Post on 04-Jul-2020
Relatório Semanal U&M - InvestLinux – 12/12/2011
Uptime / Last OK
Espaço em Disco OK
Dmesg OK
Logs OK
Dat Anti-Vírus OK
Top - Memória / Processos / Carga OK
Processos OK
Portas Tcp Udp Abertas OK
MRTG - Tráfego OK
MRTG - Processador OK
Ipaudit Diário OK
Ipaudit Semanal OK
Squid Reports - TopSites OK
Squid Reports - TopUsers OK
Nagios - Disponibilidade HTTP 100,00%
Nagios - Disponibilidade SMTP 100,00%
Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas
[root@uem-gw]# uptime 10:56:03 up 31 days, 29 min, 1 user, load average: 0.47, 0.49, 0.63
[root@uem-gw]# last | sort -k 3 | moreuem ftpd11625 189.3.236.211 Fri Dec 2 11:46 - 11:55 (00:09) uem ftpd11624 189.3.236.211 Fri Dec 2 11:46 - 11:56 (00:10) uem ftpd11951 189.3.236.211 Fri Dec 2 11:54 - 12:05 (00:10) uem ftpd14143 189.3.236.211 Fri Dec 2 12:27 - 12:30 (00:02) uem ftpd21442 189.3.236.211 Fri Dec 9 14:26 - 14:27 (00:01) uem ftpd23399 189.3.236.211 Mon Dec 5 16:22 - 16:24 (00:01) uem ftpd24699 189.3.236.211 Mon Dec 5 17:08 - 17:18 (00:10) uem ftpd24700 189.3.236.211 Mon Dec 5 17:08 - 17:18 (00:10) uem ftpd24720 189.3.236.211 Mon Dec 5 17:09 - 17:19 (00:10) uem ftpd24721 189.3.236.211 Mon Dec 5 17:09 - 17:20 (00:10) uem ftpd24732 189.3.236.211 Mon Dec 5 17:10 - 17:20 (00:10) uem ftpd24731 189.3.236.211 Mon Dec 5 17:10 - 17:23 (00:13) uem ftpd24789 189.3.236.211 Mon Dec 5 17:11 - 17:12 (00:00) uem ftpd24788 189.3.236.211 Mon Dec 5 17:11 - 17:23 (00:11) uem ftpd24818 189.3.236.211 Mon Dec 5 17:12 - 17:12 (00:00) uem ftpd29021 189.3.236.211 Mon Dec 5 18:19 - 18:29 (00:10) uem ftpd29728 189.3.236.211 Sat Dec 10 11:29 - 11:32 (00:03) uem ftpd29725 189.3.236.211 Sat Dec 10 11:29 - 11:39 (00:10) uem ftpd29902 189.3.236.211 Sat Dec 10 11:30 - 11:30 (00:00) uem ftpd29877 189.3.236.211 Sat Dec 10 11:30 - 11:40 (00:10) uem ftpd14369 189.3.236.211 Thu Dec 8 11:05 - 11:05 (00:00) uem ftpd14370 189.3.236.211 Thu Dec 8 11:05 - 11:15 (00:10) uem ftpd14508 189.3.236.211 Thu Dec 8 11:08 - 11:09 (00:00) uem ftpd20050 189.3.236.211 Thu Dec 8 12:15 - 12:24 (00:08) uem ftpd32350 189.3.236.211 Tue Dec 6 08:42 - 08:43 (00:00) uem ftpd15790 189.3.236.211 Wed Dec 7 08:32 - 08:35 (00:02) uem ftpd23558 189.84.30.195 Mon Dec 12 08:48 - 08:57 (00:09) uem ftpd23563 189.84.30.195 Mon Dec 12 08:48 - 08:58 (00:09) uem ftpd5129 189-93-209-30.3g Thu Dec 8 15:46 - 15:56 (00:09) uem ftpd5134 189-93-209-30.3g Thu Dec 8 15:46 - 15:57 (00:10) uem ftpd5202 189-93-209-30.3g Thu Dec 8 15:48 - 15:48 (00:00) root pts/1 192.168.0.11 Tue Dec 6 11:47 - 11:54 (00:06) root pts/1 192.168.0.11 Tue Dec 6 12:04 - 13:13 (01:08) root pts/1 192.168.0.11 Tue Dec 6 15:00 - 15:36 (00:35) root pts/1 192.168.0.11 Tue Dec 6 17:37 - 18:00 (00:23) uem-adm pts/0 192.168.0.189 Thu Dec 1 12:02 - 13:07 (01:04) free ftpd856 192.168.0.23 Thu Dec 8 14:54 - 14:54 (00:00) uem ftpd626 192.168.6.152 Sat Dec 3 11:24 - 11:24 (00:00) uem ftpd627 192.168.6.152 Sat Dec 3 11:24 - 11:34 (00:10) uem ftpd651 192.168.6.152 Sat Dec 3 11:27 - 11:27 (00:00) uem ftpd657 192.168.6.152 Sat Dec 3 11:27 - 11:27 (00:00) uem ftpd656 192.168.6.152 Sat Dec 3 11:27 - 11:37 (00:10)
Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 21G 15G 58% /varrun 1014M 264K 1014M 1% /var/runvarlock 1014M 0 1014M 0% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 16G 32G 34% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 6,2G 14G 31% /ftp/Pessoal//192.168.0.105/Public 200G 121G 80G 61% /ftp/Public//192.168.0.105/Restrito 200G 121G 80G 61% /home/Restrito//192.168.0.100/CorporeRM 47G 18G 29G 39% /home/ponto//192.168.0.105/BKP-linux 30G 12G 19G 37% /backup-remoto
Dmesg
Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -
Logs
Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )
Dat Anti-Vírus
[root@uem-gw]# freshclamClamAV update process started at Mon Dec 12 10:59:25 2011main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)daily.cld is up to date (version: 14116, sigs: 51522, f-level: 60, builder: guitar)bytecode.cld is up to date (version: 155, sigs: 39, f-level: 60, builder: edwin)
