234www.celebsandstarsnude.com 192.168.12.234www.celebsfilms.com 192.168.12.234www.celebskin.net 192.168.12.234www.celebx.net 192.168.12.234www.sensualsexshop.com.br 192.168.0.7www.videosadulto.org 192.168.0.14

Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.

Trend Micro - InterScan Messaging Security Suite

DADOS DO SISTEMA

NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.200.1012 9.200.1012 9.120.1012Virus pattern 7.601.00 7.601.00 7.589.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.143.00 0.143.00 0.143.00IntelliTrap exceptions 0.597.00 0.597.00 0.597.00Anti-spam engine 6.0.1038 6.0.1038 6.0.1038Spam pattern 17754.003 17754.003 17744.000IMSS Version 7.0-Build_Linux_3216 N/A

ESTATÍSTICAS

PERÍODO: ÚLTIMOS 7 DIAS

RESUMO

Scanning Conditions Total %Malicious code 29 0.03%Spyware/grayware 0 0%Spam 24742 25.62%Phish 0 0%Attachment 0 0%Size 0 0%Content 537 0.56%Others 0 0%Scanning exceptions 15 0.02%

GRÁFICOS – PERÍODO 31/10/2010 A 06/11/2010Spam by Action

Spam ActionsDetections Message % Size (MB)

Total spam message count 81354 100.00 211.876

Quarantined 21502 26.43 211.876

Deleted 0 0.00 0.000

Tagged 21502 26.43 211.876

Other 0 0.00 0.000

Rejected by NRS 59852 73.57 N/A

Rejected by IP Profiler 0 0.00 N/A

Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %

1diretoria@uem.com.br 441 245 55.56 6.091 20.752jamily.fazza@uem.com.br 376 213 56.65 3.119 23.403angelo.navarro@uem.com.br 410 205 50.00 1.473 3.394kiko.schlinz@uem.com.br 363 199 54.82 2.117 6.325comercial@uem.com.br 337 196 58.16 3.079 7.466claudia.santos@uem.com.br 245 185 75.51 1.522 9.807angelo@uem.com.br 201 165 82.09 1.915 63.498evandro.rodrigo@uem.com.br 220 165 75.00 2.024 17.889uem@uem.com.br 208 162 77.88 1.415 35.55

10rafael.nogueira@uem.com.br 422 137 32.46 1.289 6.30

Virus and Malicious Code Summary

Detections Message %

Total detections 24 100.00

Messages deleted 0 0.00

Messages quarantined 24 100.00

Attachments cleaned 0 0.00

Messages with attachments deleted 24 100.00

Messages blocked by IP Profiler 0 0.00

Top 10 Virus and Malicious Code Detections1TROJ_REFROSO.GB 222Possible_Virus 13TROJ_BUZUS.EV 14N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0

10N/A 0

Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %

1ramon.costad@uem.com.br 29 2 6.90 0.091 46.262dmauricio.cortes@uem.com.br 35 2 5.71 0.091 42.983rcelon@uem.com.br 23 1 4.35 0.046 53.044azza@uem.com.br 12 1 8.33 0.046 66.605ppegorarodd@uem.com.br 23 1 4.35 0.046 47.726amdsalves@uem.com.br 29 1 3.45 0.046 44.597ramon.costa@uem.com.br 82 1 1.22 0.046 8.068uem@uem.com.br 208 1 0.48 0.046 1.159azotarelli@uem.com.br 46 1 2.17 0.046 21.35

10rcela.ferrazdd@uem.com.br 44 1 2.27 0.046 24.24

CACTI – Gráficos

Período de 01/11/2010 a 08/11/2010

UEMFS

UEMICA

UEMNOTES

UEMPRD

UEMRMSA

Nagios

Disponibilidade – últimos 7 dias

Host Service % Time OK% Time Warning

% Time Unknown

% Time Critical

% Time Undetermined

internet_embratel Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

link-juruti Rede_Ping94.314% (94.314%)

0.000% (0.000%)

0.000% (0.000%)

5.686% (5.686%) 0.000%

link-riocapim Rede_Ping92.529% (92.529%)

