Embed Size (px)
Citation preview
Relatório Semanal U&M - InvestLinux – 14/03/2011
Uptime / Last OK
Espaço em Disco OK
Dmesg OK
Logs OK
Dat Anti-Vírus OK
Top - Memória / Processos / Carga OK
Processos OK
Portas Tcp Udp Abertas OK
MRTG - Tráfego OK
MRTG - Processador OK
Ipaudit Diário OK
Ipaudit Semanal OK
Squid Reports - TopSites OK
Squid Reports - TopUsers OK
Nagios - Disponibilidade HTTP 99,96%
Nagios - Disponibilidade SMTP 99,94%
Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas
[root@uem-gw]# uptime 11:08:15 up 2 days, 21:55, 2 users, load average: 0.11, 0.27, 0.27
[root@uem-gw]# last | sort -k 3 | morevpnuem ppp0 189.107.234.240 Wed Mar 2 14:28 - 15:23 (00:54) vpnuem ppp0 189.107.234.240 Wed Mar 2 16:11 - 16:18 (00:07) vpnuem ppp0 189.107.234.240 Wed Mar 2 16:45 - 16:57 (00:11) vpnuem ppp0 189.107.34.226 Fri Mar 4 15:26 - 15:39 (00:12) vpnuem ppp0 189.107.34.226 Fri Mar 4 15:41 - 15:55 (00:13) vpnuem ppp0 189.107.34.226 Thu Mar 3 13:58 - 14:02 (00:04) vpnuem ppp0 189.107.34.226 Thu Mar 3 14:08 - 14:36 (00:28) vpnuem ppp1 189.107.34.226 Thu Mar 3 14:38 - 14:59 (00:20) vpnuem ppp0 189.107.34.226 Thu Mar 3 18:30 - 19:04 (00:33) vpnuem ppp0 189.107.34.226 Thu Mar 3 21:12 - 21:19 (00:07) vpnuem ppp0 189.118.166.67 Sat Mar 5 09:04 - 09:09 (00:04) vpnuem ppp0 189.118.201.119 Wed Mar 9 20:23 - 20:25 (00:01) vpnuem ppp0 189.119.61.169 Wed Mar 9 19:53 - 20:20 (00:27) vpnuem ppp0 189.17.213.195 Sun Mar 13 11:22 - 11:29 (00:07) vpnuem ppp0 189.17.213.195 Sun Mar 13 18:14 - 18:50 (00:35) vpnuem ppp0 189.17.213.195 Sun Mar 13 19:38 - 19:38 (00:00) vpnuem ppp0 189.17.213.195 Sun Mar 13 19:38 - 19:44 (00:05) vpnuem ppp0 189.17.213.195 Sun Mar 13 19:49 - 19:52 (00:02) vpnuem ppp0 189.17.213.195 Sun Mar 13 19:54 - 19:59 (00:05) vpnuem ppp0 189.17.213.195 Wed Mar 2 20:28 - 20:31 (00:03) vpnuem ppp0 189.17.213.195 Wed Mar 2 20:55 - 20:57 (00:02) vpnuem ppp0 189.17.213.195 Wed Mar 2 21:13 - 21:45 (00:31) vpnuem ppp0 189.17.213.195 Wed Mar 2 21:52 - 21:52 (00:00) vpnuem ppp0 189.17.213.195 Wed Mar 2 22:38 - 22:40 (00:02) uem ftpd32247 189.3.236.211 Fri Mar 11 11:03 - 11:05 (00:01) uem ftpd32246 189.3.236.211 Fri Mar 11 11:03 - 11:13 (00:10) uem ftpd13121 189.3.236.211 Mon Mar 14 08:31 - 08:32 (00:00) uem ftpd13119 189.3.236.211 Mon Mar 14 08:31 - 08:41 (00:09) uem ftpd22129 189.3.236.211 Sat Mar 5 07:22 - 07:25 (00:03) uem ftpd22128 189.3.236.211 Sat Mar 5 07:22 - 07:32 (00:10) uem ftpd31604 189.3.236.211 Sat Mar 5 09:31 - 09:31 (00:00) uem ftpd31603 189.3.236.211 Sat Mar 5 09:31 - 09:41 (00:10) uem ftpd4261 189.3.236.211 Sat Mar 5 10:49 - 10:50 (00:00) uem ftpd4260 189.3.236.211 Sat Mar 5 10:49 - 10:59 (00:09) uem ftpd4315 189.3.236.211 Sat Mar 5 10:50 - 10:51 (00:00) uem ftpd4305 189.3.236.211 Sat Mar 5 10:50 - 11:00 (00:10) uem ftpd31174 189.3.236.211 Thu Mar 3 11:37 - 11:38 (00:00) uem ftpd31173 189.3.236.211 Thu Mar 3 11:37 - 11:47 (00:09) uem ftpd31913 189.3.236.211 Thu Mar 3 11:48 - 11:51 (00:03) uem ftpd31908 189.3.236.211 Thu Mar 3 11:48 - 11:58 (00:09) uem ftpd3572 189.3.236.211 Thu Mar 3 12:33 - 12:33 (00:00) uem ftpd3571 189.3.236.211 Thu Mar 3 12:33 - 12:43 (00:10)
Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 20G 17G 55% /varrun 1014M 268K 1014M 1% /var/runvarlock 1014M 4,0K 1014M 1% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 15G 33G 31% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 5,9G 15G 30% /ftp/Pessoal//192.168.0.105/Public 200G 179G 22G 90% /ftp/Public//192.168.0.105/Restrito 200G 179G 22G 90% /home/Restrito//192.168.0.100/CorporeRM 47G 20G 28G 42% /home/ponto//192.168.0.105/BKP-linux 78G 62G 16G 81% /backup-remoto
Dmesg
Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -
Logs
Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )
Dat Anti-Vírus
[root@uem-gw]# freshclamClamAV update process started at Mon Mar 14 11:16:48 2011WARNING: Your ClamAV installation is OUTDATED!WARNING: Local version: 0.96.5 Recommended version: 0.97DON'T PANIC! Read http://www.clamav.net/support/faqmain.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)daily.cld is up to date (version: 12833, sigs: 72570, f-level: 60, builder: edwin)bytecode.cld is up to date (version: 142, sigs: 40, f-level: 60, builder: acab)
