Relatório Semanal U&M - InvestLinux – 11/06/2012

Uptime / Last OK

Espaço em Disco OK

Dmesg OK

Logs OK

Dat Anti-Vírus OK

Top - Memória / Processos / Carga OK

Processos OK

Portas Tcp Udp Abertas OK

MRTG - Tráfego OK

MRTG - Processador OK

Ipaudit Diário OK

Ipaudit Semanal OK

Squid Reports - TopSites OK

Squid Reports - TopUsers OK

Nagios - Disponibilidade HTTP 100,00%

Nagios - Disponibilidade SMTP 100,00%

Uptime / LastUptime (Tempo Online do Servidor) Last (Conexões remotas)

[root@uem-gw]# uptime 10:39:44 up 11 days, 2:12, 1 user, load average: 0.31, 0.57, 0.54

[root@uem-gw]# last | sort -k 3 | morevpnuem ppp0 177.115.72.32 Sun Jun 3 10:31 - 11:13 (00:42) uem ftpd25039 177.77.136.208 Sun Jun 3 12:47 - 12:47 (00:00) uem ftpd25044 177.77.136.208 Sun Jun 3 12:47 - 12:49 (00:01) free ftpd19519 186.220.12.64 Mon Jun 4 11:24 - 11:26 (00:02) free ftpd30834 186.220.12.64 Tue Jun 5 11:12 - 11:24 (00:12) free ftpd5855 186.220.12.64 Wed Jun 6 10:18 - 10:28 (00:10) uem ftpd16073 187-27-120-26.3g Mon Jun 4 10:39 - 10:39 (00:00) uem ftpd16078 187-27-120-26.3g Mon Jun 4 10:39 - 10:50 (00:10) free ftpd28578 189-107-131-238. Sun Jun 10 18:41 - 18:41 (00:00) free ftpd28584 189-107-131-238. Sun Jun 10 18:41 - 18:41 (00:00) free ftpd28617 189-107-131-238. Sun Jun 10 18:42 - 20:53 (02:11) vpnuem ppp0 189.53.208.93 Sun Jun 3 10:02 - 10:19 (00:16) vpnuem ppp0 189.53.208.93 Sun Jun 3 19:32 - 19:33 (00:01) free ftpd4514 192.168.0.205 Wed Jun 6 15:34 - 15:34 (00:00) free ftpd4521 192.168.0.205 Wed Jun 6 15:35 - 15:35 (00:00) free ftpd4575 192.168.0.205 Wed Jun 6 15:35 - 15:35 (00:00) free ftpd4918 192.168.0.205 Wed Jun 6 15:43 - 15:43 (00:00) free ftpd4945 192.168.0.205 Wed Jun 6 15:43 - 15:43 (00:00) free ftpd4955 192.168.0.205 Wed Jun 6 15:44 - 15:46 (00:01) uemcc ftpd13581 192.168.0.93 Fri Jun 1 11:01 - 11:01 (00:00) uemcc ftpd13644 192.168.0.93 Fri Jun 1 11:02 - 11:02 (00:00) collect ftpd17795 196.212.54.42 Fri Jun 8 04:48 - 04:48 (00:00) collect ftpd17794 196.212.54.42 Fri Jun 8 04:48 - 04:49 (00:00) collect ftpd17837 196.212.54.42 Fri Jun 8 04:48 - 04:50 (00:01) collect ftpd17789 196.212.54.42 Fri Jun 8 04:48 - 04:58 (00:09) collect ftpd17838 196.212.54.42 Fri Jun 8 04:49 - 04:52 (00:03) collect ftpd10833 196.212.54.42 Thu Jun 7 10:11 - 10:12 (00:01) collect ftpd10828 196.212.54.42 Thu Jun 7 10:11 - 10:21 (00:09) collect ftpd10853 196.212.54.42 Thu Jun 7 10:12 - 10:12 (00:00) collect ftpd10858 196.212.54.42 Thu Jun 7 10:12 - 10:12 (00:00) collect ftpd11033 196.212.54.42 Thu Jun 7 10:17 - 10:26 (00:09) collect ftpd11054 196.212.54.42 Thu Jun 7 10:17 - 10:27 (00:10) collect ftpd12916 196.212.54.42 Thu Jun 7 10:26 - 10:34 (00:07) collect ftpd13136 196.212.54.42 Thu Jun 7 10:27 - 10:30 (00:02) collect ftpd15359 196.212.54.42 Thu Jun 7 10:31 - 10:34 (00:02) collect ftpd15488 196.212.54.42 Thu Jun 7 10:34 - 10:35 (00:00) collect ftpd16022 196.212.54.42 Thu Jun 7 10:49 - 10:49 (00:00) free ftpd19600 200.204.55.142 Mon Jun 4 11:27 - 11:55 (00:28) free ftpd7707 200.204.55.142 Wed Jun 6 10:27 - 10:37 (00:10) free ftpd10116 200.204.55.142 Wed Jun 6 10:37 - 11:04 (00:27) free ftpd11249 200.204.55.142 Wed Jun 6 11:05 - 11:05 (00:00) free ftpd11253 200.204.55.142 Wed Jun 6 11:05 - 11:07 (00:02) uem ftpd32663 200.208.86.178 Mon Jun 11 07:56 - 07:56 (00:00) Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 26G 9,7G 73% /varrun 1014M 264K 1014M 1% /var/runvarlock 1014M 0 1014M 0% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 19G 30G 39% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 11G 9,4G 54% /ftp/Pessoal//192.168.0.105/Public 200G 149G 52G 75% /ftp/Public//192.168.0.105/Restrito 200G 149G 52G 75% /home/Restrito//192.168.0.100/CorporeRM 47G 24G 24G 51% /home/ponto//192.168.0.105/BKP-linux 30G 13G 18G 41% /backup-remoto

