Relatório Semanal U&M - InvestLinux – 10/09/2012

Uptime / Last OK

Espaço em Disco OK

Dmesg OK

Logs OK

Dat Anti-Vírus OK

Top - Memória / Processos / Carga OK

Processos OK

Portas Tcp Udp Abertas OK

MRTG - Tráfego OK

MRTG - Processador OK

Ipaudit Diário OK

Ipaudit Semanal OK

Squid Reports - TopSites OK

Squid Reports - TopUsers OK

Nagios - Disponibilidade HTTP 100,00%

Nagios - Disponibilidade SMTP 100,00%

Uptime / LastUptime (Tempo Online do Servidor) Last (Conexões remotas)

[root@uem-gw]# uptime 22:03:03 up 68 days, 7:31, 2 users, load average: 0.16, 0.11, 0.11

[root@uem-gw]# last | sort -k 3 | morevpnuem ppp0 177.182.1.104 Thu Sep 6 16:48 - 16:55 (00:07) ftp ftpd22346 177.78.100.116 Wed Sep 5 14:45 - 14:51 (00:06) uem ftpd17884 189.3.236.211 Fri Sep 7 08:33 - 08:33 (00:00) uem ftpd17899 189.3.236.211 Fri Sep 7 08:33 - 08:35 (00:01) uem ftpd20421 189.3.236.211 Fri Sep 7 08:36 - 08:36 (00:00) uem ftpd20441 189.3.236.211 Fri Sep 7 08:36 - 08:41 (00:04) vpnuem ppp0 189.3.236.211 Mon Sep 10 09:18 - 10:29 (01:10) vpnuem ppp0 189.3.236.211 Mon Sep 10 10:39 - 10:42 (00:03) vpnuem ppp0 189.3.236.211 Mon Sep 10 11:32 - 13:25 (01:52) vpnuem ppp0 189.83.132.147 Sun Sep 2 11:45 - 13:12 (01:27) vpnuem ppp0 189.83.132.147 Sun Sep 2 20:23 - 20:33 (00:09) uemcc ftpd6550 190.242.110.138 Mon Sep 10 20:55 - 21:05 (00:09) uemcc ftpd6553 190.242.110.138 Mon Sep 10 20:55 - 21:40 (00:44) uemcc ftpd13868 192.168.0.168 Mon Sep 10 16:41 - 16:41 (00:00) uemcc ftpd13870 192.168.0.168 Mon Sep 10 16:41 - 16:51 (00:10) uemcc ftpd23435 192.168.0.168 Mon Sep 10 18:24 - 18:24 (00:00) uemcc ftpd23453 192.168.0.168 Mon Sep 10 18:24 - 18:34 (00:10) root pts/1 192.168.0.172 Wed Sep 5 13:43 - 14:03 (00:19) uem ftpd30805 192.168.0.199 Thu Sep 6 16:47 - 16:47 (00:00) uem ftpd30809 192.168.0.199 Thu Sep 6 16:47 - 16:47 (00:00) uemcc ftpd23071 192.168.0.214 Mon Sep 10 18:22 - 18:22 (00:00) uemcc ftpd23111 192.168.0.214 Mon Sep 10 18:22 - 18:24 (00:01) collect ftpd12862 192.168.12.242 Tue Sep 4 10:44 - 10:44 (00:00) collect ftpd12870 192.168.12.242 Tue Sep 4 10:44 - 10:54 (00:10) collect ftpd13855 192.168.12.242 Tue Sep 4 11:04 - 11:15 (00:11) free ftpd15715 192.168.6.113 Tue Sep 4 11:22 - 11:22 (00:00) free ftpd15774 192.168.6.113 Tue Sep 4 11:22 - 11:32 (00:10) epsa ftpd27264 90.red-81-45-239 Tue Sep 4 12:54 - 13:13 (00:19) ftp ftpd13851 alloy.tomsk.ru Mon Sep 3 05:54 - 05:54 (00:00) free ftpd2099 mxrio.andrade.ad Mon Sep 10 10:12 - 10:23 (00:10) free ftpd7568 mxrio.andrade.ad Mon Sep 10 10:56 - 11:08 (00:11) free ftpd12893 mxrio.andrade.ad Mon Sep 10 11:43 - 11:57 (00:13) free ftpd21543 mxrio.andrade.ad Mon Sep 10 18:12 - 18:25 (00:13) free ftpd30253 mxrio.andrade.ad Wed Sep 5 15:58 - 16:11 (00:13) free ftpd30660 mxrio.andrade.ad Wed Sep 5 16:05 - 16:15 (00:10) free ftpd31402 mxrio.andrade.ad Wed Sep 5 16:18 - 16:24 (00:05) free ftpd32019 mxrio.andrade.ad Wed Sep 5 16:24 - 16:24 (00:00) free ftpd1341 mxrio.andrade.ad Wed Sep 5 16:28 - 16:35 (00:07)

Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 30G 5,7G 85% /varrun 1014M 268K 1014M 1% /var/runvarlock 1014M 0 1014M 0% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 19G 30G 39% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/BKP-linux 30G 15G 16G 50% /backup-remoto//192.168.0.105/Pessoal 20G 16G 4,5G 78% /ftp/Pessoal//192.168.0.105/Public 200G 160G 41G 80% /ftp/Public//192.168.0.105/Restrito 200G 160G 41G 80% /home/Restrito//192.168.0.100/CorporeRM 47G 23G 25G 48% /home/ponto

Dmesg

Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -

Logs

Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )

Dat Anti-Vírus

[root@uem-gw]# freshclamClamAV update process started at Mon Sep 10 22:11:38 2012main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)daily.cld is up to date (version: 15339, sigs: 261597, f-level: 63, builder: guitar)bytecode.cld is up to date (version: 188, sigs: 38, f-level: 63, builder: neo)

Semana Anterior:ClamAV update process started at Tue Sep 4 12:46:58 2012 main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cld is up to date (version: 15311, sigs: 260527, f-level: 63, builder: neo) bytecode.cld is up to date (version: 188, sigs: 38, f-level: 63, builder: neo)

Top - Memória / Processos / Carga- Sem informações relevantes -

Processos- Sem informações relevantes -

Portas Tcp Udp Abertas[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6444/postgrey.pid -tcp 0 0 *:10050 *:* LISTEN 906/zabbix_agentdtcp 0 0 192.168.0.1:5666 *:* LISTEN 6951/nrpe tcp 0 0 *:rsync *:* LISTEN 7172/rsync tcp 0 0 localhost:mysql *:* LISTEN 6364/mysqld tcp 0 0 *:webmin *:* LISTEN 8855/perl tcp 0 0 *:81 *:* LISTEN 7402/apache2 tcp 0 0 *:ftp *:* LISTEN 23649/proftpd: (acctcp 0 0 200.199.9.234:domain *:* LISTEN 6032/named tcp 0 0 192.168.0.2:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.29:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.27:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.25:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.23:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.21:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.19:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.17:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.15:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.13:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.11:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.9:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.7:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.3:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.5:domain *:* LISTEN 6032/named tcp 0 0 10.0.0.1:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.12:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.50:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.11:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.10:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.9:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.8:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.7:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.6:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.4:domain *:* LISTEN 6032/named tcp 0 0 200.243.57.3:domain *:* LISTEN 6032/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 6032/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 6032/named tcp 0 0 192.168.0.1:domain *:* LISTEN 6032/named tcp 0 0 localhost:domain *:* LISTEN 6032/named tcp 0 0 *:ssh *:* LISTEN 22632/sshd

tcp 0 0 *:3128 *:* LISTEN 10417/(squid) tcp 0 0 *:smtp *:* LISTEN 7153/master tcp 0 0 localhost:953 *:* LISTEN 6032/named tcp 0 0 *:1723 *:* LISTEN 7160/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7172/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 6032/named tcp6 0 0 [::]:ssh [::]:* LISTEN 22632/sshd tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 6032/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.