Semana Anterior:ClamAV update process started at Tue Mar 1 11:07:00 2011 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.96.5 Recommended version: 0.97 DON'T PANIC! Read http://www.clamav.net/support/faq main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) daily.cld is up to date (version: 12794, sigs: 60730, f-level: 60, builder: ccordes) bytecode.cld is up to date (version: 140, sigs: 40, f-level: 58, builder: edwin)
Top - Memória / Processos / Carga- Sem informações relevantes -
Processos- Sem informações relevantes -
Portas Tcp Udp Abertas
[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6537/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 6906/nrpe tcp 0 0 *:rsync *:* LISTEN 7103/rsync tcp 0 0 localhost:mysql *:* LISTEN 6473/mysqld tcp 0 0 *:webmin *:* LISTEN 7904/perl tcp 0 0 *:81 *:* LISTEN 7348/apache2 tcp 0 0 10.0.0.29:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.27:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.25:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.23:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.21:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.19:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.17:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.15:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.13:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.11:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.9:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.7:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.3:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.5:domain *:* LISTEN 6013/named tcp 0 0 10.0.0.1:domain *:* LISTEN 6013/named tcp 0 0 *:ftp *:* LISTEN 7291/proftpd: (accetcp 0 0 192.168.1.1:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.50:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.11:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.10:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.9:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.8:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.7:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.6:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.4:domain *:* LISTEN 6013/named tcp 0 0 200.243.57.3:domain *:* LISTEN 6013/named
tcp 0 0 correio.uem.com.:domain *:* LISTEN 6013/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 6013/named tcp 0 0 192.168.0.1:domain *:* LISTEN 6013/named tcp 0 0 localhost:domain *:* LISTEN 6013/named tcp 0 0 *:3128 *:* LISTEN 9101/(squid) tcp 0 0 *:smtp *:* LISTEN 7084/master tcp 0 0 localhost:953 *:* LISTEN 6013/named tcp 0 0 *:1723 *:* LISTEN 7091/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7103/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 6013/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6322/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 6931/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 6013/namedObs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.
root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6537/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 6906/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7103/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6473/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 7904/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 7348/apache2 tcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 7291/proftpd: (accetcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6013/named tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 9101/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7084/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6013/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7091/pptpd tcp6 0 0 :::873 :::* LISTEN 7103/rsync tcp6 0 0 :::53 :::* LISTEN 6013/named tcp6 0 0 :::22 :::* LISTEN 6322/sshd tcp6 0 0 :::3000 :::* LISTEN 6931/ntop tcp6 0 0 ::1:953 :::* LISTEN 6013/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.