Dmesg

Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -

Logs

Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )

Dat Anti-Vírus

[root@uem-gw]# freshclamClamAV update process started at Mon Jun 11 10:43:34 2012main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)daily.cld is up to date (version: 15027, sigs: 217122, f-level: 63, builder: ccordes)WARNING: Current functionality level = 62, recommended = 63Please check if ClamAV tools are linked against the proper version of libclamavDON'T PANIC! Read http://www.clamav.net/support/faqbytecode.cld is up to date (version: 185, sigs: 39, f-level: 63, builder: neo)WARNING: Current functionality level = 62, recommended = 63Please check if ClamAV tools are linked against the proper version of libclamavDON'T PANIC! Read http://www.clamav.net/support/faq[LibClamAV] ***********************************************************[LibClamAV] *** This version of the ClamAV engine is outdated. ***[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***[LibClamAV] ***********************************************************[LibClamAV] ***********************************************************[LibClamAV] *** This version of the ClamAV engine is outdated. ***[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***[LibClamAV] ***********************************************************

Semana Anterior:ClamAV update process started at Wed Jun 6 08:02:55 2012 main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cld is up to date (version: 15007, sigs: 202098, f-level: 63, builder: guitar) WARNING: Current functionality level = 62, recommended = 63 Please check if ClamAV tools are linked against the proper version of libclamav DON'T PANIC! Read http://www.clamav.net/support/faq bytecode.cld is up to date (version: 185, sigs: 39, f-level: 63, builder: neo) WARNING: Current functionality level = 62, recommended = 63 Please check if ClamAV tools are linked against the proper version of libclamav DON'T PANIC! Read http://www.clamav.net/support/faq [LibClamAV] *********************************************************** [LibClamAV] *** This version of the ClamAV engine is outdated. *** [LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq *** [LibClamAV] *********************************************************** [LibClamAV] *********************************************************** [LibClamAV] *** This version of the ClamAV engine is outdated. *** [LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq *** [LibClamAV] ***********************************************************

