Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Relatório Semanal U&M - InvestLinux – 18/10/2010
Uptime / Last OK
Espaço em Disco OK
Dmesg OK
Logs OK
Dat Anti-Vírus OK
Top - Memória / Processos / Carga OK
Processos OK
Portas Tcp Udp Abertas OK
MRTG - Tráfego OK
MRTG - Processador OK
Ipaudit Diário OK
Ipaudit Semanal OK
Squid Reports - TopSites OK
Squid Reports - TopUsers OK
Nagios - Disponibilidade HTTP 100,00%
Nagios - Disponibilidade SMTP 100,00%
Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas
[root@uem-gw]# uptime 13:24:52 up 7 days, 2:14, 1 user, load average: 0.41, 0.38, 0.36
[root@uem-gw]# last | sort -k 3 | moreuem ftpd6542 200.208.86.190 Mon Oct 18 10:01 - 10:01 (00:00) uem ftpd6547 200.208.86.190 Mon Oct 18 10:01 - 10:02 (00:00) uem ftpd6552 200.208.86.190 Mon Oct 18 10:02 - 10:02 (00:00) uem ftpd6553 200.208.86.190 Mon Oct 18 10:02 - 10:02 (00:00) uem ftpd6555 200.208.86.190 Mon Oct 18 10:02 - 10:02 (00:00) uem ftpd6554 200.208.86.190 Mon Oct 18 10:02 - 10:11 (00:09) uem ftpd15085 200.208.86.190 Mon Oct 18 12:55 - 12:55 (00:00) uem ftpd15090 200.208.86.190 Mon Oct 18 12:55 - 13:05 (00:10) il-adm pts/0 200.243.67.66 Mon Oct 18 13:24 still logged in wtmp begins Mon Oct 18 10:01:45 2010
Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 18G 18G 51% /varrun 1014M 264K 1014M 1% /var/runvarlock 1014M 4,0K 1014M 1% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 15G 34G 30% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 4,4G 16G 22% /ftp/Pessoal//192.168.0.105/Public 200G 185G 16G 93% /ftp/Public//192.168.0.105/Restrito 200G 185G 16G 93% /home/Restrito//192.168.0.100/CorporeRM 47G 18G 30G 38% /home/ponto//192.168.0.105/BKP-linux 78G 53G 25G 68% /backup-remoto
Dmesg
Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -
Logs
Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )
Dat Anti-Vírus
[root@uem-gw]# freshclamClamAV update process started at Mon Oct 18 13:34:57 2010WARNING: Your ClamAV installation is OUTDATED!WARNING: Local version: 0.96.1 Recommended version: 0.96.3DON'T PANIC! Read http://www.clamav.net/support/faqmain.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)daily.cld is up to date (version: 12149, sigs: 140262, f-level: 53, builder: acab)bytecode.cld is up to date (version: 81, sigs: 10, f-level: 53, builder: edwin)
Semana Anterior:ClamAV update process started at Wed Oct 13 08:38:11 2010 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.96.1 Recommended version: 0.96.3 DON'T PANIC! Read http://www.clamav.net/support/faq main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven) daily.cld is up to date (version: 12132, sigs: 139808, f-level: 53, builder: ccordes) bytecode.cld is up to date (version: 80, sigs: 10, f-level: 53, builder: edwin)
Top - Memória / Processos / Carga- Sem informações relevantes -
Processos- Sem informações relevantes -
Portas Tcp Udp Abertas
[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6506/postgrey.pid -tcp 0 0 uemop402.uem.com.b:5666 *:* LISTEN 6887/nrpe tcp 0 0 *:rsync *:* LISTEN 7070/rsync tcp 0 0 localhost:mysql *:* LISTEN 6386/mysqld tcp 0 0 *:webmin *:* LISTEN 7910/perl tcp 0 0 *:81 *:* LISTEN 894/apache2 tcp 0 0 10.0.0.29:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.27:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.25:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.23:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.21:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.19:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.17:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.15:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.13:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.11:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.9:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.7:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.3:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.5:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.1:domain *:* LISTEN 5958/named tcp 0 0 *:ftp *:* LISTEN 7201/proftpd: (accetcp 0 0 192.168.1.1:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.50:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.11:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.10:domain *:* LISTEN 5958/named
tcp 0 0 200.243.57.9:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.8:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.7:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.6:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.4:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.3:domain *:* LISTEN 5958/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 5958/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 5958/named tcp 0 0 uemop402.uem.com:domain *:* LISTEN 5958/named tcp 0 0 localhost:domain *:* LISTEN 5958/named tcp 0 0 *:3128 *:* LISTEN 6901/(squid) tcp 0 0 *:smtp *:* LISTEN 7050/master tcp 0 0 localhost:953 *:* LISTEN 5958/named tcp 0 0 *:1723 *:* LISTEN 7057/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7070/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 5958/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6283/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 6911/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 5958/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.