MRTG - Tráfego*
Internet – eth1
Roteador Embratel
VPN Embratel – eth2
VPN Itaboraí – tun0
*VPN sem tráfego desde 17/04/2010. Este gráfico mostra tráfego mínimo, praticamente nulo.
VPN Yamana – tun1
*Tráfego elevado no dia 08/03/2011 (terça-feira), provavelmente causado pelos Ips:192.168.8.132, 192.168.8.118 e 192.168.8.123: http://correio.uem.com.br:81/~ipaudit/cgi-bin/SearchIpauditData?date=2011-03-08-13:00&ip=192.168.008.132&sort=0http://correio.uem.com.br:81/~ipaudit/cgi-bin/SearchIpauditData?date=2011-03-08-13:00&ip=192.168.008.118&sort=0http://correio.uem.com.br:81/~ipaudit/cgi-bin/SearchIpauditData?date=2011-03-08-13:00&ip=192.168.008.123&sort=0
VPN Juruti
VPN Rio Capim – tun4
VPN Zâmbia – tun6
VPN Parapigmentos*Sem atividade
UeM ADM – CPU Utilization
UeM ADM – Load
UeM GW – CPU Utilization
UeM GW – Load
*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.
Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.
Ipaudit Diário
- Sem informações relevantes -
Ipaudit Semanal (Top 10)
IP Host Name Incoming(bytes)
Outgoing(bytes)
Total(bytes)
200.243.057.005 uemnotes.uem.com.br 5,066,776,471 4,015,393,105 9,082,169,576
192.168.000.103 uemnotes.uem.com.br 1,622,056,173 383,404,081 2,005,460,254
192.168.010.169 - 567,460,061 17,208,251 584,668,312
200.243.057.011 - 347,255,595 125,413,919 472,669,514
192.168.000.107 uemantspam.uem.com.br 360,537,065 84,502,414 445,039,479
200.243.057.008 - 340,888,931 58,797,308 399,686,239
200.243.057.002 correio.uem.com.br 355,748,138 30,163,866 385,912,004
192.168.000.001 - 25,929,953 190,962,112 216,892,065
192.168.012.180 - 198,192,952 10,376,868 208,569,820
192.168.009.134 - 178,874,984 15,093,056 193,968,040
Squid Reports Semanal – 06/03/2011 a 13/03/2011
Squid Reports – TopSites
NUM ACCESSED SITE CONNECT BYTES TIME
1 osce80-en.url.trendmicro.com 110.71K 73.29M 36.75M
2 s.glbimg.com 102.73K 634.53M 24.88M
3 au.download.windowsupdate.com 81.57K 2.48G 202.75M
4 www1.caixa.gov.br 30.75K 70.88M 4.99M
5 www.google-analytics.com 30.08K 21.09M 5.34M
6 www.globo.com 27.36K 54.10M 5.85M
7 www.google.com.br 26.33K 163.67M 20.65M
8 download.windowsupdate.com 25.68K 363.29M 82.95M
9 pagead2.googlesyndication.com 23.98K 82.62M 9.06M
10 www.postzambia.com 23.78K 146.57M 59.57M
11 www.lancenet.com.br 22.05K 41.79M 3.90M
12 clients1.google.com.br 19.38K 15.53M 5.08M
13 cache.pack.google.com 18.86K 738.17M 30.45M
14 ad.yieldmanager.com 16.29K 61.00M 14.08M
15 l.yimg.com 16.08K 110.43M 8.60M
16 ads.img.globo.com 16.03K 106.67M 9.32M
17 bn.uol.com.br 15.40K 67.99M 2.96M
18 www.lusakatimes.com 13.06K 69.25M 19.76M
19 googleads.g.doubleclick.net 12.75K 62.45M 7.82M
20 www.bb.com.br 12.63K 47.73M 2.16M
Squid Reports – TopUsers
NUM USERID CONNECT BYTES %BYTES IN-CACHE-OUT ELAPSED TIME MILISEC %TIME
1 192.168.10.169 19.49K 1.11G 4.92% 2.70% 97.30% 18:56:19 68,179,325 2.20%
2 192.168.12.227 65.99K 1.10G 4.88% 9.57% 90.43% 43:20:30 156,030,201 5.04%
3 192.168.12.231 22.72K 806.82M 3.56% 4.63% 95.37% 11:34:24 41,664,777 1.35%
4 192.168.12.182 56.27K 742.09M 3.27% 5.85% 94.15% 24:34:24 88,464,736 2.86%
5 192.168.8.145 37.66K 677.56M 2.99% 12.46% 87.54% 10:28:55 37,735,875 1.22%
6 192.168.9.201 58.47K 488.05M 2.15% 11.67% 88.33% 18:17:20 65,840,040 2.13%
7 192.168.8.172 6.28K 473.83M 2.09% 1.57% 98.43% 02:06:14 7,574,937 0.24%
8 192.168.10.223 20.39K 397.24M 1.75% 5.75% 94.25% 11:13:37 40,417,541 1.31%
9 192.168.0.38 12.01K 349.91M 1.54% 9.04% 90.96% 01:13:49 4,429,408 0.14%
10 192.168.12.180 15.93K 348.53M 1.54% 5.93% 94.07% 06:51:30 24,690,978 0.80%
11 192.168.12.185 32.86K 340.70M 1.50% 9.69% 90.31% 11:15:37 40,537,074 1.31%