Top - Memória / Processos / Carga- Sem informações relevantes -

Processos- Sem informações relevantes -

Portas Tcp Udp Abertas[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6681/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 17241/nrpe tcp 0 0 *:rsync *:* LISTEN 7227/rsync tcp 0 0 localhost:mysql *:* LISTEN 6588/mysqld tcp 0 0 *:webmin *:* LISTEN 8602/perl tcp 0 0 *:81 *:* LISTEN 4154/apache2 tcp 0 0 *:ftp *:* LISTEN 14884/proftpd: (acctcp 0 0 10.0.0.29:domain *:* LISTEN 6112/named

tcp 0 0 10.0.0.27:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.25:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.23:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.21:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.19:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.17:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.15:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.13:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.11:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.9:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.7:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.3:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.5:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.1:domain *:* LISTEN 6112/named tcp 0 0 192.168.1.1:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.12:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.50:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.11:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.10:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.9:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.8:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.7:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.6:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.4:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.3:domain *:* LISTEN 6112/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 6112/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 6112/named tcp 0 0 192.168.0.1:domain *:* LISTEN 6112/named tcp 0 0 localhost:domain *:* LISTEN 6112/named tcp 0 0 *:ssh *:* LISTEN 6485/sshd tcp 0 0 *:3128 *:* LISTEN 4905/(squid) tcp 0 0 *:smtp *:* LISTEN 7207/master tcp 0 0 localhost:953 *:* LISTEN 6112/named tcp 0 0 *:1723 *:* LISTEN 7214/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7227/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 6112/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6485/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 7074/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 6112/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.

root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6681/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 17241/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7227/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6588/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 8602/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 4154/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 14884/proftpd: (acctcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.12:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6485/sshd

tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 4905/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7207/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6112/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7214/pptpd tcp6 0 0 :::873 :::* LISTEN 7227/rsync tcp6 0 0 :::53 :::* LISTEN 6112/named tcp6 0 0 :::22 :::* LISTEN 6485/sshd tcp6 0 0 :::3000 :::* LISTEN 7074/ntop tcp6 0 0 ::1:953 :::* LISTEN 6112/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.

MRTG - Tráfego*

Internet – eth1

Roteador Embratel

VPN Embratel – eth2

VPN Yamana – tun1

VPN Juruti

VPN Rio Capim – tun4

VPN Zâmbia – tun6

VPN Carajás – tun7

* Tráfego elevado em 06/06 (quarta-feira), provavelmente orginado pelo IP 192.168.13.207.Veja detalhes em:http://correio.uem.com.br:81/~ipaudit/cgi-bin/SearchIpauditData?date=2012-06-06-08:00&ip=192.168.013.207&sort=0

Roteador Jangada – 189.52.77.26

Roteador Marabá – 189.16.176.6

UeM ADM – CPU Utilization

UeM ADM – Load

UeM GW – CPU Utilization

UeM GW – Load

*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.

Ipaudit Diário

- Sem informações relevantes -

Ipaudit Semanal (Top 10)

IP Host Name Incoming(bytes)

Outgoing(bytes)

Total(bytes)