root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6444/postgrey.pid -tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 906/zabbix_agentdtcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 6951/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7172/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6364/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 8855/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 7402/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23649/proftpd: (acctcp 0 0 200.199.9.234:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 192.168.0.2:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.12:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6032/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 22632/sshd tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 10417/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7153/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6032/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7160/pptpd tcp6 0 0 :::873 :::* LISTEN 7172/rsync tcp6 0 0 :::53 :::* LISTEN 6032/named tcp6 0 0 :::22 :::* LISTEN 22632/sshd tcp6 0 0 ::1:953 :::* LISTEN 6032/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.

MRTG - Tráfego*

Internet – eth1

Roteador Embratel

Link Oi – eth2

VPN Yamana – tun1

VPN Juruti

VPN Rio Capim – tun4

VPN Zâmbia – tun6

VPN Carajás – tun7

Roteador Jangada – 189.52.77.26

UeM ADM – CPU Utilization

UeM ADM – Load

UeM GW – CPU Utilization

UeM GW – Load

*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.

Ipaudit Diário

- Sem informações relevantes -

Ipaudit Semanal (Top 10)

IP Host Name Incoming(bytes)

Outgoing(bytes)

Total(bytes)

200.243.057.005 uemnotes.uem.com.br 7,301,786,612 19,789,651,079 27,091,437,691

200.243.057.002 correio.uem.com.br 14,343,023,516 2,044,672,907 16,387,696,423

192.168.000.001 - 1,714,996,205 7,664,975,359 9,379,971,564

200.243.057.011 - 4,479,548,402 2,984,374,405 7,463,922,807

200.243.057.008 - 4,621,210,565 1,225,838,889 5,847,049,454

192.168.000.103 uemnotes.uem.com.br 1,309,029,610 2,464,195,111 3,773,224,721

192.168.000.107 uemantspam.uem.com.br 1,487,329,892 601,342,675 2,088,672,567

192.168.000.039 uemmbb215.uem.com.br 1,037,749,164 39,893,134 1,077,642,298

192.168.000.172 uemmbb45.uem.com.br 509,176,157 304,791,559 813,967,716

192.168.000.057 uemmbb45.uem.com.br 208,891,805 540,627,972 749,519,777

Squid Reports Semanal – 02/09/2012 a 09/09/2012

Squid Reports – TopSites

NUMACCESSED SITE CONNECT BYTES TIME

1 s.glbimg.com 270.23K 776.52M 54.40M

2 osce80-en.url.trendmicro.com 183.51K 124.36M 76.10M

3 s2.glbimg.com 178.86K 642.91M 50.21M

4 www.cvc.com.br 170.71K 263.95M 217.86K

5 mail.yimg.com 99.27K 227.02M 9.46M

6 au.download.windowsupdate.com 92.50K 3.57G 238.49M

7 www.google-analytics.com 60.45K 46.34M 8.58M

8 www.google.com.br 44.89K 536.61M 56.74M

9 clients1.google.com.br 42.24K 34.34M 9.81M

10 download.windowsupdate.com 42.21K 1.38G 103.54M

11 ads.img.globo.com 36.55K 141.85M 22.89M

12 pagead2.googlesyndication.com 33.99K 291.25M 28.83M

13 ads.globo.com 30.78K 25.99M 2.90M

14 googleads.g.doubleclick.net 30.48K 58.44M 8.38M

15 us.mg5.mail.yahoo.com 26.16K 45.51M 2.64M

16 api.globo.com 22.55K 23.05M 2.46M

17 www.google.com 22.06K 157.90M 28.34M

18 br.mg5.mail.yahoo.com 19.89K 38.68M 2.75M

19 us.mg6.mail.yahoo.com 19.83K 37.25M 2.57M

20 www.beforward.jp 19.09K 222.83M 47.32M

Squid Reports – TopUsers

Squid Reports – Tentativas de acesso a Sites Indevidos

LOCAL ACESSADO IPwww.adultblogtoplist.com 192.168.13.149www.adulttop50.nl 192.168.12.158www.assistirporno.net 192.168.13.149www.carlinha.org 192.168.13.149www.gatasdeuberlandia.com.br 192.168.8.142www.gatasemgoiania.com.br 192.168.0.244www.linhaquente.com 192.168.13.149www.penis10.com 192.168.13.149www.putariabrasileira.com 192.168.13.149www.putascaseiras.com 192.168.13.184www.sexlog.com.br 192.168.13.149

Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.