12 192.168.0.31 13.22K 322.41M 1.42% 3.33% 96.67% 03:24:38 12,278,504 0.40%
13 192.168.9.134 31.77K 319.02M 1.41% 12.15% 87.85% 15:52:10 57,130,027 1.85%
14 192.168.8.173 2.86K 288.47M 1.27% 2.74% 97.26% 02:46:22 9,982,064 0.32%
15 192.168.14.160 10.15K 283.79M 1.25% 7.60% 92.40% 04:37:53 16,673,762 0.54%
16 192.168.12.111 8.52K 279.31M 1.23% 3.23% 96.77% 14:14:02 51,242,839 1.66%
17 192.168.12.10 6.61K 263.33M 1.16% 4.09% 95.91% 07:33:16 27,196,808 0.88%
18 192.168.0.97 13.21K 240.80M 1.06% 16.02% 83.98% 01:15:37 4,537,509 0.15%
19 192.168.0.178 16.42K 237.70M 1.05% 10.31% 89.69% 03:32:39 12,759,900 0.41%
20 192.168.0.148 26.06K 235.55M 1.04% 7.64% 92.36% 02:01:33 7,293,082 0.24%
Squid Reports – Tentativas de acesso a Sites Indevidos
LOCAL ACESSADO IPwww.69glam.com 192.168.10.230www.porno-palace.com 192.168.12.226www.pornstardollars.com 192.168.12.226www.sexxyshop.com.br 192.168.0.153 192.168.0.31www.sexyrussianwomenphotos.com 192.168.12.227
Obs1: Foi acrescentada a expressão “www.69” ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.
Trend Micro - InterScan Messaging Security Suite
DADOS DO SISTEMA
NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.200.1012 9.200.1012 9.120.1012Virus pattern 7.899.00 7.899.00 7.865.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.151.00 0.151.00 0.151.00IntelliTrap exceptions 0.637.00 0.637.00 0.635.00Anti-spam engine 6.5.1024 6.5.1024 6.5.1024Spam pattern 18010.007 18010.007 17986.001IMSS Version 7.0-Build_Linux_3216 N/A
ESTATÍSTICAS
PERÍODO: ÚLTIMOS 7 DIAS
RESUMO
Scanning Conditions Total %Malicious code 31 0.05%Spyware/grayware 0 0%Spam 11863 20.99%Phish 0 0%Attachment 0 0%Size 0 0%Content 368 0.65%Others 0 0%Scanning exceptions 7 0.01%
GRÁFICOS – PERÍODO 06/03/2011 A 12/03/2011Spam by Action
Spam ActionsDetections Message % Size (MB)
Total spam message count 43054 100.00 114.438
Quarantined 11323 26.30 114.438
Deleted 0 0.00 0.000
Tagged 11323 26.30 114.438
Other 0 0.00 0.000
Rejected by NRS 31731 73.70 N/A
Rejected by IP Profiler 0 0.00 N/A
Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %
[email protected] 427 240 56.21 4.138 [email protected] 295 205 69.49 4.103 [email protected] 270 171 63.33 2.295 [email protected] 337 167 49.55 1.877 [email protected] 235 165 70.21 2.076 [email protected] 212 163 76.89 1.742 [email protected] 337 144 42.73 1.046 [email protected] 190 122 64.21 1.601 [email protected] 285 115 40.35 1.267 4.53
[email protected] 465 114 24.52 2.377 20.07
Virus and Malicious Code Summary
Detections Message %
Total detections 30 100.00
Messages deleted 1 3.33
Messages quarantined 29 96.67
Attachments cleaned 0 0.00
Messages with attachments deleted 7 23.33
Messages blocked by IP Profiler 0 0.00
Top 10 Virus and Malicious Code Detections1PAK_Generic.001 222Mal_Xed-24 53Possible_Virus 14TROJ_SPYEYE.SMEP 15WORM_MYDOOM.GEN 16N/A 07N/A 08N/A 09N/A 0
10N/A 0
Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %
[email protected] 3 3 100.00 0.100 [email protected] 270 3 1.11 0.159 [email protected] 123 2 1.63 0.077 [email protected] 427 2 0.47 0.089 [email protected] 142 1 0.70 0.040 [email protected] 42 1 2.38 0.029 [email protected] 19 1 5.26 0.319 [email protected] 303 1 0.33 0.071 [email protected] 1 1 100.00 0.029 100.00
[email protected] 1 1 100.00 0.030 100.00
CACTI – Gráficos
Período de 07/03/2011 a 14/03/2011
UEMFS
UEMICA
UEMNOTES
UEMPRD
UEMRMSA
Nagios
Disponibilidade – últimos 7 dias
Host Service% Time OK
% Time Warning
% Time Unknown
% Time Critical
% Time Undetermined
alemanha.powerline.com.br HTTP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