200.243.057.005 uemnotes.uem.com.br 6,080,162,231 23,651,725,572 29,731,887,803

192.168.000.001 - 8,318,044,578 5,978,857,247 14,296,901,825

200.243.057.011 - 9,831,676,746 2,694,289,064 12,525,965,810

200.243.057.002 correio.uem.com.br 11,436,659,393 1,066,867,156 12,503,526,549

192.168.012.162 - 2,666,258,279 172,923,641 2,839,181,920

192.168.012.141 - 1,110,873,905 1,013,504,939 2,124,378,844

192.168.008.101 uemmbb249.uem.com.br 1,716,612,817 65,805,372 1,782,418,189

192.168.000.103 uemnotes.uem.com.br 476,960,492 1,212,096,535 1,689,057,027

192.168.000.107 uemantspam.uem.com.br 1,281,467,015 272,506,038 1,553,973,053

200.243.057.008 - 1,181,799,780 214,571,710 1,396,371,490

Squid Reports Semanal – 03/06/2012 a 10/06/2012

Squid Reports – TopSites

NUMACCESSED SITE CONNECT BYTES TIME

1 200.98.134.185 236.56K 122.76M 622.35K

2 s.glbimg.com 183.81K 576.31M 33.35M

3 au.download.windowsupdate.com 161.10K 5.79G 562.06M

4 s2.glbimg.com 138.51K 553.43M 38.82M

5 osce80-en.url.trendmicro.com 127.57K 86.49M 108.98M

6 gdata.youtube.com 99.39K 146.49M 490.34K

7 mail.yimg.com 89.81K 184.18M 13.97M

8 www.google-analytics.com 53.26K 35.88M 12.77M

9 www.google.com.br 36.57K 455.75M 55.20M

10 clients1.google.com.br 35.45K 26.79M 9.99M

11 pagead2.googlesyndication.com 32.18K 185.79M 18.99M

12 download.windowsupdate.com 28.00K 984.37M 247.26M

13 us.mg6.mail.yahoo.com 23.94K 43.33M 4.90M

14 safebrowsing-cache.google.com 23.19K 614.83M 51.16M

15 t3.gstatic.com 22.29K 155.46M 12.09M

16 t2.gstatic.com 22.28K 155.84M 11.08M

17 t1.gstatic.com 22.24K 155.89M 10.88M

18 t0.gstatic.com 22.09K 153.21M 9.31M

19 ads.img.globo.com 21.45K 100.90M 15.76M

20 www.lusakatimes.com 18.56K 123.71M 41.49M

Squid Reports – TopUsers

Squid Reports – Tentativas de acesso a Sites Indevidos

LOCAL ACESSADO IPwww.adorocoroas.com 192.168.13.130www.assistafilmesgratis.com 192.168.6.143 192.168.8.101 192.168.8.117 192.168.8.145 192.168.9.177www.assistatvgratis.in 192.168.8.101 192.168.8.117www.assistatvgratis.org 192.168.8.101 192.168.8.117www.assistatvonline.com 192.168.6.143 192.168.8.101 192.168.9.177www.assistindo.net 192.168.8.167www.assistir0800.com 192.168.8.167www.assistirfilmeshd.org 192.168.6.143www.assistirtvsonline.net 192.168.8.101www.baixaki.com.br 192.168.0.27 192.168.0.95 192.168.10.135 192.168.10.204 192.168.13.111 192.168.13.145 192.168.13.173 192.168.8.134 192.168.9.239www.baixandojogosgratis.com 192.168.8.101www.baixarfilmesdublados.net 192.168.0.92www.baixarmusicas.info 192.168.8.124www.baixegratis.net 192.168.0.19www.coelhinhasdobrasil.com 192.168.10.216www.ebuddy.com 192.168.0.67www.sexlog.com.br 192.168.8.114 192.168.9.194www.sexolandia.org 192.168.13.137connect.facebook.net 192.168.0.35 192.168.0.6 192.168.0.66 192.168.0.70 192.168.12.100 192.168.12.109 192.168.12.113 192.168.12.123 192.168.12.128 192.168.12.142facebook.adlesse.com 192.168.13.248 192.168.13.250facebook.conduitapps.com 192.168.0.174 192.168.10.235 192.168.10.236 192.168.12.122 192.168.12.130 192.168.12.148 192.168.12.162 192.168.12.203 192.168.12.206 192.168.12.207 192.168.12.221 192.168.12.227 192.168.12.233graph.facebook.com 192.168.12.100graph.facebook.com:443 192.168.0.6www.facebook.com 192.168.0.10 192.168.0.6 192.168.0.64 192.168.0.66 192.168.12.100 192.168.12.12 192.168.12.123 192.168.12.142 192.168.9.250www.facebook.com:443 192.168.0.6

Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.

Obs2: Todas as URLs acima relacionadas ao “facebook” estão sendo proibidas no momento.

