Lab 2
Ricardo Arturo Godinez Sanchez #23247

(20 puntos) Utilizando httpie, hagan una solicitud de HTTP al servidor

http localhost
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 12 Feb 2025 02:20:40 GMT
ETag: W/"67ac0428-29e"
Last-Modified: Wed, 12 Feb 2025 02:15:04 GMT
Server: nginx/1.24.0 (Ubuntu)
Transfer-Encoding: chunked

<!doctype html>
<html lang="en">

<head>
  <meta charset="UTF-8" />
  <link rel="icon" type="image/svg+xml" href="/vite.svg" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>De pollos</title>


  <link rel="preconnect" href="https://fonts.googleapis.com">
  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  <link href="https://fonts.googleapis.com/css2?family=Jersey+10&display=swap" rel="stylesheet">

  <script type="module" crossorigin src="/assets/index-Ne7a820_.js"></script>
  <link rel="stylesheet" crossorigin href="/assets/index-DbkZrYDd.css">
</head>

<body>
  <div id="root"></div>
</body>
</html>


//////////////////////////////////////////////////////////////////////
(10 puntos) Utilizando curl, hagan una solicitud de HTTP al servidor

curl http://localhost
<!doctype html>
<html lang="en">

<head>
  <meta charset="UTF-8" />
  <link rel="icon" type="image/svg+xml" href="/vite.svg" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>De pollos</title>


  <link rel="preconnect" href="https://fonts.googleapis.com">
  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  <link href="https://fonts.googleapis.com/css2?family=Jersey+10&display=swap" rel="stylesheet">

  <script type="module" crossorigin src="/assets/index-Ne7a820_.js"></script>
  <link rel="stylesheet" crossorigin href="/assets/index-DbkZrYDd.css">
</head>

<body>
  <div id="root"></div>
</body>

</html>


///////////////////////////////////////////////////////////////////////////////////////////
(10 puntos) Utilizando tail dentro del servidor, obtengan las últimas 15 líneas del archivo /var/log/nginx/access.log

tail -n 15 /var/log/nginx/access.log
162.158.11.158 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/kys-furry.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.148 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/Hoguera.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.156 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/mountain.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.155 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/aurora.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.155 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/abstract.jpg HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.155 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/ocean.jpg HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.147 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/nature.jpg HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.159 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/forest.jpg HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.147 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/desert.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.154 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/sunset.jpeg HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.156 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/space.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.157 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/dsremake.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.155 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/blackhole.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.151 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/cityscape.gif HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
162.158.11.155 - - [12/Feb/2025:02:27:05 +0000] "GET /var/www/htmlbanners/skyline.jpg HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"


//////////////////////////////////////////////////////////////////////////////////////////
(10 puntos) Utilizando ps y grep identifiquen qué procesos está corriendo amazon dentro del servidor

 ps aux | grep amazon
root      126554  0.0  1.4 1759116 14536 ?       Ssl  Feb10   0:07 /snap/amazon-ssm-agent/9881/amazon-ssm-agent
root      126579  0.0  1.9 1850868 19192 ?       Sl   Feb10   0:26 /snap/amazon-ssm-agent/9881/ssm-agent-worker
ubuntu    252056  0.0  0.2   7076  2048 pts/16   S+   02:30   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn amazon
-------------------------------------------------------------------------------------------
ps aux | grep -E "aws|amazon|ec2|s3|cloud"
root        1327  0.0  0.5  12020  4992 ?        Ss   Feb09   0:00 sshd: /usr/sbin/sshd -D -o AuthorizedKeysCommand /usr/share/ec2-instance-connect/eic_run_authorized_keys %u %f -o AuthorizedKeysCommandUser ec2-instance-connect [listener] 0 of 10-100 startups
root      126554  0.0  1.4 1759116 14536 ?       Ssl  Feb10   0:07 /snap/amazon-ssm-agent/9881/amazon-ssm-agent
root      126579  0.0  1.9 1850868 19192 ?       Sl   Feb10   0:26 /snap/amazon-ssm-agent/9881/ssm-agent-worker
ubuntu    252124  0.0  0.2   7080  2048 pts/16   S+   02:31   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn -E aws|amazon|ec2|s3|cloud


///////////////////////////////////////////////////////////////////////////////////////////
(10 puntos) Utilizando dig dentro del servidor, obtengan la ip que resuelve al hacer un dns lookup uvg.edu.gt

dig +short uvg.edu.gt
45.223.155.41
45.223.56.41


///////////////////////////////////////////////////////////////////////////////////////////
(5 puntos) Cuanta memoria RAM, total usada y libre, tiene el servidor? (su respuesta debe estar en MB)

 free -m
               total        used        free      shared  buff/cache   available
Mem:             957         642          86          60         467         315
Swap:              0           0           0


///////////////////////////////////////////////////////////////////////////////////////////
(5 puntos) Cuanta espacio de disco, total usado y disponible, tiene el servidor? (su respuesta debe estar en MB)

 df -m /
Filesystem     1M-blocks  Used Available Use% Mounted on
/dev/root          28691  8609     20066  31% /