ClamAV update process started at Mon Dec 5 21:34:33 2011 main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cld is up to date (version: 14076, sigs: 43257, f-level: 60, builder: jesler) bytecode.cld is up to date (version: 154, sigs: 38, f-level: 60, builder: edwin)
Top - Memória / Processos / Carga- Sem informações relevantes -
Processos- Sem informações relevantes -
Portas Tcp Udp Abertas
[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6718/postgrey.pid -tcp 0 0 192.168.0.1:5666 *:* LISTEN 7094/nrpe tcp 0 0 *:rsync *:* LISTEN 7336/rsync tcp 0 0 localhost:mysql *:* LISTEN 6635/mysqld tcp 0 0 *:webmin *:* LISTEN 8428/perl tcp 0 0 *:81 *:* LISTEN 4462/apache2 tcp 0 0 10.0.0.29:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.27:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.25:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.23:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.21:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.19:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.17:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.15:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.13:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.11:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.9:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.7:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.3:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.5:domain *:* LISTEN 4378/named tcp 0 0 10.0.0.1:domain *:* LISTEN 4378/named tcp 0 0 192.168.1.1:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.12:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.50:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.11:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.10:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.9:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.8:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.7:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.6:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.4:domain *:* LISTEN 4378/named tcp 0 0 200.243.57.3:domain *:* LISTEN 4378/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 4378/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 4378/named tcp 0 0 192.168.0.1:domain *:* LISTEN 4378/named tcp 0 0 localhost:domain *:* LISTEN 4378/named tcp 0 0 *:ftp *:* LISTEN 21046/proftpd: (acctcp 0 0 *:ssh *:* LISTEN 6532/sshd tcp 0 0 *:3128 *:* LISTEN 5967/(squid) tcp 0 0 localhost:953 *:* LISTEN 4378/named
tcp 0 0 *:smtp *:* LISTEN 7317/master tcp 0 0 *:1723 *:* LISTEN 7322/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7336/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 4378/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6532/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 9243/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 4378/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.
root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6718/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 7094/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7336/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6635/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 8428/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 4462/apache2 tcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.12:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4378/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 21046/proftpd: (acctcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6532/sshd tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 5967/(squid) tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4378/named tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7317/master tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7322/pptpd tcp6 0 0 :::873 :::* LISTEN 7336/rsync tcp6 0 0 :::53 :::* LISTEN 4378/named tcp6 0 0 :::22 :::* LISTEN 6532/sshd tcp6 0 0 :::3000 :::* LISTEN 9243/ntop tcp6 0 0 ::1:953 :::* LISTEN 4378/namedObs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.
