relatório semanal u&m - investlinux –...
TRANSCRIPT
Relatório Semanal U&M - InvestLinux – 11/06/2012
Uptime / Last OK
Espaço em Disco OK
Dmesg OK
Logs OK
Dat Anti-Vírus OK
Top - Memória / Processos / Carga OK
Processos OK
Portas Tcp Udp Abertas OK
MRTG - Tráfego OK
MRTG - Processador OK
Ipaudit Diário OK
Ipaudit Semanal OK
Squid Reports - TopSites OK
Squid Reports - TopUsers OK
Nagios - Disponibilidade HTTP 100,00%
Nagios - Disponibilidade SMTP 100,00%
Uptime / LastUptime (Tempo Online do Servidor) Last (Conexões remotas)
[root@uem-gw]# uptime 10:39:44 up 11 days, 2:12, 1 user, load average: 0.31, 0.57, 0.54
[root@uem-gw]# last | sort -k 3 | morevpnuem ppp0 177.115.72.32 Sun Jun 3 10:31 - 11:13 (00:42) uem ftpd25039 177.77.136.208 Sun Jun 3 12:47 - 12:47 (00:00) uem ftpd25044 177.77.136.208 Sun Jun 3 12:47 - 12:49 (00:01) free ftpd19519 186.220.12.64 Mon Jun 4 11:24 - 11:26 (00:02) free ftpd30834 186.220.12.64 Tue Jun 5 11:12 - 11:24 (00:12) free ftpd5855 186.220.12.64 Wed Jun 6 10:18 - 10:28 (00:10) uem ftpd16073 187-27-120-26.3g Mon Jun 4 10:39 - 10:39 (00:00) uem ftpd16078 187-27-120-26.3g Mon Jun 4 10:39 - 10:50 (00:10) free ftpd28578 189-107-131-238. Sun Jun 10 18:41 - 18:41 (00:00) free ftpd28584 189-107-131-238. Sun Jun 10 18:41 - 18:41 (00:00) free ftpd28617 189-107-131-238. Sun Jun 10 18:42 - 20:53 (02:11) vpnuem ppp0 189.53.208.93 Sun Jun 3 10:02 - 10:19 (00:16) vpnuem ppp0 189.53.208.93 Sun Jun 3 19:32 - 19:33 (00:01) free ftpd4514 192.168.0.205 Wed Jun 6 15:34 - 15:34 (00:00) free ftpd4521 192.168.0.205 Wed Jun 6 15:35 - 15:35 (00:00) free ftpd4575 192.168.0.205 Wed Jun 6 15:35 - 15:35 (00:00) free ftpd4918 192.168.0.205 Wed Jun 6 15:43 - 15:43 (00:00) free ftpd4945 192.168.0.205 Wed Jun 6 15:43 - 15:43 (00:00) free ftpd4955 192.168.0.205 Wed Jun 6 15:44 - 15:46 (00:01) uemcc ftpd13581 192.168.0.93 Fri Jun 1 11:01 - 11:01 (00:00) uemcc ftpd13644 192.168.0.93 Fri Jun 1 11:02 - 11:02 (00:00) collect ftpd17795 196.212.54.42 Fri Jun 8 04:48 - 04:48 (00:00) collect ftpd17794 196.212.54.42 Fri Jun 8 04:48 - 04:49 (00:00) collect ftpd17837 196.212.54.42 Fri Jun 8 04:48 - 04:50 (00:01) collect ftpd17789 196.212.54.42 Fri Jun 8 04:48 - 04:58 (00:09) collect ftpd17838 196.212.54.42 Fri Jun 8 04:49 - 04:52 (00:03) collect ftpd10833 196.212.54.42 Thu Jun 7 10:11 - 10:12 (00:01) collect ftpd10828 196.212.54.42 Thu Jun 7 10:11 - 10:21 (00:09) collect ftpd10853 196.212.54.42 Thu Jun 7 10:12 - 10:12 (00:00) collect ftpd10858 196.212.54.42 Thu Jun 7 10:12 - 10:12 (00:00) collect ftpd11033 196.212.54.42 Thu Jun 7 10:17 - 10:26 (00:09) collect ftpd11054 196.212.54.42 Thu Jun 7 10:17 - 10:27 (00:10) collect ftpd12916 196.212.54.42 Thu Jun 7 10:26 - 10:34 (00:07) collect ftpd13136 196.212.54.42 Thu Jun 7 10:27 - 10:30 (00:02) collect ftpd15359 196.212.54.42 Thu Jun 7 10:31 - 10:34 (00:02) collect ftpd15488 196.212.54.42 Thu Jun 7 10:34 - 10:35 (00:00) collect ftpd16022 196.212.54.42 Thu Jun 7 10:49 - 10:49 (00:00) free ftpd19600 200.204.55.142 Mon Jun 4 11:27 - 11:55 (00:28) free ftpd7707 200.204.55.142 Wed Jun 6 10:27 - 10:37 (00:10) free ftpd10116 200.204.55.142 Wed Jun 6 10:37 - 11:04 (00:27) free ftpd11249 200.204.55.142 Wed Jun 6 11:05 - 11:05 (00:00) free ftpd11253 200.204.55.142 Wed Jun 6 11:05 - 11:07 (00:02) uem ftpd32663 200.208.86.178 Mon Jun 11 07:56 - 07:56 (00:00) Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 26G 9,7G 73% /varrun 1014M 264K 1014M 1% /var/runvarlock 1014M 0 1014M 0% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 19G 30G 39% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 11G 9,4G 54% /ftp/Pessoal//192.168.0.105/Public 200G 149G 52G 75% /ftp/Public//192.168.0.105/Restrito 200G 149G 52G 75% /home/Restrito//192.168.0.100/CorporeRM 47G 24G 24G 51% /home/ponto//192.168.0.105/BKP-linux 30G 13G 18G 41% /backup-remoto
