Ian Cumes 23236
(20 puntos) Utilizando httpie, hagan una solicitud de HTTP al servidor


HTTP/1.1 301 Moved Permanently
CF-RAY: 911178ee29d7743a-MIA
Connection: keep-alive
Content-Type: text/html
Date: Thu, 13 Feb 2025 02:43:42 GMT
Location: https://nrywhite.lat/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hHJt8uH7WglbkP%2Fi6udftogxFeUYZgWdIm%2B2bPPLJZdE4vOm7B0j0MX%2BF1zhyKlE6gOVz22UITWRIo4Vckk%2F3KT%2B7Tmax5nec6EGUIZ4yNa60f%2F2X0Hk%2Bv8NxjgwvvE%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
server-timing: cfL4;desc="?proto=TCP&rtt=91643&min_rtt=91643&rtt_var=45821&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=133&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.24.0 (Ubuntu)</center>
</body>
</html>



(10 puntos) Utilizando curl, hagan una solicitud de HTTP al servidor


* Host nrywhite.lat:80 was resolved.
* IPv6: 2606:4700:3030::6815:7001, 2606:4700:3030::6815:2001, 2606:4700:3030::6815:6001, 2606:4700:3030::6815:4001, 2606:4700:3030::6815:1001, 2606:4700:3030::6815:5001, 2606:4700:3030::6815:3001
* IPv4: 104.21.96.1, 104.21.112.1, 104.21.16.1, 104.21.32.1, 104.21.48.1, 104.21.80.1, 104.21.64.1
*   Trying 104.21.96.1:80...
* Connected to nrywhite.lat (104.21.96.1) port 80
> GET / HTTP/1.1
> Host: nrywhite.lat
> User-Agent: curl/8.5.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 13 Feb 2025 02:45:41 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: https://nrywhite.lat/
< cf-cache-status: DYNAMIC
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OnYqNvA70RwbSY%2BkyzgGObyVWLPGTeguGSiXIMjH3NBoOn2XIkHnqhydQvmWD6BtdBvY%2Bs4pp%2FvRQqAdXAOYRAepcCoCh5l4%2FelDXx%2FEn2gmslZ7otrOHtRjgEBij7k%3D"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 91117bd508cf7461-MIA
< alt-svc: h3=":443"; ma=86400
< server-timing: cfL4;desc="?proto=TCP&rtt=91748&min_rtt=91748&rtt_var=45874&sent=1&recv=2&lost=0&retrans=0&sent_bytes=0&recv_bytes=75&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
< 
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.24.0 (Ubuntu)</center>
</body>
</html>
* Connection #0 to host nrywhite.lat left intact


(10 puntos) Utilizando tail dentro del servidor, obtengan las últimas 15 líneas del archivo /var/log/nginx/access.log

172.68.76.131 - - [13/Feb/2025:02:42:22 +0000] "GET /23525/lab2/Lab%202%20-%20Administracion%20de%20servidore%20-%2023525.txt HTTP/1.1" 200 17447 "https://nrywhite.lat/23525/lab2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0"
172.70.83.173 - - [13/Feb/2025:02:43:42 +0000] "GET / HTTP/1.1" 301 178 "-" "HTTPie/3.2.2"
172.70.83.146 - - [13/Feb/2025:02:43:58 +0000] "GET / HTTP/1.1" 200 2701 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Mobile/15E148 Safari/604.1"
172.70.83.174 - - [13/Feb/2025:02:45:41 +0000] "GET / HTTP/1.1" 301 178 "-" "curl/8.5.0"
162.158.11.149 - - [13/Feb/2025:02:46:02 +0000] "GET / HTTP/1.1" 200 2701 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
162.158.11.147 - - [13/Feb/2025:02:46:03 +0000] "GET /banners/cositas.jpg HTTP/1.1" 304 0 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
162.158.11.154 - - [13/Feb/2025:02:46:03 +0000] "GET /banners/snoopy.gif HTTP/1.1" 304 0 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
162.158.11.150 - - [13/Feb/2025:02:46:12 +0000] "GET /favicon.ico HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
172.68.76.160 - - [13/Feb/2025:02:46:12 +0000] "GET / HTTP/1.1" 200 2701 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0"
162.158.170.246 - - [13/Feb/2025:02:49:21 +0000] "GET /23079/ HTTP/1.1" 200 225 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1"