///////////////////////////////////////////////////////////////////////////////////////////
(5 puntos) Utilizando el comando ip obtengan la ip del servidor
 ip a | grep "inet "
    inet 127.0.0.1/8 scope host lo
    inet 172.31.31.175/20 metric 100 brd 172.31.31.255 scope global dynamic enX0


///////////////////////////////////////////////////////////////////////////////////////////
(10 puntos) lsof lista los archivos abiertos. Identifiquen los archivos abiertos por el protocolo TCP en el puerto 80

 sudo lsof -iTCP:80
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   10095     root    5u  IPv4  39888      0t0  TCP *:http (LISTEN)
nginx   10095     root    7u  IPv6  39890      0t0  TCP *:http (LISTEN)
nginx   39429 www-data    5u  IPv4  39888      0t0  TCP *:http (LISTEN)
nginx   39429 www-data    7u  IPv6  39890      0t0  TCP *:http (LISTEN)


//////////////////////////////////////////////////////////////////////////////////////////
(20 puntos) Utilizando netstat, listen los puertos por los que está escuchando el servidor. Deben filtrar usando las siguientes opciones de netstat (esto es un solo comando con estas opciones):
tcp
udp
numeric (muestra los puertos por número)
program (muestra qué programa es el que está escuchando)

sudo netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.54:53           0.0.0.0:*               LISTEN      309/systemd-resolve
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      309/systemd-resolve
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      10095/nginx: master
tcp        0      0 0.0.0.0:90              0.0.0.0:*               LISTEN      1136/docker-proxy
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      10095/nginx: master
tcp6       0      0 :::10                   :::*                    LISTEN      1/init
tcp6       0      0 :::90                   :::*                    LISTEN      1143/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      10095/nginx: master
udp        0      0 127.0.0.1:323           0.0.0.0:*
    613/chronyd
udp        0      0 127.0.0.54:53           0.0.0.0:*
    309/systemd-resolve
udp        0      0 127.0.0.53:53           0.0.0.0:*
    309/systemd-resolve
udp        0      0 172.31.31.175:68        0.0.0.0:*
    480/systemd-network
udp6       0      0 ::1:323                 :::*
    613/chronyd


///////////////////////////////////////////////////////////////////////////////////////////
(30 puntos) Utilizando ss, listen los puertos por los que está escuchando el servidor. Deben filtrar usando las siguientes opciones de ss (esto es un solo comando con estas opciones):
summary
tcp
conexiones establecidas
resuelvan los puertos numericos
uso de memoria
información interna de tcp
proceso que usa el socket

sudo ss -s -t -e -n -m -p
Total: 218
TCP:   22 (estab 6, closed 8, orphaned 0, timewait 7)

Transport Total     IP        IPv6
RAW       1         0         1
UDP       5         4         1
TCP       14        7         7
INET      20        11        9
FRAG      0         0         0

State Recv-Q Send-Q           Local Address:Port               Peer Address:Port
Process
ESTAB 0      0                172.31.31.175:59150            67.220.251.145:443
 users:(("ssm-agent-worke",pid=914,fd=14)) timer:(keepalive,1.938ms,0) ino:99488 sk:fa cgroup:/system.slice/snap.amazon-ssm-agent.amazon-ssm-agent.service <->
         skmem:(r0,rb131072,t0,tb87040,f0,w0,o0,bl0,d0)
ESTAB 0      0                172.31.31.175:443               172.68.76.137:38980
 users:(("nginx",pid=39429,fd=3)) uid:33 ino:151710 sk:fb cgroup:/system.slice/nginx.service <->
         skmem:(r0,rb131072,t0,tb87040,f0,w0,o0,bl0,d0)
ESTAB 0      1356    [::ffff:172.31.31.175]:10       [::ffff:190.56.194.12]:50964
 users:(("sshd",pid=48358,fd=4),("sshd",pid=48288,fd=4)) timer:(on,128ms,0) ino:145771 sk:fc cgroup:/system.slice/ssh.socket <->
         skmem:(r0,rb131072,t0,tb87040,f1076,w11212,o0,bl0,d0)
ESTAB 0      108     [::ffff:172.31.31.175]:10       [::ffff:190.56.194.12]:59586
 users:(("sshd",pid=50312,fd=4),("sshd",pid=50244,fd=4)) timer:(on,101ms,0) ino:150683 sk:fd cgroup:/system.slice/ssh.socket <->
         skmem:(r0,rb131072,t0,tb87040,f1300,w2796,o0,bl0,d0)
ESTAB 0      0       [::ffff:172.31.31.175]:10         [::ffff:190.14.11.2]:49348
 users:(("sshd",pid=50024,fd=4),("sshd",pid=49968,fd=4)) timer:(keepalive,118min,0) ino:150135 sk:fe cgroup:/system.slice/ssh.socket <->
         skmem:(r0,rb131072,t0,tb87040,f0,w0,o0,bl0,d0)
ESTAB 0      0       [::ffff:172.31.31.175]:10      [::ffff:181.209.179.43]:50404
 users:(("sshd",pid=49705,fd=4),("sshd",pid=49648,fd=4)) timer:(keepalive,116min,0) ino:149240 sk:ff cgroup:/system.slice/ssh.socket <->
         skmem:(r0,rb1370934,t0,tb87040,f0,w0,o0,bl0,d0)