MRTG - Tráfego*
Internet – eth1
Roteador Embratel
VPN Embratel – eth2
VPN Yamana – tun1
VPN Juruti
VPN Rio Capim – tun4
VPN Zâmbia – tun6
Roteador Jangada189.52.77.26
Roteador Marabá – 189.16.176.6
UeM ADM – CPU Utilization
UeM ADM – Load
UeM GW – CPU Utilization
UeM GW – Load
*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.
Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.
Ipaudit Diário
- Sem informações relevantes -
Ipaudit Semanal (Top 10)
IP Host Name Incoming(bytes)
Outgoing(bytes)
Total(bytes)
200.243.057.005 uemnotes.uem.com.br 2,773,413,176 7,785,243,121 10,558,656,297
192.168.000.001 - 1,070,448,658 5,608,438,308 6,678,886,966
200.243.057.002 correio.uem.com.br 4,791,653,244 528,590,726 5,320,243,970
200.243.057.008 - 3,891,075,844 308,113,238 4,199,189,082
200.243.057.011 - 1,400,806,182 763,532,533 2,164,338,715
192.168.000.103 uemnotes.uem.com.br 781,243,950 951,811,849 1,733,055,799
192.168.000.023 - 1,633,357,130 61,319,587 1,694,676,717
192.168.000.011 - 1,484,258,968 31,835,468 1,516,094,436
192.168.000.107 uemantspam.uem.com.br 998,697,247 287,243,244 1,285,940,491
192.168.000.105 uemfs.uem.com.br 90,331,970 911,355,714 1,001,687,684
Squid Reports Semanal – 04/12/2011 a 11/12/2011
Squid Reports – TopSites
NUM ACCESSED SITE CONNECT BYTES TIME
1 s.glbimg.com 192.95K 687.43M 35.45M
2 osce80-en.url.trendmicro.com 106.42K 71.52M 47.15M
3 mail.yimg.com 80.56K 185.36M 10.82M
4 au.download.windowsupdate.com 59.71K 2.08G 209.93M
5 www.google-analytics.com 47.10K 32.96M 6.05M
6 s0.2mdn.net 37.03K 104.06M 12.03M
7 s2.glbimg.com 36.35K 129.95M 11.01M
8 www.google.com.br 33.92K 328.42M 41.06M
9 clients1.google.com.br 29.66K 33.38M 9.03M
10 pagead2.googlesyndication.com 27.45K 139.34M 10.09M
11 download.windowsupdate.com 25.87K 1.06G 63.03M
12 br.mg1.mail.yahoo.com 24.98K 46.82M 3.18M
13 www.lusakatimes.com 23.99K 130.57M 24.98M
14 ads.img.globo.com 23.17K 150.53M 15.83M
15 p2.trrsf.com.br 20.19K 35.47M 6.47M
16 safebrowsing-cache.google.com 19.37K 206.44M 12.63M
17 g.ceipmsn.com 19.30K 27.58M 434.66K
18 us.mg6.mail.yahoo.com 19.08K 35.70M 2.30M
19 www.bb.com.br 17.17K 52.49M 4.07M
20 ad.doubleclick.net 16.88K 25.54M 5.13M
Squid Reports – TopUsers
Squid Reports – Tentativas de acesso a Sites Indevidos
LOCAL ACESSADO IPwww.adultoafiliados.com.br 192.168.10.101www.adulttrafficads.com 192.168.12.114www.adulttraffictrade.com 192.168.12.114www.capitalsexy.com.br 192.168.0.171www.megaporn.com 192.168.10.101www.pornwave.com 192.168.10.225www.toxicporno.com 192.168.12.114www.ebonydirtygirls.com 192.168.12.114
Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.