0.000% (0.000%)

0.000% (0.000%)

7.471% (7.471%) 0.000%

link-yamana Rede_Ping99.743% (99.743%)

0.049% (0.049%)

0.000% (0.000%)

0.208% (0.208%) 0.000%

link-zambia Rede_Ping89.919% (89.919%)

0.000% (0.000%)

0.000% (0.000%)

10.081% (10.081%) 0.000%

nagios_remoto Rede_Http99.902% (99.902%)

0.000% (0.000%)

0.000% (0.000%)

0.098% (0.098%) 0.000%

router_ciscoRede_Ping_ObrasEmbratel

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Telnet100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

router_intel Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Telnet100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

site_embratel Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

storage-119 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

storage-120 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-B Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-C Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-D Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-E Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-F Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

uem-adm Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Processos100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Users100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Http:82100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

uem-gw Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_backup100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_bkpremoto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_pessoal

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_public

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_home_ponto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_home_restrito

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Processos 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Users 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Dns 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ftp 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Http:81 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Squid:3128 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemantspam-imss Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TrendImss 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TrendPolices 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemap-aplicacao Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembdc Rede_Active Directory

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembes-blackberry Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_LotusDomino 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 99.950% (99.950%)

0.000% (0.000%)

0.000% (0.000%)

0.050% (0.050%)

0.000%

uemdev Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemfs-fileserver Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_NetBios 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemica-metaframe Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Metaframe 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TS 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemmine-database Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Sql 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemnotes-correio Rede_Https 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ldap 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Smtp 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemprd Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemrmsa-database Rede_Oracle 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemvm-vmware Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

vm-isodoc Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Postgresql 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Average 99.676% (99.676%)

0.001% (0.001%)

0.000% (0.000%)

0.323% (0.323%)

0.000%

NTOP

Trend Micro - Office Scan

Update Status for Networked Computers

* itens marcados com a cor amarela possuem a mesma versão da semana anterior

Top 10 Security Risk Statistics for Networked Computers

Virus/Malware Statistics:

Virus/Malware

Name Infections

HTML_IFRAME.AUO 11211

Mal_Otorun1 3993

PE_MABEZAT.B-O 3835

Mal_Sality 1607

WORM_OTOIT.SMT 1181

TROJ_Generic.DIT 1098

TSC_GENCLEAN 1036

TROJ_DLOADE.FF 975

Mal_Otorun2 922

BAT_BANKER.LEZC 781

Infected Computers

Name Detections Log

UEMMBB27 7756 View

SAFETY 4101 View

UEMMBB202 3447 View

UEMPABX 1107 View

UEMFS 694 View

UEMMBB312 431 View

UEMZMWS 361 View

UEMOP956 349 View

UEMOP952 226 View

UEMOP954 219 View

Infection Source

Name Detections

192.168.9.242\ADMINISTRADOR 70

192.168.4.12\KEILLA REGINA 35

192.168.9.38\ADMINISTRADOR 34

\\192.168.0.133\GUEST 22

\\192.168.0.131\GUEST 21

RAR-29A45523705\ROTINARC 19

\\[fe80::c5b5:9711:6e96:4124]\Guest 16

192.168.9.250\ADMINISTRADOR 16

\\UEMZMSPL\Guest 16

\\UEMZMSPL\ANONYMOUS LOGON 16

Spyware/Grayware Statistics:

Spyware/Grayware

Name Infections

GRAY_Gen 171

HKTL_ULTRASURF 74

GRAY_GEN.0Z1013S 65

SPYW_ARDAKEY 44

CRCK_KEYGEN 39

ADW_SAVENOW.BO 29

HKTL_USURF 25

GRAY_Sml 22

CRCK_JBEAN 20

ADW_WEBDIR.AC 12

Infected Computers

Name Detections Log

UEMFS 217 View

UEMICA 65 View

UEMPABX 46 View

UEMOP753 14 View

UEMOP421 14 View

UEMMBB163 13 View

UEMOP964 5 View

UEMOP416 5 View

UEMOP755 5 View

UEMOP954 5 View