Dmesg
Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -
Logs
Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )
Dat Anti-Vírus
[root@uem-gw]# freshclamClamAV update process started at Mon Jun 11 10:43:34 2012main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)daily.cld is up to date (version: 15027, sigs: 217122, f-level: 63, builder: ccordes)WARNING: Current functionality level = 62, recommended = 63Please check if ClamAV tools are linked against the proper version of libclamavDON'T PANIC! Read http://www.clamav.net/support/faqbytecode.cld is up to date (version: 185, sigs: 39, f-level: 63, builder: neo)WARNING: Current functionality level = 62, recommended = 63Please check if ClamAV tools are linked against the proper version of libclamavDON'T PANIC! Read http://www.clamav.net/support/faq[LibClamAV] ***********************************************************[LibClamAV] *** This version of the ClamAV engine is outdated. ***[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***[LibClamAV] ***********************************************************[LibClamAV] ***********************************************************[LibClamAV] *** This version of the ClamAV engine is outdated. ***[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***[LibClamAV] ***********************************************************
Semana Anterior:ClamAV update process started at Wed Jun 6 08:02:55 2012 main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cld is up to date (version: 15007, sigs: 202098, f-level: 63, builder: guitar) WARNING: Current functionality level = 62, recommended = 63 Please check if ClamAV tools are linked against the proper version of libclamav DON'T PANIC! Read http://www.clamav.net/support/faq bytecode.cld is up to date (version: 185, sigs: 39, f-level: 63, builder: neo) WARNING: Current functionality level = 62, recommended = 63 Please check if ClamAV tools are linked against the proper version of libclamav DON'T PANIC! Read http://www.clamav.net/support/faq [LibClamAV] *********************************************************** [LibClamAV] *** This version of the ClamAV engine is outdated. *** [LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq *** [LibClamAV] *********************************************************** [LibClamAV] *********************************************************** [LibClamAV] *** This version of the ClamAV engine is outdated. *** [LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq *** [LibClamAV] ***********************************************************
Top - Memória / Processos / Carga- Sem informações relevantes -
Processos- Sem informações relevantes -
Portas Tcp Udp Abertas[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6681/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 17241/nrpe tcp 0 0 *:rsync *:* LISTEN 7227/rsync tcp 0 0 localhost:mysql *:* LISTEN 6588/mysqld tcp 0 0 *:webmin *:* LISTEN 8602/perl tcp 0 0 *:81 *:* LISTEN 4154/apache2 tcp 0 0 *:ftp *:* LISTEN 14884/proftpd: (acctcp 0 0 10.0.0.29:domain *:* LISTEN 6112/named