Trend Micro - InterScan Messaging Security Suite

DADOS DO SISTEMA

NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.500.1005 9.500.1005 9.500.1005Virus pattern 9.185.00 9.185.00 9.173.00Spyware/grayware pattern 1.295.00 1.295.00 1.293.00IntelliTrap pattern 0.165.00 0.165.00 0.165.00IntelliTrap exceptions 0.773.00 0.773.00 0.773.00Anti-spam engine 6.800.1017 6.800.1017 6.800.1017Spam pattern 18962.007 18962.007 18934.001URL Filtering Engine 3.500.1047 3.000.1029 3.500.1047

GRÁFICOS – PERÍODO 03/06/2012 A 09/06/2012

Scanning ConditionsTotal Message % Incoming Outgoing

Total message count 92075 100.00 88459 3616

Virus or malicious code 5 0.01 5 0

Spyware/grayware 0 0.00 0 0

Spam 10995 11.94 10912 83

Phish 0 0.00 0 0

Suspicious URLs - Web Reputation 0 0.00 0 0

DKIM enforcement 0 0.00 0 0

Attachment 0 0.00 0 0

Size 46 0.05 37 9

Content 243 0.26 228 15

Compliance 0 0.00 0 0

Others 0 0.00 0 0

Scanning exceptions 9 0.01 2 7

Spam Tagged by Cloud Pre-Filter 0 0.00 0 0

IP Profiler 1623 1.76 1623 0

Email reputation 58818 63.88 58818 0

Clean email 20336 22.09 16834 3502

Trend Micro Email Encryption 0 0.00 0 0

Spam by Action

Spam ActionsDetections Message % Size (MB)

Total spam message count 71436 100.00 192.483

Quarantined 10995 15.39 192.483

Deleted 0 0.00 0.000

Tagged 10992 15.39 192.462

Other 0 0.00 0.000

Rejected by Email reputation 58818 82.34 N/A

Rejected by IP Profiler 1623 2.27 N/A

Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %

1claudia.santos@uem.com.br 335 253 75.52 5.736 40.202diretoria@uem.com.br 448 229 51.12 5.586 21.963rosenilson.henriques@uem.com.br 688 228 33.14 4.878 25.794comercial@uem.com.br 391 207 52.94 3.076 8.115bruna.resende@uem.com.br 396 181 45.71 3.321 9.956informatica@uem.com.br 519 176 33.91 2.959 40.977ricardo@uem.com.br 252 176 69.84 6.782 67.478clovis@uem.com.br 236 164 69.49 3.652 28.569felipe.estevao@uem.com.br 255 143 56.08 3.327 34.87

10ricardo.xavier@uem.com.br 316 142 44.94 2.775 6.21

Virus and Malicious Code Summary

Detections Message %

Total detections 5 100.00

Messages deleted 0 0.00

Messages quarantined 5 100.00

Attachments cleaned 0 0.00

Messages with attachments deleted 5 100.00

Messages blocked by IP Profiler 0 0.00

Top 10 Virus and Malicious Code Detections1TROJ_AGENT.BCOO 22JS_NIMDA.A-1 23TSPY_ZBOT.SMKU 14N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0

10N/A 0

CACTI – Gráficos

Período de 04/06/2012 a 11/06/2012

UEMFS

UEMICA

* Elevação de carga no dia 31/05 (quinta-feira)

UEMNOTES

UEMPRD

UEMRMSA

Nagios

Disponibilidade – últimos 7 dias

Host Service % Time OK% Time Warning

% Time Unknown

% Time Critical

% Time Undetermined

internet_embratel Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

link-carajas Rede_Ping90.392% (90.392%)

0.000% (0.000%)

0.000% (0.000%)

9.608% (9.608%)

0.000%

link-ebt-jangada Rede_Ping97.976% (97.976%)

0.000% (0.000%)

0.000% (0.000%)

2.024% (2.024%)

0.000%

link-ebt-maraba Rede_Ping99.940% (99.940%)

0.000% (0.000%)

0.000% (0.000%)

0.060% (0.060%)

0.000%

link-jangada Rede_Ping62.258% (62.258%)

0.000% (0.000%)

0.000% (0.000%)

37.742% (37.742%)

0.000%

link-juruti Rede_Ping99.365% (99.365%)

0.000% (0.000%)

0.000% (0.000%)

0.635% (0.635%)