Obs2: Não estão sendo reportadas mais as URLs do facebook, já bloqueadas.

Trend Micro - InterScan Messaging Security Suite

DADOS DO SISTEMA

NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.500.1005 9.500.1005 9.500.1005Virus pattern 9.383.00 9.383.00 9.369.00Spyware/grayware pattern 1.325.00 1.325.00 1.321.00IntelliTrap pattern 0.167.00 0.167.00 0.167.00IntelliTrap exceptions 0.799.00 0.799.00 0.799.00Anti-spam engine 6.800.1017 6.800.1017 6.800.1017Spam pattern 19176.003 19176.003 19162.000URL Filtering Engine 3.500.1047 3.000.1029 3.500.1047

GRÁFICOS – PERÍODO 02/09/2012 A 08/09/2012

Scanning ConditionsTotal Message % Incoming Outgoing

Total message count 95103 100.00 90534 4569

Virus or malicious code 0 0.00 0 0

Spyware/grayware 0 0.00 0 0

Spam 13370 14.06 13348 22

Phish 5 0.01 5 0

Suspicious URLs - Web Reputation 0 0.00 0 0

DKIM enforcement 0 0.00 0 0

Attachment 1 0.00 1 0

Size 63 0.07 45 18

Content 247 0.26 231 16

Compliance 0 0.00 0 0

Others 0 0.00 0 0

Scanning exceptions 0 0.00 0 0

Spam Tagged by Cloud Pre-Filter 0 0.00 0 0

IP Profiler 970 1.02 970 0

Email reputation 56120 59.01 56120 0

Clean email 24327 25.58 19814 4513

Trend Micro Email Encryption 0 0.00 0 0

Spam by Action

Spam ActionsDetections Message % Size (MB)

Total spam message count 70460 100.00 258.040

Quarantined 13370 18.98 258.040

Deleted 0 0.00 0.000

Tagged 13368 18.97 258.031

Other 0 0.00 0.000

Rejected by Email reputation 56120 79.65 N/A

Rejected by IP Profiler 970 1.38 N/A

Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %

1rosenilson.henriques@uem.com.br 894 282 31.54 7.103 22.252ricardo.xavier@uem.com.br 495 271 54.75 13.511 21.173comercial@uem.com.br 491 254 51.73 5.279 4.814diretoria@uem.com.br 523 250 47.80 3.669 9.565felipe.estevao@uem.com.br 411 223 54.26 10.626 49.186clovis@uem.com.br 311 214 68.81 4.716 28.997claudia.santos@uem.com.br 358 212 59.22 4.684 38.948luciana.neves@uem.com.br 413 202 48.91 4.058 4.229almeida@uem.com.br 231 196 84.85 3.051 80.87

10rafael.nogueira@uem.com.br 528 191 36.17 3.659 15.13

Virus and Malicious Code Summary

Detections Message %

Total detections 0 0.00

Messages deleted 0 0.00

Messages quarantined 0 0.00

Attachments cleaned 0 0.00

Messages with attachments deleted 0 0.00

Messages blocked by IP Profiler 0 0.00

Top 10 Virus and Malicious Code Detections1N/A 02N/A 03N/A 04N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0

10N/A 0

Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %

1N/A 0 0 0.00 0.000 0.002N/A 0 0 0.00 0.000 0.003N/A 0 0 0.00 0.000 0.004N/A 0 0 0.00 0.000 0.005N/A 0 0 0.00 0.000 0.006N/A 0 0 0.00 0.000 0.007N/A 0 0 0.00 0.000 0.008N/A 0 0 0.00 0.000 0.009N/A 0 0 0.00 0.000 0.00