root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6506/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 6887/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7070/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6386/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 7910/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 894/apache2 tcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 7201/proftpd: (accetcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 6901/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7050/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7057/pptpd tcp6 0 0 :::873 :::* LISTEN 7070/rsync tcp6 0 0 :::53 :::* LISTEN 5958/named tcp6 0 0 :::22 :::* LISTEN 6283/sshd tcp6 0 0 :::3000 :::* LISTEN 6911/ntop tcp6 0 0 ::1:953 :::* LISTEN 5958/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.
MRTG - Tráfego*
Internet – eth1
Roteador Embratel
VPN Embratel – eth2
VPN Itaboraí – tun0
*VPN sem tráfego desde 17/04/2010. Este gráfico mostra tráfego mínimo, praticamente nulo.
VPN Yamana – tun1
VPN Juruti
VPN Rio Capim – tun4
VPN Zâmbia – tun6
VPN Parapigmentos*Sem atividade
UeM ADM – CPU Utilization
UeM ADM – Load
UeM GW – CPU Utilization
UeM GW – Load
*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.
Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.
Ipaudit Diário
- Sem informações relevantes -
Ipaudit Semanal (Top 10)
IP Host Name Incoming(bytes)
Outgoing(bytes)
Total(bytes)
200.243.057.005 uemnotes.uem.com.br 6,615,472,864 5,272,279,113 11,887,751,977
192.168.000.001 uemop402.uem.com.br 1,619,803,428 9,525,982,927 11,145,786,355
192.168.000.103 uemnotes.uem.com.br 2,058,258,655 597,992,052 2,656,250,707
200.243.057.011 - 871,784,254 422,579,495 1,294,363,749
200.243.057.008 - 578,375,249 229,953,832 808,329,081
192.168.008.155 uemop959.uem.com.br 544,940,839 71,311,065 616,251,904
192.168.000.107 uemantspam.uem.com.br 326,197,744 120,966,928 447,164,672
192.168.013.215 - 317,182,801 24,461,017 341,643,818
200.243.057.002 correio.uem.com.br 308,958,291 28,843,009 337,801,300
192.168.000.105 uemfs.uem.com.br 26,699,549 286,314,154 313,013,703
Squid Reports Semanal – 10/10/2010 a 18/10/2010
Squid Reports – TopSites
NUMACCESSED SITE CONNECT BYTES TIME
1 au.download.windowsupdate.com 177.96K 4.41G 262.97M
2 osce80-en.url.trendmicro.com 155.44K 98.49M 45.94M
3 armdl.adobe.com 112.87K 3.19G 128.78M
4 shara1.mine.nu 93.14K 130.83M 130.83M
5 89.238.172.213 72.33K 101.77M 105.15M
6 imagem2.buscape.com.br 54.63K 51.47M 3.52M
7 www.globo.com 45.97K 118.23M 7.42M
8 www.google-analytics.com 45.14K 28.41M 11.16M
9 www.postzambia.com 29.04K 145.40M 44.62M
10 s.glbimg.com 24.71K 204.04M 10.14M
11 www.google.com.br 20.92K 126.80M 15.30M
12 clients1.google.com.br 20.69K 11.11M 5.69M
13 p2.trrsf.com.br 19.68K 28.40M 3.97M
14 www.cearahitz.com 18.70K 31.40M 471.79K
15 xtv.clan.su 18.70K 26.30M 26.30M
16 ads.img.globo.com 17.68K 112.16M 11.45M
17 ad.yieldmanager.com 15.98K 64.09M 13.12M
18 xtv2.lv 15.77K 21.80M 21.80M
19 dwtest.mine.nu 15.62K 21.89M 21.89M
20 194.8.75.62 14.74K 102.78M 46.96M
Squid Reports – TopUsers
NUM USERID CONNECT BYTES %BYTES IN-CACHE-OUT ELAPSED TIME MILISEC %TIME
1 192.168.9.202 12.11K 1.80G 6.50% 0.96% 99.04% 13:46:31 49,591,086 0.11%
2 192.168.12.155 21.58K 1.27G 4.60% 1.68% 98.32% 13:54:17 50,057,335 0.11%
3 192.168.9.219 15.63K 933.28M 3.36% 1.58% 98.42% 10:06:27 36,387,653 0.08%
4 192.168.12.241 39.39K 800.36M 2.88% 2.39% 97.61% 16:50:31 60,631,360 0.13%
5 192.168.0.4 4.53K 668.46M 2.41% 1.23% 98.77% 01:56:53 7,013,864 0.02%
6 192.168.0.73 18.17K 618.05M 2.23% 4.16% 95.84% 02:56:28 10,588,486 0.02%
7 192.168.12.156 7.18K 558.38M 2.01% 0.83% 99.17% 04:44:17 17,057,961 0.04%
8 192.168.0.14 30.87K 550.25M 1.98% 7.42% 92.58% 02:57:25 10,645,083 0.02%
9 192.168.13.215 262.15K 539.76M 1.95% 19.72% 80.28% 12137:21:03 43,694,463,004 4.65%
10 192.168.14.118 18.99K 487.45M 1.76% 0.89% 99.11% 06:57:28 25,048,211 0.05%
11 192.168.0.154 20.91K 426.43M 1.54% 7.56% 92.44% 01:50:01 6,601,878 0.01%
12 192.168.9.100 36.48K 423.45M 1.53% 12.00% 88.00% 12:28:40 44,920,164 0.10%
13 192.168.12.234 39.00K 411.43M 1.48% 5.58% 94.42% 14:58:47 53,927,660 0.12%
