relatório semanal u&m - investlinux –...
Post on 04-Jul-2020
7 Views
Preview:
TRANSCRIPT
Relatório Semanal U&M - InvestLinux – 08/11/2010
Uptime / Last OK
Espaço em Disco OK
Dmesg OK
Logs OK
Dat Anti-Vírus OK
Top - Memória / Processos / Carga OK
Processos OK
Portas Tcp Udp Abertas OK
MRTG - Tráfego OK
MRTG - Processador OK
Ipaudit Diário OK
Ipaudit Semanal OK
Squid Reports - TopSites OK
Squid Reports - TopUsers OK
Nagios - Disponibilidade HTTP 100,00%
Nagios - Disponibilidade SMTP 100,00%
Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas
[root@uem-gw]# uptime 22:07:44 up 28 days, 10:57, 1 user, load average: 0.01, 0.07, 0.08
[root@uem-gw]# last | sort -k 3 | moreuem ftpd29470 187.116.184.201 Wed Nov 3 10:31 - 10:31 (00:00) uem ftpd29475 187.116.184.201 Wed Nov 3 10:31 - 10:57 (00:26) uem ftpd29703 187.116.184.201 Wed Nov 3 10:37 - 10:37 (00:00) uem ftpd29772 187.116.184.201 Wed Nov 3 10:40 - 10:55 (00:14) uem ftpd29839 187.116.184.201 Wed Nov 3 10:42 - 10:42 (00:00) uem ftpd29848 187.116.184.201 Wed Nov 3 10:42 - 10:44 (00:01) uem ftpd22661 187.116.90.188 Thu Nov 4 11:30 - 11:30 (00:00) uem ftpd22682 187.116.90.188 Thu Nov 4 11:30 - 11:40 (00:10) uem ftpd17711 189.2.22.62 Mon Nov 1 16:27 - 16:32 (00:04) uem ftpd17716 189.2.22.62 Mon Nov 1 16:28 - 16:30 (00:02) uem ftpd5816 189.3.236.211 Sat Nov 6 09:48 - 09:58 (00:09) uem ftpd5817 189.3.236.211 Sat Nov 6 09:48 - 09:58 (00:10) uem ftpd5916 189.3.236.211 Sat Nov 6 09:53 - 09:53 (00:00) uem ftpd26443 189.3.236.211 Tue Nov 2 14:37 - 14:47 (00:09) uem ftpd26444 189.3.236.211 Tue Nov 2 14:37 - 14:47 (00:10) uem ftpd26475 189.3.236.211 Tue Nov 2 14:39 - 14:39 (00:00) uem ftpd26476 189.3.236.211 Tue Nov 2 14:39 - 14:39 (00:00) uem ftpd26482 189.3.236.211 Tue Nov 2 14:40 - 14:40 (00:00) uem ftpd26483 189.3.236.211 Tue Nov 2 14:40 - 14:41 (00:01) uem ftpd26755 189.3.236.211 Tue Nov 2 14:51 - 14:51 (00:00) uem ftpd26756 189.3.236.211 Tue Nov 2 14:51 - 14:51 (00:00) uem ftpd26749 189.3.236.211 Tue Nov 2 14:51 - 14:57 (00:06) uem ftpd26800 189.3.236.211 Tue Nov 2 14:52 - 14:52 (00:00) uem ftpd26801 189.3.236.211 Tue Nov 2 14:52 - 14:53 (00:00) uem ftpd4276 189.3.236.211 Wed Nov 3 12:45 - 12:55 (00:10) uem ftpd4277 189.3.236.211 Wed Nov 3 12:45 - 12:55 (00:10) uem ftpd4291 189.3.236.211 Wed Nov 3 12:46 - 12:48 (00:01) uem ftpd4384 189.3.236.211 Wed Nov 3 12:48 - 12:49 (00:01) uem ftpd12250 189.3.236.211 Wed Nov 3 15:06 - 15:16 (00:09) uem ftpd12251 189.3.236.211 Wed Nov 3 15:07 - 15:17 (00:10) vpnuem ppp0 189.83.109.147 Sun Nov 7 21:08 - 22:58 (01:50) vpnuem ppp0 189.83.59.179 Thu Nov 4 18:41 - 06:50 (12:09) uem ftpd19526 189.84.30.195 Wed Nov 3 17:17 - 17:27 (00:09) uem ftpd19531 189.84.30.195 Wed Nov 3 17:17 - 17:28 (00:10) uem ftpd21612 189.84.30.195 Wed Nov 3 17:24 - 17:24 (00:00) uem ftpd21617 189.84.30.195 Wed Nov 3 17:24 - 17:25 (00:01) uem ftpd22089 189.84.30.195 Wed Nov 3 17:44 - 17:44 (00:00) uem ftpd22090 189.84.30.195 Wed Nov 3 17:44 - 17:54 (00:10) collect ftpd17956 192.168.12.113 Mon Nov 8 12:16 - 12:20 (00:03) collect ftpd17951 192.168.12.113 Mon Nov 8 12:16 - 12:26 (00:09) collect ftpd17968 192.168.12.113 Mon Nov 8 12:17 - 12:30 (00:13) collect ftpd18602 192.168.12.113 Mon Nov 8 12:18 - 12:19 (00:00)
Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 19G 17G 54% /varrun 1014M 272K 1014M 1% /var/runvarlock 1014M 4,0K 1014M 1% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 15G 33G 31% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 4,3G 16G 22% /ftp/Pessoal//192.168.0.105/Public 200G 182G 19G 91% /ftp/Public//192.168.0.105/Restrito 200G 182G 19G 91% /home/Restrito//192.168.0.100/CorporeRM 47G 17G 30G 36% /home/ponto//192.168.0.105/BKP-linux 78G 54G 24G 70% /backup-remoto
Dmesg
Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -
Logs
Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )
Dat Anti-Vírus
[root@uem-gw]# freshclamClamAV update process started at Mon Nov 8 22:10:31 2010main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)daily.cld is up to date (version: 12221, sigs: 145519, f-level: 53, builder: arnaud)bytecode.cld is up to date (version: 89, sigs: 10, f-level: 53, builder: edwin)