apache2-ged.sertaoggi.com.br HTTPD99.977% (99.977%)
0.000% (0.000%)
0.000% (0.000%)
0.023% (0.023%) 0.000%
HTTPS99.972% (99.972%)
0.000% (0.000%)
0.000% (0.000%)
0.028% (0.028%) 0.000%
PING99.972% (99.972%)
0.000% (0.000%)
0.000% (0.000%)
0.028% (0.028%) 0.000%
apache2-portais.sertaoggi.com.br HTTPD100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
HTTPS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
bgp-ctbc.powerline.com.br PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
bgp-embratel.powerline.com.br PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
bgp-unotel1.powerline.com.br PING97.616% (97.616%)
0.000% (0.000%)
0.000% (0.000%)
2.384% (2.384%) 0.000%
bgp-unotel2.powerline.com.br PING97.578% (97.578%)
0.028% (0.028%)
0.000% (0.000%)
2.394% (2.394%) 0.000%
bicas-embratel.powerline.com.br PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
bicas-torre-lado-embratel.powerline.com.br PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
bicas-torre-powerline.powerline.com.br PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
bicas-wifi.powerline.com.br PING99.871% (99.871%)
0.000% (0.000%)
0.000% (0.000%)
0.129% (0.129%) 0.000%
china.powerline.com.br DNS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
HTTP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
RADIUS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
SMTP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
cisco.sertaoggi.com.br PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
TELNET100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
correio.uem.com.br HTTPD99.959% (99.959%)
0.000% (0.000%)
0.000% (0.000%)
0.041% (0.041%) 0.000%
SMTP99.942% (99.942%)
0.000% (0.000%)
0.000% (0.000%)
0.058% (0.058%) 0.000%
ducati2.sertaoggi.com.br HTTPD100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
PING100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
POP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
firewall.sdnet.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
freeradiusbkp.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
RADIUS 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
gateway PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
gw-email.powerline.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
gw-ibm.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
gw-matias-embratel.powerline.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
gw-pw.prolink.inf.br DNS 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
holanda.powerline.com.br DNS 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
hungria.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
kawasaki.sertaoggi.com.br FTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
HTTPD 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
kawasaki2.sertaoggi.com.br FTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
HTTPD 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
link-powerline-investlinux PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
linkoi.sdnet.com.br PING 99.941% (99.941%)
0.000% (0.000%)
0.000% (0.000%)
0.059% (0.059%)
0.000%
localhost Current Load
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Current Users
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Disk Space 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
SSH 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Total Processes
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
mail-power.powerline.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
POP3 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