Trend Micro - InterScan Messaging Security Suite
DADOS DO SISTEMA
NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.500.1005 9.500.1005 9.200.1012Virus pattern 8.639.00 8.639.00 8.623.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.163.00 0.163.00 0.161.00IntelliTrap exceptions 0.719.00 0.719.00 0.717.00Anti-spam engine 6.8.1017 6.8.1017 6.8.1017Spam pattern 18578.000 18578.000 18562.003IMSS Version 7.0-Build_Linux_3216 N/A
ESTATÍSTICAS
PERÍODO: ÚLTIMOS 7 DIAS
RESUMO
Scanning Conditions Total %Malicious code 3 0%Spyware/grayware 0 0%Spam 14041 23.14%Phish 1 0%Attachment 0 0%Size 62 0.1%Content 772 1.27%Others 0 0%Scanning exceptions 75 0.12%
GRÁFICOS – PERÍODO 04/12/2011 A 10/12/2011Spam by Action
Spam ActionsDetections Message % Size (MB)
Total spam message count 34611 100.00 289.801
Quarantined 802 2.32 20.070
Deleted 12927 37.35 269.731
Tagged 13729 39.67 289.801
Other 0 0.00 0.000
Rejected by NRS 20882 60.33 N/A
Rejected by IP Profiler 0 0.00 N/A
Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %
1diretoria@uem.com.br 574 327 56.97 5.410 17.702claudia.santos@uem.com.br 403 257 63.77 4.870 31.853comercial@uem.com.br 457 248 54.27 3.668 5.874rosenilson.henriques@uem.com.br 961 228 23.73 7.463 15.635informatica@uem.com.br 836 225 26.91 3.120 0.596clovis@uem.com.br 326 204 62.58 6.911 24.927bruna.resende@uem.com.br 390 203 52.05 6.896 16.198ricardo@uem.com.br 297 199 67.00 3.913 51.909jamily.fazza@uem.com.br 279 189 67.74 2.290 46.17
10almeida@uem.com.br 245 186 75.92 6.684 80.08
Virus and Malicious Code Summary
Detections Message %
Total detections 2 100.00
Messages deleted 2 100.00
Messages quarantined 0 0.00
Attachments cleaned 0 0.00
Messages with attachments deleted 0 0.00
Messages blocked by IP Profiler 0 0.00
Top 10 Virus and Malicious Code Detections1WORM_Mydoom.DAM 12WORM_MYDOOM.GEN 13N/A 04N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0
10N/A 0
Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %
1tatiana.assis@uem.com.br 378 2 0.53 0.079 0.172N/A 0 0 0.00 0.000 0.003N/A 0 0 0.00 0.000 0.004N/A 0 0 0.00 0.000 0.005N/A 0 0 0.00 0.000 0.006N/A 0 0 0.00 0.000 0.007N/A 0 0 0.00 0.000 0.008N/A 0 0 0.00 0.000 0.009N/A 0 0 0.00 0.000 0.00
10N/A 0 0 0.00 0.000 0.00
CACTI – Gráficos
Período de 05/12/2011 a 12/12/2011
UEMFS
UEMICA
UEMNOTES
UEMPRD
UEMRMSA
Nagios
Disponibilidade – últimos 7 dias
Host Service % Time OK% Time Warning
% Time Unknown
% Time Critical
% Time Undetermined
internet_embratel Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
link-jangada Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
link-juruti Rede_Ping88.058% (88.058%)
0.346% (0.346%)
0.000% (0.000%)
11.596% (11.596%)
0.000%
uem1_Rede_Ping97.906% (97.906%)
0.198% (0.198%)
0.000% (0.000%)
1.896% (1.896%)
0.000%
link-riocapim Rede_Ping81.831% (81.831%)
0.000% (0.000%)
0.000% (0.000%)
18.169% (18.169%)
0.000%
uem1_Rede_Ping81.833% (81.833%)
0.000% (0.000%)
0.000% (0.000%)
18.167% (18.167%)
0.000%
link-yamana Rede_Ping91.235% (91.235%)
0.031% (0.031%)
0.000% (0.000%)
8.734% (8.734%)
0.000%
uem1_Rede_Ping95.504% (95.504%)
0.000% (0.000%)
0.000% (0.000%)
4.496% (4.496%)
0.000%
link-zambia Rede_Ping75.964% (75.964%)
0.000% (0.000%)
0.000% (0.000%)
24.036% (24.036%)
0,00%
uem1_Rede_Ping80.801% (80.801%)
0.000% (0.000%)
0.000% (0.000%)
19.199% (19.199%)
0.000%
nagios_remoto Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
router_cisco Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Telnet100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-119 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
storage-120 Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-B Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-C Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-D Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-E Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
switch-3com-F Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-adm Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:82100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem-gw Local_Carga100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_Root100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_backup100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_bkpremoto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_pessoal
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_ftp_public
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_ponto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Disk_home_restrito