tcp 0 0 10.0.0.27:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.25:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.23:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.21:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.19:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.17:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.15:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.13:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.11:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.9:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.7:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.3:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.5:domain *:* LISTEN 6112/named tcp 0 0 10.0.0.1:domain *:* LISTEN 6112/named tcp 0 0 192.168.1.1:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.12:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.50:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.11:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.10:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.9:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.8:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.7:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.6:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.4:domain *:* LISTEN 6112/named tcp 0 0 200.243.57.3:domain *:* LISTEN 6112/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 6112/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 6112/named tcp 0 0 192.168.0.1:domain *:* LISTEN 6112/named tcp 0 0 localhost:domain *:* LISTEN 6112/named tcp 0 0 *:ssh *:* LISTEN 6485/sshd tcp 0 0 *:3128 *:* LISTEN 4905/(squid) tcp 0 0 *:smtp *:* LISTEN 7207/master tcp 0 0 localhost:953 *:* LISTEN 6112/named tcp 0 0 *:1723 *:* LISTEN 7214/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7227/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 6112/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6485/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 7074/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 6112/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.
root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6681/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 17241/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7227/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6588/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 8602/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 4154/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 14884/proftpd: (acctcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.12:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6112/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6485/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 4905/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7207/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6112/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7214/pptpd tcp6 0 0 :::873 :::* LISTEN 7227/rsync tcp6 0 0 :::53 :::* LISTEN 6112/named tcp6 0 0 :::22 :::* LISTEN 6485/sshd tcp6 0 0 :::3000 :::* LISTEN 7074/ntop tcp6 0 0 ::1:953 :::* LISTEN 6112/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.
MRTG - Tráfego*
Internet – eth1
Roteador Embratel
VPN Embratel – eth2
VPN Yamana – tun1
VPN Juruti
VPN Rio Capim – tun4
VPN Zâmbia – tun6
VPN Carajás – tun7
* Tráfego elevado em 06/06 (quarta-feira), provavelmente orginado pelo IP 192.168.13.207.Veja detalhes em:http://correio.uem.com.br:81/~ipaudit/cgi-bin/SearchIpauditData?date=2012-06-06-08:00&ip=192.168.013.207&sort=0
Roteador Jangada – 189.52.77.26
Roteador Marabá – 189.16.176.6
UeM ADM – CPU Utilization
UeM ADM – Load
UeM GW – CPU Utilization
UeM GW – Load
*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.