mailscanner.net-rosas.com.br HTTP 99.971% (99.971%)
0.000% (0.000%)
0.000% (0.000%)
0.029% (0.029%)
0.000%
SMTP 99.979% (99.979%)
0.000% (0.000%)
0.000% (0.000%)
0.021% (0.021%)
0.000%
mclaren.sertaoggi.com.br DNS 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
mk.doresnet.com.br PING 99.935% (99.935%)
0.000% (0.000%)
0.000% (0.000%)
0.065% (0.065%)
0.000%
myauth3.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
RADIUS 99.643% (99.643%)
0.357% (0.357%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
mysql-ext.powerline.com.br MYSQL 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
nas1.sdnet.com.br HTTPS 99.959% (99.959%)
0.000% (0.000%)
0.000% (0.000%)
0.041% (0.041%)
0.000%
pm3-matias.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
postfix.sdnet.com.br HTTPD 99.956% (99.956%)
0.000% (0.000%)
0.000% (0.000%)
0.044% (0.044%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
POP 99.957% (99.957%)
0.000% (0.000%)
0.000% (0.000%)
0.043% (0.043%)
0.000%
SMTP 99.843% (99.843%)
0.000% (0.000%)
0.000% (0.000%)
0.157% (0.157%)
0.000%
postgresql.sertaoggi.com.br PGSQL 96.334% (96.334%)
0.000% (0.000%)
0.000% (0.000%)
3.666% (3.666%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
rb1000-nano-vpn.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
rb1000.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
renoir.sdnet.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
rose10.net-rosas.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
POP3 99.975% (99.975%)
0.000% (0.000%)
0.000% (0.000%)
0.025% (0.025%)
0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
rose65.net-rosas.com.br SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
router-4m.doresnet.com.br PING 99.889% (99.889%)
0.000% (0.000%)
0.000% (0.000%)
0.111% (0.111%)
0.000%
router-ext.doresnet.com.br PING 99.952% (99.952%)
0.000% (0.000%)
0.000% (0.000%)
0.048% (0.048%)
0.000%
router-limaduarte-embratel.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
rp-srv1.rpconsultoria.com.br HTTP 99.449% (99.449%)
0.000% (0.000%)
0.000% (0.000%)
0.551% (0.551%)
0.000%
MYSQL 99.970% (99.970%)
0.000% (0.000%)
0.000% (0.000%)
0.030% (0.030%)
0.000%
POP 99.947% (99.947%)
0.000% (0.000%)
0.000% (0.000%)
0.053% (0.053%)
0.000%
SMTP 99.970% (99.970%)
0.000% (0.000%)
0.000% (0.000%)
0.030% (0.030%)
0.000%
rp-srv2.rpconsultoria.com.br FTP 99.952% (99.952%)
0.000% (0.000%)
0.000% (0.000%)
0.048% (0.048%)
0.000%
HTTP 99.970% (99.970%)
0.000% (0.000%)
0.000% (0.000%)
0.030% (0.030%)
0.000%
MYSQL 99.952% (99.952%)
0.000% (0.000%)
0.000% (0.000%)
0.048% (0.048%)
0.000%
rp-srv4.rpconsultoria.com.br SMTP 99.977% (99.977%)
0.000% (0.000%)
0.000% (0.000%)
0.023% (0.023%)
0.000%
server-production.andromeda.com.br HTTPD 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
servidorsip.prolink.inf.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
simulador.bmf.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
smtp.prolink.inf.br DNS 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
FTP 99.825% (99.825%)
0.000% (0.000%)
0.000% (0.000%)
0.175% (0.175%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
POP3 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
smtp2.prolink.inf.br SMTP 99.757% (99.757%)
0.000% (0.000%)
0.000% (0.000%)
0.243% (0.243%)
0.000%
taiwan.powerline.com.br FTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
unida.powerline.com.br HTTP 99.843% (99.843%)
0.000% (0.000%)
0.000% (0.000%)
0.157% (0.157%)
0.000%
HTTP2 99.988% (99.988%)
0.000% (0.000%)
0.000% (0.000%)
0.012% (0.012%)
0.000%
PING 99.987% (99.987%)
0.000% (0.000%)
0.000% (0.000%)