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Processos100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Local_Users100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Dns100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ftp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Http:81100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SSH100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Squid:3128100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Local_Disk_ftp_public
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Local_Disk_home_ponto
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemantspam-imss Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendImss100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TrendPolices100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemap-aplicacao Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembdcRede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping99.950% (99.950%)
0.050% (0.050%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Active Directory
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uembes-blackberry Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_LotusDomino100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemdev Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemfs-fileserver Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_NetBios100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemica-metaframe Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Metaframe100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_TS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Metaframe
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_TS100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemmine-database Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Sql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemnotes-correio Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ldap100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Smtp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Https100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Smtp100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemprd Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_SAP100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemrmsa-database Rede_Oracle100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Oracle100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uemvm-vmware Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
vm-isodoc Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Ping100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Rede_Postgresql100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Http100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
uem1_Rede_Postgresql
100.000% (100.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000% (0.000%)
0.000%
Average98.825% (98.825%)
0.007% (0.007%)
0.000% (0.000%)
1.168% (1.168%)
0.000%
NTOP
Trend Micro - Office Scan
Update Status for Networked Computers
* itens marcados com a cor amarela possuem a mesma versão da semana anterior
Top 10 Security Risk Statistics for Networked Computers
Virus/Malware Statistics:
Virus/Malware
Name Infections
HTML_IFRAME.AUO 13927
Mal_Otorun1 4156
PE_MABEZAT.B-O 3835
TSC_GENCLEAN 2869
PE_SALITY.EN-1 1771
PAK_Generic.001 1694
Mal_Sality 1614
EXPL_CPLNK.SM 1315
PE_VIRUX.R 1284
WORM_OTOIT.SMT 1257
Infected Computers
Name Detections Log
HP21900126961 2036 View
HP-DISPATCH1 2023 View
UEMPABX 1274 View
UEMOP503 945 View
UEMFS 914 View
UEMOP706 788 View
UEMZMSURVEY 682 View
UEMOP807 576 View
UEMMBB312 465 View
UEMOP509 447 View
Infection Source
Name Detections
HP-DISPATCH2\ADMINISTRATOR 1169
HP33671896628\EDWIN SIKAKENA 349
HP33671896628\OLIVER CHILESHE 105
HP33671896628\GILLY NYIRENDA 98
192.168.9.242\ADMINISTRADOR 70
HP33671896628\LOMBE CHOMBA 64
U-92CFD590AD0D4\MAINTENANCE 45
192.168.4.12\KEILLA REGINA 35
192.168.9.38\ADMINISTRADOR 34
192.168.12.124\EAMONN BROWNE 22
Spyware/Grayware Statistics:
Spyware/Grayware
Name Infections
CRCK_KEYGEN 1348
HKTL_ULTRASURF 1190
SPYW_ARDAKEY 285
GRAY_Gen 177
GRAY_GEN.0Z1013S 71
ADW_SAVENOW.BO 29
ADW_YABECTOR.SM 26
HKTL_USURF 25
CRCK_JBEAN 23
GRAY_Sml 22
Infected Computers
Name Detections Log
UEMPABX 286 View
UEMFS 218 View
UEMICA 71 View
UEMNOTES 28 View
UEMMBB45 23 View
UEMOP957 7 View
UEMOP404 6 View
UEMOP954 6 View
UEMOP807 5 View
UEMOP416 5 View