Ipaudit Diário
- Sem informações relevantes -
Ipaudit Semanal (Top 10)
IP Host Name Incoming(bytes)
Outgoing(bytes)
Total(bytes)
200.243.057.005 uemnotes.uem.com.br 6,080,162,231 23,651,725,572 29,731,887,803
192.168.000.001 - 8,318,044,578 5,978,857,247 14,296,901,825
200.243.057.011 - 9,831,676,746 2,694,289,064 12,525,965,810
200.243.057.002 correio.uem.com.br 11,436,659,393 1,066,867,156 12,503,526,549
192.168.012.162 - 2,666,258,279 172,923,641 2,839,181,920
192.168.012.141 - 1,110,873,905 1,013,504,939 2,124,378,844
192.168.008.101 uemmbb249.uem.com.br 1,716,612,817 65,805,372 1,782,418,189
192.168.000.103 uemnotes.uem.com.br 476,960,492 1,212,096,535 1,689,057,027
192.168.000.107 uemantspam.uem.com.br 1,281,467,015 272,506,038 1,553,973,053
200.243.057.008 - 1,181,799,780 214,571,710 1,396,371,490
Squid Reports Semanal – 03/06/2012 a 10/06/2012
Squid Reports – TopSites
NUMACCESSED SITE CONNECT BYTES TIME
1 200.98.134.185 236.56K 122.76M 622.35K
2 s.glbimg.com 183.81K 576.31M 33.35M
3 au.download.windowsupdate.com 161.10K 5.79G 562.06M
4 s2.glbimg.com 138.51K 553.43M 38.82M
5 osce80-en.url.trendmicro.com 127.57K 86.49M 108.98M
6 gdata.youtube.com 99.39K 146.49M 490.34K
7 mail.yimg.com 89.81K 184.18M 13.97M
8 www.google-analytics.com 53.26K 35.88M 12.77M
9 www.google.com.br 36.57K 455.75M 55.20M
10 clients1.google.com.br 35.45K 26.79M 9.99M
11 pagead2.googlesyndication.com 32.18K 185.79M 18.99M
12 download.windowsupdate.com 28.00K 984.37M 247.26M
13 us.mg6.mail.yahoo.com 23.94K 43.33M 4.90M
14 safebrowsing-cache.google.com 23.19K 614.83M 51.16M
15 t3.gstatic.com 22.29K 155.46M 12.09M
16 t2.gstatic.com 22.28K 155.84M 11.08M
17 t1.gstatic.com 22.24K 155.89M 10.88M
18 t0.gstatic.com 22.09K 153.21M 9.31M
19 ads.img.globo.com 21.45K 100.90M 15.76M
20 www.lusakatimes.com 18.56K 123.71M 41.49M
Squid Reports – TopUsers
Squid Reports – Tentativas de acesso a Sites Indevidos
LOCAL ACESSADO IPwww.adorocoroas.com 192.168.13.130www.assistafilmesgratis.com 192.168.6.143 192.168.8.101 192.168.8.117 192.168.8.145 192.168.9.177www.assistatvgratis.in 192.168.8.101 192.168.8.117www.assistatvgratis.org 192.168.8.101 192.168.8.117www.assistatvonline.com 192.168.6.143 192.168.8.101 192.168.9.177www.assistindo.net 192.168.8.167www.assistir0800.com 192.168.8.167www.assistirfilmeshd.org 192.168.6.143www.assistirtvsonline.net 192.168.8.101www.baixaki.com.br 192.168.0.27 192.168.0.95 192.168.10.135 192.168.10.204 192.168.13.111 192.168.13.145 192.168.13.173 192.168.8.134 192.168.9.239www.baixandojogosgratis.com 192.168.8.101www.baixarfilmesdublados.net 192.168.0.92www.baixarmusicas.info 192.168.8.124www.baixegratis.net 192.168.0.19www.coelhinhasdobrasil.com 192.168.10.216www.ebuddy.com 192.168.0.67www.sexlog.com.br 192.168.8.114 192.168.9.194www.sexolandia.org 192.168.13.137connect.facebook.net 192.168.0.35 192.168.0.6 192.168.0.66 192.168.0.70 192.168.12.100 192.168.12.109 192.168.12.113 192.168.12.123 192.168.12.128 192.168.12.142facebook.adlesse.com 192.168.13.248 192.168.13.250facebook.conduitapps.com 192.168.0.174 192.168.10.235 192.168.10.236 192.168.12.122 192.168.12.130 192.168.12.148 192.168.12.162 192.168.12.203 192.168.12.206 192.168.12.207 192.168.12.221 192.168.12.227 192.168.12.233graph.facebook.com 192.168.12.100graph.facebook.com:443 192.168.0.6www.facebook.com 192.168.0.10 192.168.0.6 192.168.0.64 192.168.0.66 192.168.12.100 192.168.12.12 192.168.12.123 192.168.12.142 192.168.9.250www.facebook.com:443 192.168.0.6
Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.