Semana Anterior:ClamAV update process started at Wed Nov 3 13:20:50 2010 main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven) daily.cld is up to date (version: 12199, sigs: 144347, f-level: 53, builder: guitar) bytecode.cld is up to date (version: 88, sigs: 10, f-level: 53, builder: edwin)
Top - Memória / Processos / Carga- Sem informações relevantes -
Processos- Sem informações relevantes -
Portas Tcp Udp Abertas
[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6506/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 6887/nrpe tcp 0 0 *:rsync *:* LISTEN 7070/rsync tcp 0 0 localhost:mysql *:* LISTEN 6386/mysqld tcp 0 0 *:webmin *:* LISTEN 7910/perl tcp 0 0 *:81 *:* LISTEN 396/apache2 tcp 0 0 *:ftp *:* LISTEN 15715/proftpd: (acctcp 0 0 10.0.0.29:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.27:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.25:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.23:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.21:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.19:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.17:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.15:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.13:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.11:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.9:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.7:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.3:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.5:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.1:domain *:* LISTEN 5958/named tcp 0 0 192.168.1.1:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.50:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.11:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.10:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.9:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.8:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.7:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.6:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.4:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.3:domain *:* LISTEN 5958/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 5958/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 5958/named tcp 0 0 192.168.0.1:domain *:* LISTEN 5958/named tcp 0 0 localhost:domain *:* LISTEN 5958/named tcp 0 0 *:3128 *:* LISTEN 27933/(squid) tcp 0 0 *:smtp *:* LISTEN 7050/master
tcp 0 0 localhost:953 *:* LISTEN 5958/named tcp 0 0 *:1723 *:* LISTEN 7057/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7070/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 5958/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6283/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 15927/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 5958/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.
root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6506/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 6887/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7070/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6386/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 7910/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 396/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 15715/proftpd: (acctcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 27933/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7050/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7057/pptpd tcp6 0 0 :::873 :::* LISTEN 7070/rsync tcp6 0 0 :::53 :::* LISTEN 5958/named tcp6 0 0 :::22 :::* LISTEN 6283/sshd tcp6 0 0 :::3000 :::* LISTEN 15927/ntop tcp6 0 0 ::1:953 :::* LISTEN 5958/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.
MRTG - Tráfego*
Internet – eth1
Roteador Embratel
VPN Embratel – eth2
VPN Itaboraí – tun0
*VPN sem tráfego desde 17/04/2010. Este gráfico mostra tráfego mínimo, praticamente nulo.
VPN Yamana – tun1
* Tráfego elevado no dia 07/11/2010 (domingo), causado principalmente pelo ip 192.168.8.190. Veja detalhes em: http://correio.uem.com.br:81/~ipaudit/cgi-bin/SearchIpauditData?date=2010-11-07-10:00&ip=192.168.008.190&sort=0
VPN Juruti
VPN Rio Capim – tun4
VPN Zâmbia – tun6
VPN Parapigmentos*Sem atividade
UeM ADM – CPU Utilization
UeM ADM – Load
UeM GW – CPU Utilization
UeM GW – Load
*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.
Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.
Ipaudit Diário
- Sem informações relevantes -
Ipaudit Semanal (Top 10)
IP Host Name Incoming(bytes)
Outgoing(bytes)
Total(bytes)
200.243.057.005 uemnotes.uem.com.br 9,059,776,065 5,375,161,419 14,434,937,484
192.168.000.001 - 1,327,002,961 7,513,778,203 8,840,781,164
192.168.000.035 uemop607.uem.com.br 2,906,728,859 57,698,003 2,964,426,862
192.168.000.103 uemnotes.uem.com.br 1,058,358,862 791,859,599 1,850,218,461
200.243.057.008 - 1,089,780,721 229,036,372 1,318,817,093
200.243.057.011 - 921,660,275 371,453,856 1,293,114,131
192.168.008.190 uemop959.uem.com.br 795,004,672 94,296,529 889,301,201
192.168.000.107 uemantspam.uem.com.br 494,416,469 165,667,073 660,083,542
192.168.000.007 uemmbb36.uem.com.br 615,114,800 21,948,182 637,062,982
200.243.057.002 correio.uem.com.br 483,865,114 77,575,061 561,440,175
Squid Reports Semanal – 31/10/2010 a 07/11/2010
Squid Reports – TopSites
NUM ACCESSED SITE CONNECT BYTES TIME
1 osce80-en.url.trendmicro.com 131.19K 85.58M 65.43M
2 armdl.adobe.com 85.28K 1.92G 49.83M
3 imagem2.buscape.com.br 83.87K 68.03M 5.51M
4 www.globo.com 59.60K 126.07M 16.09M
5 www.google-analytics.com 59.45K 36.76M 14.52M
6 www.ufxbank.com 46.84K 28.19M 17.23M
7 au.download.windowsupdate.com 46.44K 1.13G 97.02M
8 s.glbimg.com 35.67K 383.28M 14.63M
9 www.google.com.br 24.89K 159.92M 20.27M
10 ads.img.globo.com 23.86K 151.53M 22.97M
11 www.netshoes.com.br 23.31K 136.96M 12.81M
12 clients1.google.com.br 22.08K 11.79M 7.38M
13 portal.uem.com.br 18.97K 143.45M 11.69M
14 www.postzambia.com 17.40K 93.87M 23.78M
15 p2.trrsf.com.br 15.28K 21.90M 2.81M
16 l.yimg.com 14.81K 97.59M 8.69M
17 pagead2.googlesyndication.com 13.84K 59.95M 7.39M
18 globoesporte.globo.com 13.38K 78.76M 5.68M
19 g1.globo.com 13.00K 74.36M 8.37M
20 www.estadao.com.br 12.15K 79.57M 54.61M
Squid Reports – TopUsers
NUMUSERID CONNECT BYTES %BYTES IN-CACHE-OUT ELAPSED TIME MILISEC %TIME
1 192.168.0.35 8.59K 9.20G 26.20% 0.07% 23.32% 10:20:36 37,236,080 1.36%
2 192.168.0.7 27.10K 3.01G 8.57% 0.79% 71.30% 10:45:38 38,738,281 1.41%
3 192.168.0.12 7.72K 1.43G 4.08% 0.39% 99.61% 04:29:44 16,184,276 0.59%
4 192.168.0.29 17.61K 876.29M 2.49% 2.57% 97.43% 05:07:58 18,478,463 0.67%
5 192.168.0.76 1.20K 756.73M 2.15% 0.05% 99.95% 06:47:39 24,459,142 0.89%
6 192.168.0.5 19.38K 626.39M 1.78% 1.74% 98.26% 06:09:23 22,163,787 0.81%
7 192.168.8.190 32.83K 561.51M 1.60% 7.43% 92.57% 10:03:30 36,210,618 1.32%
8 192.168.12.241 26.87K 495.58M 1.41% 2.85% 97.15% 13:40:41 49,241,832 1.79%
9 192.168.12.227 44.16K 480.61M 1.37% 18.94% 81.06% 22:58:17 82,697,002 3.01%
10 192.168.9.100 38.45K 453.95M 1.29% 11.94% 88.06% 10:55:55 39,355,557 1.43%
11 192.168.10.162 14.21K 431.13M 1.23% 3.96% 96.04% 14:37:06 52,626,388 1.92%
12 192.168.10.217 82.00K 396.64M 1.13% 12.40% 87.60% 16:33:40 59,620,733 2.17%
13 192.168.12.174 19.48K 393.44M 1.12% 4.73% 95.27% 07:04:39 25,479,277 0.93%
14 192.168.12.201 24.27K 378.44M 1.08% 4.33% 95.67% 09:48:54 35,334,063 1.29%
15 192.168.0.48 9.11K 368.62M 1.05% 3.02% 96.98% 03:41:17 13,277,339 0.48%
16 192.168.0.79 18.18K 343.24M 0.98% 1.16% 98.84% 02:06:00 7,560,489 0.28%
17 192.168.12.126 41.46K 337.09M 0.96% 8.89% 91.11% 11:47:43 42,463,456 1.55%
18 192.168.12.204 3.42K 321.37M 0.91% 0.77% 99.23% 05:41:31 20,491,421 0.75%
19 192.168.12.226 11.52K 317.32M 0.90% 4.99% 95.01% 13:24:59 48,299,472 1.76%
20 192.168.12.218 9.28K 313.95M 0.89% 2.57% 97.43% 04:52:58 17,578,380 0.64%
Squid Reports – Tentativas de acesso a Sites Indevidos
LOCAL ACESSADO IPwww.adult-profit-files.com 192.168.12.234www.celebrity-worship.com 192.168.12.234www.celebrityf.com 192.168.12.234www.celebsandstarsnude.com 192.168.12.234www.celebsfilms.com 192.168.12.234www.celebskin.net 192.168.12.234www.celebx.net 192.168.12.234www.sensualsexshop.com.br 192.168.0.7www.videosadulto.org 192.168.0.14
Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.