0.013% (0.013%)
0.000%
SSH 99.961% (99.961%)
0.000% (0.000%)
0.000% (0.000%)
0.039% (0.039%)
0.000%
vigo.sdnet.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
RADIUS 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vm-russia.powerline.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
POP3 99.914% (99.914%)
0.000% (0.000%)
0.000% (0.000%)
0.086% (0.086%)
0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vmware.sertaoggi.com.br HTTPD 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vmware1.sdnet.com.br HTTPS 99.967% (99.967%)
0.000% (0.000%)
0.000% (0.000%)
0.033% (0.033%)
0.000%
voip.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vps.investlinux.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
POP3 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
SMTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
webmail.doresnet.com.br PING 99.969% (99.969%)
0.000% (0.000%)
0.000% (0.000%)
0.031% (0.031%)
0.000%
wifi.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
wifi2.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
wifi3.powerline.com.br PING 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
www.cabangu.com.br HTTPD 99.978% (99.978%)
0.000% (0.000%)
0.000% (0.000%)
0.022% (0.022%)
0.000%
PING 99.949% (99.949%)
0.000% (0.000%)
0.000% (0.000%)
0.051% (0.051%)
0.000%
www.informajuridico.com.br HTTP 99.970% (99.970%)
0.000% (0.000%)
0.000% (0.000%)
0.030% (0.030%)
0.000%
www.net-rosas.com.br DNS 99.983% (99.983%)
0.000% (0.000%)
0.000% (0.000%)
0.017% (0.017%)
0.000%
HTTP 99.980% (99.980%)
0.000% (0.000%)
0.000% (0.000%)
0.020% (0.020%)
0.000%
SMTP 99.981% (99.981%)
0.000% (0.000%)
0.000% (0.000%)
0.019% (0.019%)
0.000%
www.sdnet.com.br DNS 99.823% (99.823%)
0.000% (0.000%)
0.000% (0.000%)
0.177% (0.177%)
0.000%
HTTPD 99.890% (99.890%)
0.000% (0.000%)
0.000% (0.000%)
0.110% (0.110%)
0.000%
PING 99.937% (99.937%)
0.000% (0.000%)
0.000% (0.000%)
0.063% (0.063%)
0.000%
SMTP 99.332% (99.332%)
0.000% (0.000%)
0.000% (0.000%)
0.668% (0.668%)
0.000%
www.uj.com.br HTTP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Average 99.913% (99.913%)
0.003% (0.003%)
0.000% (0.000%)
0.085% (0.085%)
0.000%
NTOP
Trend Micro - Office Scan
Update Status for Networked Computers
* itens marcados com a cor amarela possuem a mesma versão da semana anterior
Top 10 Security Risk Statistics for Networked Computers
Virus/Malware Statistics:
Virus/Malware
Name Infections
HTML_IFRAME.AUO 13924
Mal_Otorun1 4030
PE_MABEZAT.B-O 3835
TSC_GENCLEAN 1740
Mal_Sality 1607
PAK_Generic.001 1445
WORM_OTOIT.SMT 1254
TROJ_Generic.DIT 1098
TROJ_DLOADE.FF 975
Mal_Otorun2 970
Infected Computers
Name Detections Log
UEMPABX 1165 View
UEMFS 729 View
UEMOP706 699 View
UEMMBB312 452 View
UEMMBB265 419 View
UEMOP956 350 View
MAINTENA-C3F3A2 303 View
UEMOP509 287 View
LENOVO-D4146B5A 276 View
UEMMBB204 243 View
Infection Source
Name Detections
192.168.9.242\ADMINISTRADOR 70
192.168.4.12\KEILLA REGINA 35
192.168.9.38\ADMINISTRADOR 34
\\192.168.0.133\GUEST 22
\\192.168.0.131\GUEST 21
RAR-29A45523705\ROTINARC 19
\\[fe80::c5b5:9711:6e96:4124]\Guest 16
\\UEMZMSPL\Guest 16
\\UEMZMSPL\ANONYMOUS LOGON 16
192.168.9.250\ADMINISTRADOR 16
Spyware/Grayware Statistics:
Spyware/Grayware
Name Infections
GRAY_Gen 177
SPYW_ARDAKEY 144
CRCK_KEYGEN 122
HKTL_ULTRASURF 83
GRAY_GEN.0Z1013S 71
ADW_SAVENOW.BO 29
HKTL_USURF 25
CRCK_JBEAN 22
GRAY_Sml 22
ADW_WEBDIR.AC 12
Infected Computers
Name Detections Log
UEMFS 217 View
UEMPABX 146 View
UEMOP964 73 View
UEMICA 71 View
UEMMBB53 24 View
UEMMBB163 13 View
UEMMBB01 8 View
UEMOP416 5 View
UEMMBB49 3 View
TI05 2 View