10N/A 0 0 0.00 0.000 0.00

CACTI – Gráficos

Período de 03/09/2012 a 10/09/2012

UEMFS

UEMICA

UEMNOTES

UEMPRD

UEMRMSA

Nagios

Disponibilidade – últimos 7 dias

Host Service % Time OK % Time Warning

% Time Unknown % Time Critical % Time Undetermined

internet_embratel Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

internet_oi Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

link-carajas Rede_Ping 98.857% (98.857%)

0.000% (0.000%) 0.000% (0.000%) 1.143%

(1.143%) 0.000%

link-ebt-jangada Rede_Ping 90.114% (90.114%)

0.000% (0.000%) 0.000% (0.000%) 9.886%

(9.886%) 0.000%

link-jangada Rede_Ping 95.491% (95.491%)

0.000% (0.000%) 0.000% (0.000%) 4.509%

(4.509%) 0.000%

link-juruti Rede_Ping 98.840% (98.840%)

0.000% (0.000%) 0.000% (0.000%) 1.160%

(1.160%) 0.000%

uem1_Rede_Ping 99.903% (99.903%)

0.097% (0.097%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

link-riocapim Rede_Ping 91.186% (91.186%)

0.000% (0.000%) 0.000% (0.000%) 8.814%

(8.814%) 0.000%

uem1_Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

link-vlopes Rede_Ping 98.162% (98.162%)

0.000% (0.000%) 0.000% (0.000%) 1.838%

(1.838%) 0.000%

uem1_Rede_Ping 99.559% (99.559%)

0.000% (0.000%) 0.000% (0.000%) 0.441%

(0.441%) 0.000%

link-yamana Rede_Ping 96.463% (96.463%)

0.000% (0.000%) 0.000% (0.000%) 3.537%

(3.537%) 0.000%

uem1_Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

link-zambia Rede_Ping 82.584% (82.584%)

0.000% (0.000%) 0.000% (0.000%) 17.416%

(17.416%) 0.000%

uem1_Rede_Ping 99.721% (99.721%)

0.000% (0.000%) 0.000% (0.000%) 0.279%

(0.279%) 0.000%

nagios_remoto Rede_Http 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Http 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

router_cisco Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Telnet 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

storage-119 Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

storage-120 Rede_Ping 99.950% (99.950%)

0.050% (0.050%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

switch-3com-B Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

switch-3com-C Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

switch-3com-D Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

switch-3com-E Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

switch-3com-F Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem-adm Local_Carga 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Disk_Root 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Processos 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Users 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Http:82 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_SSH 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem-gw Local_Carga 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Disk_Root 92.652% (92.652%)

7.348% (7.348%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Disk_backup 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Disk_bkpremoto 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Disk_ftp_pessoal 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Disk_ftp_public 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Disk_home_ponto 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Disk_home_restrito

100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Processos 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Local_Users 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Dns 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Ftp 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Http:81 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_SSH 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Squid:3128 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Local_Disk_ftp_public

100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Local_Disk_home_ponto

100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemantspam-imss Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_SSH 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemap-aplicacao Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uembdc Rede_Active Directory 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Active Directory

100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uembes-blackberry Rede_Http 99.925% (99.925%)

0.000% (0.000%) 0.000% (0.000%) 0.075%

(0.075%) 0.000%

Rede_LotusDomino 99.184% (99.184%)

0.000% (0.000%) 0.000% (0.000%) 0.816%

(0.816%) 0.000%

Rede_Ping 93.011% (93.011%)

0.099% (0.099%) 0.000% (0.000%) 6.890%

(6.890%) 0.000%

uemdev Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_SAP 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemfs-fileserver Rede_Http 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_NetBios 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_NetBios 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemica-metaframe Rede_Http 99.949% (99.949%)

0.000% (0.000%) 0.000% (0.000%) 0.051%

(0.051%) 0.000%

Rede_Metaframe 99.957% (99.957%)