14 192.168.9.201 44.58K 404.97M 1.46% 12.12% 87.88% 09:11:47 33,107,531 0.07%
15 192.168.12.174 32.47K 402.31M 1.45% 5.30% 94.70% 17:21:30 62,490,403 0.14%
16 192.168.10.112 46.79K 395.28M 1.42% 2.69% 97.31% 31:14:06 112,446,909 0.24%
17 192.168.0.97 15.47K 359.30M 1.29% 3.51% 96.49% 03:04:47 11,087,406 0.02%
18 192.168.0.57 46.62K 336.00M 1.21% 15.05% 84.95% 03:30:00 12,600,172 0.03%
19 192.168.0.79 25.63K 303.50M 1.09% 8.03% 91.97% 02:01:41 7,301,256 0.02%
20 192.168.9.133 13.76K 296.20M 1.07% 2.97% 97.03% 04:16:40 15,400,762 0.03%
Squid Reports – Tentativas de acesso a Sites Indevidos
LOCAL ACESSADO IPwww.nudecelebrities.com 192.168.12.234www.pornconstellation.info 192.168.12.206www.pornhub.com 192.168.12.207www.pornpin.com 192.168.12.206
Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.
Trend Micro - InterScan Messaging Security Suite
DADOS DO SISTEMA
NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.200.1012 9.200.1012 9.120.1012Virus pattern 7.549.00 7.549.00 7.535.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.141.00 0.141.00 0.141.00IntelliTrap exceptions 0.589.00 0.589.00 0.589.00Anti-spam engine 6.0.1038 6.0.1038 6.0.1038Spam pattern 17712.000 17712.000 17700.007IMSS Version 7.0-Build_Linux_3216 N/A
ESTATÍSTICAS
PERÍODO: ÚLTIMOS 7 DIAS
RESUMO
Scanning Conditions Total %Malicious code 61 0.07%Spyware/grayware 0 0%Spam 14404 17.4%Phish 0 0%Attachment 0 0%Size 0 0%Content 441 0.53%Others 0 0%Scanning exceptions 1 0%
GRÁFICOS – PERÍODO 10/10/2010 A 16/10/2010Spam by Action
Spam ActionsDetections Message % Size (MB)
Total spam message count 68297 100.00 139.033
Quarantined 14843 21.73 139.033
Deleted 0 0.00 0.000
Tagged 14843 21.73 139.033
Other 0 0.00 0.000
Rejected by NRS 53454 78.27 N/A
Rejected by IP Profiler 0 0.00 N/A
Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %
[email protected] 498 260 52.21 3.809 [email protected] 283 211 74.56 3.333 [email protected] 387 203 52.45 3.107 [email protected] 238 202 84.87 4.020 [email protected] 461 201 43.60 1.235 [email protected] 321 200 62.31 4.061 [email protected] 388 189 48.71 2.411 [email protected] 234 186 79.49 2.015 [email protected] 579 162 27.98 2.901 26.75
[email protected] 196 161 82.14 1.126 25.38
Virus and Malicious Code Summary
Detections Message %
Total detections 59 100.00
Messages deleted 0 0.00
Messages quarantined 59 100.00
Attachments cleaned 0 0.00
Messages with attachments deleted 59 100.00
Messages blocked by IP Profiler 0 0.00
Top 10 Virus and Malicious Code Detections1TROJ_BREDO.CI 402TROJ_OFICLA.AI 173Possible_Virus 14JS_NIMDA.A-2 15N/A 06N/A 07N/A 08N/A 09N/A 0
10N/A 0
Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %
[email protected] 5 3 60.00 0.201 [email protected] 60 3 5.00 0.172 [email protected] 71 3 4.23 0.171 [email protected] 36 2 5.56 0.154 [email protected] 4 2 50.00 0.154 [email protected] 8 2 25.00 0.155 [email protected] 26 2 7.69 0.154 [email protected] 3 2 66.67 0.124 [email protected] 12 2 16.67 0.154 75.26
[email protected] 37 2 5.41 0.124 65.51
CACTI – Gráficos
Período de 11/10/2010 a 18/10/2010
UEMFS
UEMICA
UEMNOTES
UEMPRD
UEMRMSA
Nagios
Disponibilidade – últimos 7 dias
Host Service % Time OK% Time Warning
% Time Unknown
% Time Critical
% Time Undetermined
internet_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
link-juruti Rede_Ping93.802% (93.802%)
0.000% (0.000%)
0.000% (0.000%)
6.198% (6.198%) 0.000%
link-riocapim Rede_Ping70.241% (70.241%)
0.000% (0.000%)
0.000% (0.000%)
29.759% (29.759%) 0.000%
link-yamana Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
link-zambia Rede_Ping70.175% (70.175%)
0.000% (0.000%)
0.000% (0.000%)
29.825% (29.825%) 0.000%
nagios_remoto Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
router_ciscoRede_Ping_ObrasEmbratel
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_Telnet100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
router_intel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_Telnet100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
site_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
storage-119 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