(10 puntos) Utilizando ps y grep identifiquen qué procesos está corriendo amazon dentro del servidor


root         542  0.0  1.2 1759116 12400 ?       Ssl  Feb12   0:02 /snap/amazon-ssm-agent/9881/amazon-ssm-agent
root         914  0.0  2.1 1850868 20924 ?       Sl   Feb12   0:10 /snap/amazon-ssm-agent/9881/ssm-agent-worker
ubuntu     80572  0.0  0.2   6944  2176 pts/1    S+   02:51   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn -i amazon


(10 puntos) Utilizando dig dentro del servidor, obtengan la ip que resuelve al hacer un dns lookup uvg.edu.gt


Primera Ip 45.223.155.41, Segunda Ip 45.223.56.41


(5 puntos) Cuanta memoria RAM, total usada y libre, tiene el servidor? (su respuesta debe estar en MB)


               total        used        free      shared  buff/cache   available
Mem:             957         530         236          71         431         427


(5 puntos) Cuanta espacio de disco, total usado y disponible, tiene el servidor? (su respuesta debe estar en MB)

Filesystem     1M-blocks  Used Available Use% Mounted on
/dev/root          28691  8650     20025  31% /
tmpfs                479    71       409  15% /dev/shm
tmpfs                192     2       191   1% /run
tmpfs                  5     0         5   0% /run/lock
/dev/xvda16          881    76       744  10% /boot
/dev/xvda15          105     7        99   6% /boot/efi
tmpfs                 96     1        96   1% /run/user/1000


(5 puntos) Utilizando el comando ip obtengan la ip del servidor

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enX0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP group default qlen 1000
    link/ether 0a:ff:d6:c1:6d:a5 brd ff:ff:ff:ff:ff:ff
    inet 172.31.31.175/20 metric 100 brd 172.31.31.255 scope global dynamic enX0
       valid_lft 2303sec preferred_lft 2303sec
    inet6 fe80::8ff:d6ff:fec1:6da5/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:b0:10:3a:1f brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:b0ff:fe10:3a1f/64 scope link 
       valid_lft forever preferred_lft forever
5: veth3e2c6fb@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether de:40:60:4d:bf:ef brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::dc40:60ff:fe4d:bfef/64 scope link 
       valid_lft forever preferred_lft forever

(10 puntos) lsof lista los archivos abiertos. Identifiquen los archivos abiertos por el protocolo TCP en el puerto 80


COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   66702     root    5u  IPv4 190481      0t0  TCP *:http (LISTEN)
nginx   66702     root    7u  IPv6 190483      0t0  TCP *:http (LISTEN)
nginx   66704 www-data    5u  IPv4 190481      0t0  TCP *:http (LISTEN)
nginx   66704 www-data    7u  IPv6 190483      0t0  TCP *:http (LISTEN)


(20 puntos) Utilizando netstat, listen los puertos por los que está escuchando el servidor. Deben filtrar usando las siguientes opciones de netstat (esto es un solo comando con estas opciones):
tcp
udp
numeric (muestra los puertos por número)
program (muestra qué programa es el que está escuchando)


Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.54:53           0.0.0.0:*               LISTEN      309/systemd-resolve 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      309/systemd-resolve 
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      66702/nginx: master 
tcp        0      0 0.0.0.0:90              0.0.0.0:*               LISTEN      1136/docker-proxy   
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      66702/nginx: master 
tcp6       0      0 :::10                   :::*                    LISTEN      1/init              
tcp6       0      0 :::90                   :::*                    LISTEN      1143/docker-proxy   
tcp6       0      0 :::80                   :::*                    LISTEN      66702/nginx: master 
udp        0      0 127.0.0.1:323           0.0.0.0:*                           613/chronyd         
udp        0      0 127.0.0.54:53           0.0.0.0:*                           309/systemd-resolve 
udp        0      0 127.0.0.53:53           0.0.0.0:*                           309/systemd-resolve 
udp        0      0 172.31.31.175:68        0.0.0.0:*                           480/systemd-network 
udp6       0      0 ::1:323                 :::*                                613/chronyd