0.000% (0.000%) 0.000% (0.000%) 0.043%

(0.043%) 0.000%

Rede_Ping 99.955% (99.955%)

0.000% (0.000%) 0.000% (0.000%) 0.045%

(0.045%) 0.000%

Rede_TS 99.950% (99.950%)

0.000% (0.000%) 0.000% (0.000%) 0.050%

(0.050%) 0.000%

uem1_Rede_Metaframe 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_TS 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemmine-database Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Sql 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Sql 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemnotes-correio Rede_Http 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Https 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Ldap 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Smtp 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Http 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Https 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Smtp 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemprd Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_SAP 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_SAP 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemrmsa-database Rede_Oracle 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Oracle 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uemvm-vmware Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

vm-isodoc Rede_Http 99.955% (99.955%)

0.000% (0.000%) 0.000% (0.000%) 0.045%

(0.045%) 0.000%

Rede_Ping 99.901% (99.901%)

0.050% (0.050%) 0.000% (0.000%) 0.050%

(0.050%) 0.000%

Rede_Postgresql 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Http 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Postgresql 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

vpn-server-mk-lan Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

vpn-server-mk-wan Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

uem1_Rede_Ping 100.000% (100.000%)

0.000% (0.000%) 0.000% (0.000%) 0.000%

(0.000%) 0.000%

Average 99.365% (99.365%)

0.075% (0.075%) 0.000% (0.000%) 0.560%

(0.560%) 0.000%

Trend Micro - Office Scan

Update Status for Networked Computers

* itens marcados com a cor amarela possuem a mesma versão da semana anterior

Top 10 Security Risk Statistics for Networked Computers

Virus/Malware Statistics:

Virus/Malware

Name Infections

TSC_GENCLEAN 1593

TSPY_ZBOT.SKA 924

TROJ_SPNR.19G412 509

TROJ_SIREFEF.EM 375

RTKT_ZACESS.SM11 341

TROJ_SIREFEF.DD 301

TROJ_SIREFEF.QA 277

PTCH_SIREFEF.L 213

TROJ_SIREFEF.SD 207

TROJ_SIREFEF.ERO 206

Last reset:22/5/2012 16:11:20

Infected Computers

Name Detections Log

UEMMBB151 2694 View

UEM-WAREHOUSE 2263 View

USER-HP 969 View

UEM-SAFETY 318 View

UEMFS 305 View

HP24565236893 267 View

UEMOP509 132 View

UEMOP709 123 View

UEMOP804 100 View

UEMZMMNT10 98 View

Last reset:22/5/2012 16:11:49

Infection Source

Name Detections

HP-DISPATCH2\ADMINISTRATOR 1210

HP33671896628\EDWIN SIKAKENA 349

HP33671896628\OLIVER CHILESHE 105

HP33671896628\GILLY NYIRENDA 98

192.168.9.242\ADMINISTRADOR 70

HP33671896628\LOMBE CHOMBA 64

U-92CFD590AD0D4\MAINTENANCE 45

192.168.4.12\KEILLA REGINA 35

192.168.9.38\ADMINISTRADOR 34

UEMOP856\LUCIANO RODRIGUES 30

Spyware/Grayware Statistics:

Spyware/Grayware

Name Infections

HKTL_KEYGEN 32

CRCK_KEYGEN 29

HKTL_CRACKCF 10

HKTL_USURF 7

CRCK_PATCH 6

ADW_BHO 6

CRCK_PATCHER 5

CRCK_CRACK 4

HKTL_HIDEWIN 3

ADW_SCANNER 2

Last reset:22/5/2012 16:11:57

Infected Computers

Name Detections Log

UEMOP423 31 View

UEMOP982 21 View

UEMOP932 11 View

UEMOP928 11 View

UEMOP954 7 View

UEMMBB262 4 View

PC07VP 2 View

UEMMBB245 2 View

UEMOP933 1 View

UEMMBB28 1 View

Last reset:22/5/2012 16:12:04