Trend Micro - InterScan Messaging Security Suite
DADOS DO SISTEMA
NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.200.1012 9.200.1012 9.120.1012Virus pattern 7.601.00 7.601.00 7.589.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.143.00 0.143.00 0.143.00IntelliTrap exceptions 0.597.00 0.597.00 0.597.00Anti-spam engine 6.0.1038 6.0.1038 6.0.1038Spam pattern 17754.003 17754.003 17744.000IMSS Version 7.0-Build_Linux_3216 N/A
ESTATÍSTICAS
PERÍODO: ÚLTIMOS 7 DIAS
RESUMO
Scanning Conditions Total %Malicious code 29 0.03%Spyware/grayware 0 0%Spam 24742 25.62%Phish 0 0%Attachment 0 0%Size 0 0%Content 537 0.56%Others 0 0%Scanning exceptions 15 0.02%
GRÁFICOS – PERÍODO 31/10/2010 A 06/11/2010Spam by Action
Spam ActionsDetections Message % Size (MB)
Total spam message count 81354 100.00 211.876
Quarantined 21502 26.43 211.876
Deleted 0 0.00 0.000
Tagged 21502 26.43 211.876
Other 0 0.00 0.000
Rejected by NRS 59852 73.57 N/A
Rejected by IP Profiler 0 0.00 N/A
Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %
1diretoria@uem.com.br 441 245 55.56 6.091 20.752jamily.fazza@uem.com.br 376 213 56.65 3.119 23.403angelo.navarro@uem.com.br 410 205 50.00 1.473 3.394kiko.schlinz@uem.com.br 363 199 54.82 2.117 6.325comercial@uem.com.br 337 196 58.16 3.079 7.466claudia.santos@uem.com.br 245 185 75.51 1.522 9.807angelo@uem.com.br 201 165 82.09 1.915 63.498evandro.rodrigo@uem.com.br 220 165 75.00 2.024 17.889uem@uem.com.br 208 162 77.88 1.415 35.55
10rafael.nogueira@uem.com.br 422 137 32.46 1.289 6.30
Virus and Malicious Code Summary
Detections Message %
Total detections 24 100.00
Messages deleted 0 0.00
Messages quarantined 24 100.00
Attachments cleaned 0 0.00
Messages with attachments deleted 24 100.00
Messages blocked by IP Profiler 0 0.00
Top 10 Virus and Malicious Code Detections1TROJ_REFROSO.GB 222Possible_Virus 13TROJ_BUZUS.EV 14N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0
10N/A 0
Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %
1ramon.costad@uem.com.br 29 2 6.90 0.091 46.262dmauricio.cortes@uem.com.br 35 2 5.71 0.091 42.983rcelon@uem.com.br 23 1 4.35 0.046 53.044azza@uem.com.br 12 1 8.33 0.046 66.605ppegorarodd@uem.com.br 23 1 4.35 0.046 47.726amdsalves@uem.com.br 29 1 3.45 0.046 44.597ramon.costa@uem.com.br 82 1 1.22 0.046 8.068uem@uem.com.br 208 1 0.48 0.046 1.159azotarelli@uem.com.br 46 1 2.17 0.046 21.35
10rcela.ferrazdd@uem.com.br 44 1 2.27 0.046 24.24
CACTI – Gráficos
Período de 01/11/2010 a 08/11/2010
UEMFS
UEMICA
UEMNOTES
UEMPRD
UEMRMSA
Nagios
Disponibilidade – últimos 7 dias
Host Service % Time OK% Time Warning
% Time Unknown
% Time Critical
% Time Undetermined
internet_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
link-juruti Rede_Ping94.314% (94.314%)
0.000% (0.000%)
0.000% (0.000%)
5.686% (5.686%) 0.000%
link-riocapim Rede_Ping92.529% (92.529%)
0.000% (0.000%)
0.000% (0.000%)
7.471% (7.471%) 0.000%
link-yamana Rede_Ping99.743% (99.743%)
0.049% (0.049%)
0.000% (0.000%)
0.208% (0.208%) 0.000%
link-zambia Rede_Ping89.919% (89.919%)
0.000% (0.000%)
0.000% (0.000%)
10.081% (10.081%) 0.000%
nagios_remoto Rede_Http99.902% (99.902%)
0.000% (0.000%)
0.000% (0.000%)
0.098% (0.098%) 0.000%
router_ciscoRede_Ping_ObrasEmbratel
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_Telnet100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
router_intel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_Telnet100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
site_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
storage-119 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
storage-120 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-B Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-C Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-D Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-E Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
switch-3com-F Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