Obs2: Todas as URLs acima relacionadas ao “facebook” estão sendo proibidas no momento.
Trend Micro - InterScan Messaging Security Suite
DADOS DO SISTEMA
NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.500.1005 9.500.1005 9.500.1005Virus pattern 9.185.00 9.185.00 9.173.00Spyware/grayware pattern 1.295.00 1.295.00 1.293.00IntelliTrap pattern 0.165.00 0.165.00 0.165.00IntelliTrap exceptions 0.773.00 0.773.00 0.773.00Anti-spam engine 6.800.1017 6.800.1017 6.800.1017Spam pattern 18962.007 18962.007 18934.001URL Filtering Engine 3.500.1047 3.000.1029 3.500.1047
GRÁFICOS – PERÍODO 03/06/2012 A 09/06/2012
Scanning ConditionsTotal Message % Incoming Outgoing
Total message count 92075 100.00 88459 3616
Virus or malicious code 5 0.01 5 0
Spyware/grayware 0 0.00 0 0
Spam 10995 11.94 10912 83
Phish 0 0.00 0 0
Suspicious URLs - Web Reputation 0 0.00 0 0
DKIM enforcement 0 0.00 0 0
Attachment 0 0.00 0 0
Size 46 0.05 37 9
Content 243 0.26 228 15
Compliance 0 0.00 0 0
Others 0 0.00 0 0
Scanning exceptions 9 0.01 2 7
Spam Tagged by Cloud Pre-Filter 0 0.00 0 0
IP Profiler 1623 1.76 1623 0
Email reputation 58818 63.88 58818 0
Clean email 20336 22.09 16834 3502
Trend Micro Email Encryption 0 0.00 0 0
Spam by Action
Spam ActionsDetections Message % Size (MB)
Total spam message count 71436 100.00 192.483
Quarantined 10995 15.39 192.483
Deleted 0 0.00 0.000
Tagged 10992 15.39 192.462
Other 0 0.00 0.000
Rejected by Email reputation 58818 82.34 N/A
Rejected by IP Profiler 1623 2.27 N/A
Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %
[email protected] 335 253 75.52 5.736 [email protected] 448 229 51.12 5.586 [email protected] 688 228 33.14 4.878 [email protected] 391 207 52.94 3.076 [email protected] 396 181 45.71 3.321 [email protected] 519 176 33.91 2.959 [email protected] 252 176 69.84 6.782 [email protected] 236 164 69.49 3.652 [email protected] 255 143 56.08 3.327 34.87
[email protected] 316 142 44.94 2.775 6.21
Virus and Malicious Code Summary
Detections Message %
Total detections 5 100.00
Messages deleted 0 0.00
Messages quarantined 5 100.00
Attachments cleaned 0 0.00
Messages with attachments deleted 5 100.00
Messages blocked by IP Profiler 0 0.00
Top 10 Virus and Malicious Code Detections1TROJ_AGENT.BCOO 22JS_NIMDA.A-1 23TSPY_ZBOT.SMKU 14N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0
10N/A 0
CACTI – Gráficos
Período de 04/06/2012 a 11/06/2012
UEMFS
UEMICA
* Elevação de carga no dia 31/05 (quinta-feira)
UEMNOTES
UEMPRD
UEMRMSA
Nagios
Disponibilidade – últimos 7 dias
Host Service % Time OK% Time Warning
% Time Unknown
% Time Critical
% Time Undetermined
internet_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
link-carajas Rede_Ping90.392% (90.392%)
0.000% (0.000%)
0.000% (0.000%)
9.608% (9.608%)
0.000%
link-ebt-jangada Rede_Ping97.976% (97.976%)
0.000% (0.000%)
0.000% (0.000%)
2.024% (2.024%)
0.000%
link-ebt-maraba Rede_Ping99.940% (99.940%)
0.000% (0.000%)
0.000% (0.000%)
0.060% (0.060%)
0.000%
link-jangada Rede_Ping62.258% (62.258%)
0.000% (0.000%)
0.000% (0.000%)
37.742% (37.742%)
0.000%
link-juruti Rede_Ping99.365% (99.365%)
0.000% (0.000%)
0.000% (0.000%)
0.635% (0.635%)
0.000%
uem1_Rede_Ping99.480% (99.480%)
0.000% (0.000%)
0.000% (0.000%)
0.520% (0.520%)
0.000%
link-riocapim Rede_Ping99.728% (99.728%)
0.000% (0.000%)
0.000% (0.000%)
0.272% (0.272%)
0.000%
uem1_Rede_Ping99.919% (99.919%)
0.000% (0.000%)
0.000% (0.000%)
0.081% (0.081%)
0.000%
link-yamana Rede_Ping99.983% (99.983%)
0.000% (0.000%)
0.000% (0.000%)
0.017% (0.017%)
0.000%
uem1_Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
nagios_remoto Rede_Http99.955% (99.955%)
0.000% (0.000%)
0.000% (0.000%)
0.045% (0.045%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
router_cisco Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Telnet100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-119 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-120 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-B Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-C Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-D Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-E Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-F Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-adm Local_Carga99.950% (99.950%)