0.000%

uem1_Rede_Ping99.480% (99.480%)

0.000% (0.000%)

0.000% (0.000%)

0.520% (0.520%)

0.000%

link-riocapim Rede_Ping99.728% (99.728%)

0.000% (0.000%)

0.000% (0.000%)

0.272% (0.272%)

0.000%

uem1_Rede_Ping99.919% (99.919%)

0.000% (0.000%)

0.000% (0.000%)

0.081% (0.081%)

0.000%

link-yamana Rede_Ping99.983% (99.983%)

0.000% (0.000%)

0.000% (0.000%)

0.017% (0.017%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

nagios_remoto Rede_Http99.955% (99.955%)

0.000% (0.000%)

0.000% (0.000%)

0.045% (0.045%)

0.000%

uem1_Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

router_cisco Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Telnet100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

storage-119 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

storage-120 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-B Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-C Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-D Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-E Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-F Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem-adm Local_Carga99.950% (99.950%)

0.050% (0.050%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Processos100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Users100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Http:82100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem-gw Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_backup100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_bkpremoto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_pessoal

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_public

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_home_ponto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_home_restrito

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Processos100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Users100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Dns100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ftp100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Http:81100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Squid:3128100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Local_Disk_ftp_public

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Local_Disk_home_ponto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemantspam-imss Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemap-aplicacao Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembdcRede_Active Directory

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Active Directory

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembes-blackberry Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_LotusDomino100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemdev Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemfs-fileserver Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_NetBios100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_NetBios100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemica-metaframe Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Metaframe100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TS100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Metaframe

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_TS100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemmine-database Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Sql100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Sql100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemnotes-correio Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Https100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ldap100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Smtp100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Https100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Smtp100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemprd Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_SAP100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemrmsa-database Rede_Oracle100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Oracle100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemvm-vmware Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

vm-isodoc Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Postgresql100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Postgresql

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Average99.451% (99.451%)

0.001% (0.001%)

0.000% (0.000%)

0.548% (0.548%)

0.000%

NTOP

Indisponível no momento

Trend Micro - Office Scan

Update Status for Networked Computers

* itens marcados com a cor amarela possuem a mesma versão da semana anterior

Top 10 Security Risk Statistics for Networked Computers

Virus/Malware Statistics:

Virus/Malware

Name Infections

TROJ_STARTER.SM 55

TSC_GENCLEAN 50

PE_VIRUX.R-2 42

WORM_AUTORUN.SMI 34

Cryp_Yodap 28

LNK_DORKBOT.SMC 24

TROJ_FAKEAV.SMUP 20

PE_VIRUX.R-1 19

PE_DUNDUN.A 14

PAK_Generic.012 14

Last reset:22/5/2012 16:11:20

Infected Computers

Name Detections Log

UEM-SAFETY 107 View

UEMZMMNT10 82 View

UEMOP804 43 View

UEMFS 42 View

LENOVO-B044638B 36 View

UEMMBB151 28 View

UEMOP921 11 View

UEMMBB230 10 View

UEMOP928 9 View

UEMOP725 8 View

Last reset:22/5/2012 16:11:49

Infection Source

Name Detections

HP-DISPATCH2\ADMINISTRATOR 1210

HP33671896628\EDWIN SIKAKENA 349

HP33671896628\OLIVER CHILESHE 105

HP33671896628\GILLY NYIRENDA 98

192.168.9.242\ADMINISTRADOR 70

HP33671896628\LOMBE CHOMBA 64

U-92CFD590AD0D4\MAINTENANCE 45

192.168.4.12\KEILLA REGINA 35

192.168.9.38\ADMINISTRADOR 34

UEMOP856\LUCIANO RODRIGUES 30

Spyware/Grayware Statistics:

Spyware/Grayware

Name Infections

HKTL_CRACKCF 5

CRCK_KEYGEN 3

Dialer_PlayGames 1

Last reset:22/5/2012 16:11:57

Infected Computers

Name Detections Log

UEMOP928 5 View

UEMMBB245 2 View

UEMOP511 1 View

UEMOP973 1 View

Last reset:22/5/2012 16:12:04