uem-adm Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_Http:82100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
uem-gw Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Disk_backup100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%) 0.000%
Local_Disk_bkpremoto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_pessoal
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_public
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_ponto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_restrito
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Dns 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ftp 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:81 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Squid:3128 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemantspam-imss Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendImss 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendPolices 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemap-aplicacao Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembdc Rede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembes-blackberry Rede_Http 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_LotusDomino 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 99.950% (99.950%)
0.000% (0.000%)
0.000% (0.000%)
0.050% (0.050%)
0.000%
uemdev Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemfs-fileserver Rede_Http 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_NetBios 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemica-metaframe Rede_Http 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Metaframe 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TS 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemmine-database Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Sql 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemnotes-correio Rede_Https 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ldap 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Smtp 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemprd Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemrmsa-database Rede_Oracle 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemvm-vmware Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vm-isodoc Rede_Http 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Postgresql 100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Average 99.676% (99.676%)
0.001% (0.001%)
0.000% (0.000%)
0.323% (0.323%)
0.000%
NTOP
Trend Micro - Office Scan
Update Status for Networked Computers
* itens marcados com a cor amarela possuem a mesma versão da semana anterior
Top 10 Security Risk Statistics for Networked Computers
Virus/Malware Statistics:
Virus/Malware
Name Infections
HTML_IFRAME.AUO 11211
Mal_Otorun1 3993
PE_MABEZAT.B-O 3835
Mal_Sality 1607
WORM_OTOIT.SMT 1181
TROJ_Generic.DIT 1098
TSC_GENCLEAN 1036
TROJ_DLOADE.FF 975
Mal_Otorun2 922
BAT_BANKER.LEZC 781
Infected Computers
Name Detections Log
UEMMBB27 7756 View
SAFETY 4101 View
UEMMBB202 3447 View
UEMPABX 1107 View
UEMFS 694 View
UEMMBB312 431 View
UEMZMWS 361 View
UEMOP956 349 View
UEMOP952 226 View
UEMOP954 219 View
Infection Source
Name Detections
192.168.9.242\ADMINISTRADOR 70
192.168.4.12\KEILLA REGINA 35
192.168.9.38\ADMINISTRADOR 34
\\192.168.0.133\GUEST 22
\\192.168.0.131\GUEST 21
RAR-29A45523705\ROTINARC 19
\\[fe80::c5b5:9711:6e96:4124]\Guest 16
192.168.9.250\ADMINISTRADOR 16
\\UEMZMSPL\Guest 16
\\UEMZMSPL\ANONYMOUS LOGON 16
Spyware/Grayware Statistics:
Spyware/Grayware
Name Infections
GRAY_Gen 171
HKTL_ULTRASURF 74
GRAY_GEN.0Z1013S 65
SPYW_ARDAKEY 44
CRCK_KEYGEN 39
ADW_SAVENOW.BO 29
HKTL_USURF 25
GRAY_Sml 22
CRCK_JBEAN 20
ADW_WEBDIR.AC 12
Infected Computers
Name Detections Log
UEMFS 217 View
UEMICA 65 View
UEMPABX 46 View
UEMOP753 14 View
UEMOP421 14 View
UEMMBB163 13 View
UEMOP964 5 View
UEMOP416 5 View
UEMOP755 5 View
UEMOP954 5 View
top related