0.050% (0.050%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:82100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-gw Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_backup100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_bkpremoto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_pessoal
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_public
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_ponto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_restrito
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Dns100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ftp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:81100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Squid:3128100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Local_Disk_ftp_public
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Local_Disk_home_ponto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemantspam-imss Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemap-aplicacao Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembdcRede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembes-blackberry Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_LotusDomino100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemdev Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemfs-fileserver Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemica-metaframe Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Metaframe100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Metaframe
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_TS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemmine-database Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemnotes-correio Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ldap100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Smtp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Smtp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemprd Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemrmsa-database Rede_Oracle100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Oracle100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemvm-vmware Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vm-isodoc Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Postgresql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Postgresql
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Average99.451% (99.451%)
0.001% (0.001%)
0.000% (0.000%)
0.548% (0.548%)
0.000%
NTOP
Indisponível no momento
Trend Micro - Office Scan
Update Status for Networked Computers
* itens marcados com a cor amarela possuem a mesma versão da semana anterior
Top 10 Security Risk Statistics for Networked Computers
Virus/Malware Statistics:
Virus/Malware
Name Infections
TROJ_STARTER.SM 55
TSC_GENCLEAN 50
PE_VIRUX.R-2 42
WORM_AUTORUN.SMI 34
Cryp_Yodap 28
LNK_DORKBOT.SMC 24
TROJ_FAKEAV.SMUP 20
PE_VIRUX.R-1 19
PE_DUNDUN.A 14
PAK_Generic.012 14
Last reset:22/5/2012 16:11:20
Infected Computers
Name Detections Log
UEM-SAFETY 107 View
UEMZMMNT10 82 View
UEMOP804 43 View
UEMFS 42 View
LENOVO-B044638B 36 View
UEMMBB151 28 View
UEMOP921 11 View
UEMMBB230 10 View
UEMOP928 9 View
UEMOP725 8 View
Last reset:22/5/2012 16:11:49
Infection Source
Name Detections
HP-DISPATCH2\ADMINISTRATOR 1210
HP33671896628\EDWIN SIKAKENA 349
HP33671896628\OLIVER CHILESHE 105
HP33671896628\GILLY NYIRENDA 98
192.168.9.242\ADMINISTRADOR 70
HP33671896628\LOMBE CHOMBA 64
U-92CFD590AD0D4\MAINTENANCE 45
192.168.4.12\KEILLA REGINA 35
192.168.9.38\ADMINISTRADOR 34
UEMOP856\LUCIANO RODRIGUES 30
Spyware/Grayware Statistics:
Spyware/Grayware
Name Infections
HKTL_CRACKCF 5
CRCK_KEYGEN 3
Dialer_PlayGames 1
Last reset:22/5/2012 16:11:57
Infected Computers
Name Detections Log
UEMOP928 5 View
UEMMBB245 2 View
UEMOP511 1 View
UEMOP973 1 View
Last reset:22/5/2012 16:12:04