storage-120 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-B Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-C Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-D Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-E Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-F Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
uem-adm Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_Http:82100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
uem-gw Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Disk_backup100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Disk_bkpremoto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_pessoal
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_public
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_ponto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_restrito
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Dns 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ftp 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:81 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Squid:3128 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemantspam-imss Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendImss 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendPolices 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemap-aplicacao Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembdc Rede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembes-blackberry Rede_Http 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_LotusDomino 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemdev Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemfs-fileserver Rede_Http 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_NetBios 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemica-metaframe Rede_Http 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Metaframe 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TS 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemmine-database Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Sql 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemnotes-correio Rede_Https 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ldap 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Smtp 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemprd Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP 99.752% (99.752%)
0.000% (0.000%)
0.000% (0.000%)
0.248% (0.248%)
0.000%
uemrmsa-database Rede_Oracle 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemvm-vmware Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vm-isodoc Rede_Http 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Postgresql 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Average 99.095% (99.095%)
0.000% (0.000%)
0.000% (0.000%)
0.905% (0.905%)
0.000%
NTOP
Trend Micro - Office Scan
Update Status for Networked Computers
* itens marcados com a cor amarela possuem a mesma versão da semana anterior
Top 10 Security Risk Statistics for Networked Computers
Virus/Malware Statistics:
Virus/Malware
Name Infections
HTML_IFRAME.AUO 9226
Mal_Otorun1 3985
PE_MABEZAT.B-O 3835
Mal_Sality 1607
WORM_OTOIT.SMT 1181
TROJ_Generic.DIT 1098
TROJ_DLOADE.FF 975
TSC_GENCLEAN 941
Mal_Otorun2 891
BAT_BANKER.LEZC 781
Infected Computers
Name Detections Log
UEMMBB27 7344 View
SAFETY 4101 View
UEMMBB202 1874 View
UEMPABX 1098 View
UEMFS 690 View
UEMMBB312 431 View
UEMZMWS 361 View
UEMOP956 349 View
UEMOP952 226 View
UEMOP954 217 View
Infection Source
Name Detections
192.168.9.242\ADMINISTRADOR 70
192.168.4.12\KEILLA REGINA 35
192.168.9.38\ADMINISTRADOR 34
\\192.168.0.133\GUEST 22
\\192.168.0.131\GUEST 21
RAR-29A45523705\ROTINARC 19
192.168.9.250\ADMINISTRADOR 16
\\[fe80::c5b5:9711:6e96:4124]\Guest 16
\\UEMZMSPL\Guest 16
\\UEMZMSPL\ANONYMOUS LOGON 16
Spyware/Grayware Statistics:
Spyware/Grayware
Name Infections
GRAY_Gen 171
HKTL_ULTRASURF 74
GRAY_GEN.0Z1013S 62
CRCK_KEYGEN 33
SPYW_ARDAKEY 29
ADW_SAVENOW.BO 29
HKTL_USURF 25
GRAY_Sml 22
CRCK_JBEAN 20
ADW_WEBDIR.AC 12
Infected Computers
Name Detections Log
UEMFS 217 View
UEMICA 62 View
UEMPABX 31 View
UEMOP753 14 View
UEMMBB163 13 View
UEMOP421 13 View
UEMOP416 5 View
UEMOP755 5 View
UEMOP954 5 View
UEMMBB01 3 View