Lab 2 (20 puntos) Utilizando httpie, hagan una solicitud de HTTP al servidor root@LA-MAMALONA:~# http GET http://nrywhite.lat HTTP/1.1 301 Moved Permanently CF-RAY: 9110e4b85c518b47-TPA Connection: keep-alive Content-Type: text/html Date: Thu, 13 Feb 2025 01:02:31 GMT Location: https://nrywhite.lat/ NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGh6vkq0iNBtl%2B3qYluTjl7755YVHxOtJhKPH5SjeDFCLtX8b3MQbG4zo3mAmEpgQHWFf4M%2FLSoyif6eLkpKboc7rnmQVbB6pgHDE0Z1zl6Ajv75tM7c%2FAdd5JINzPE%3D"}],"group":"cf-nel","max_age":604800} Server: cloudflare Transfer-Encoding: chunked alt-svc: h3=":443"; ma=86400 cf-cache-status: DYNAMIC server-timing: cfL4;desc="?proto=TCP&rtt=71417&min_rtt=71417&rtt_var=35708&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=133&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" 301 Moved Permanently

301 Moved Permanently

nginx/1.24.0 (Ubuntu) (10 puntos) Utilizando curl, hagan una solicitud de HTTP al servidor root@LA-MAMALONA:~# curl -O http://nrywhite.lat/23405/Lab1%20web.txt % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 178 0 178 0 0 539 0 --:--:-- --:--:-- --:--:-- 541 (10 puntos) Utilizando tail dentro del servidor, obtengan las últimas 15 líneas del archivo /var/log/nginx/access.log 2025-02-13 00:57 ⌚ njs v18.19.1|py |go 0% ip-172-31-31-175 (172.31.31.175) in ~ ○ → tail -n 15 /var/log/nginx/access.log 108.162.212.18 - - [13/Feb/2025:01:06:33 +0000] "GET /23183/ HTTP/1.1" 200 234 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 108.162.212.18 - - [13/Feb/2025:01:06:34 +0000] "GET /23183/lab2/ HTTP/1.1" 200 175 "https://nrywhite.lat/23183/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 172.68.76.131 - - [13/Feb/2025:01:07:15 +0000] "GET /23208 HTTP/1.1" 301 178 "-" "curl/7.81.0" 172.68.76.131 - - [13/Feb/2025:01:07:27 +0000] "GET / HTTP/1.1" 200 2684 "-" "curl/7.81.0" 172.68.76.137 - - [13/Feb/2025:01:07:42 +0000] "GET / HTTP/1.1" 200 2693 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" 162.158.11.156 - - [13/Feb/2025:01:07:57 +0000] "GET / HTTP/1.1" 200 2693 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 172.68.76.155 - - [13/Feb/2025:01:08:22 +0000] "GET / HTTP/1.1" 200 459 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" 172.68.76.168 - - [13/Feb/2025:01:08:23 +0000] "GET /favicon.ico HTTP/1.1" 404 134 "https://818282919191.nrywhite.lat/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" 172.68.76.155 - - [13/Feb/2025:01:08:26 +0000] "GET /top10/ HTTP/1.1" 200 944 "https://818282919191.nrywhite.lat/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" 172.68.76.137 - - [13/Feb/2025:01:08:26 +0000] "GET / HTTP/1.1" 200 2693 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" 172.68.76.168 - - [13/Feb/2025:01:08:26 +0000] "GET /banners/payaso.jpg HTTP/1.1" 404 196 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" 172.68.76.155 - - [13/Feb/2025:01:08:44 +0000] "GET /laboratorio1.txt HTTP/1.1" 200 12891 "https://818282919191.nrywhite.lat/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" 162.158.11.152 - - [13/Feb/2025:01:08:49 +0000] "GET / HTTP/1.1" 200 459 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 162.158.11.156 - - [13/Feb/2025:01:08:50 +0000] "GET /favicon.ico HTTP/1.1" 404 196 "https://asdfdadsf.nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 162.158.11.152 - - [13/Feb/2025:01:08:55 +0000] "GET /laboratorio2.txt HTTP/1.1" 200 25575 "https://asdfdadsf.nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" (10 puntos) Utilizando ps y grep identifiquen qué procesos está corriendo amazon dentro del servidor 2025-02-13 01:09 ⌚ njs v18.19.1|py |go 50% ip-172-31-31-175 (172.31.31.175) in ~ ○ → ps aux | grep [a]mazon root 542 0.0 1.2 1759116 12400 ? Ssl Feb12 0:02 /snap/amazon-ssm-agent/9881/amazon-ssm-agent root 914 0.0 2.1 1850868 20924 ? Sl Feb12 0:09 /snap/amazon-ssm-agent/9881/ssm-agent-worker (10 puntos) Utilizando dig dentro del servidor, obtengan la ip que resuelve al hacer un dns lookup uvg.edu.gt 2025-02-13 01:15 ⌚ njs v18.19.1|py |go 47% ip-172-31-31-175 (172.31.31.175) in ~ ○ → dig +short uvg.edu.gt 45.223.155.41 45.223.56.41 (5 puntos) Cuanta memoria RAM, total usada y libre, tiene el servidor? (su respuesta debe estar en MB) 2025-02-13 01:36 ⌚ njs v18.19.1|py |go 18% ip-172-31-31-175 (172.31.31.175) in ~ ○ → free -m total used free shared buff/cache available Mem: 957 567 203 71 426 389 Swap: 0 0 0 (5 puntos) Utilizando el comando ip obtengan la ip del servidor 2025-02-13 01:37 ⌚ njs v18.19.1|py |go 9% ip-172-31-31-175 (172.31.31.175) in ~ ○ → ip addr show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: enX0: mtu 9001 qdisc fq_codel state UP group default qlen 1000 link/ether 0a:ff:d6:c1:6d:a5 brd ff:ff:ff:ff:ff:ff inet 172.31.31.175/20 metric 100 brd 172.31.31.255 scope global dynamic enX0 valid_lft 3497sec preferred_lft 3497sec inet6 fe80::8ff:d6ff:fec1:6da5/64 scope link valid_lft forever preferred_lft forever 3: docker0: mtu 1500 qdisc noqueue state UP group default link/ether 02:42:b0:10:3a:1f brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:b0ff:fe10:3a1f/64 scope link valid_lft forever preferred_lft forever 5: veth3e2c6fb@if4: mtu 1500 qdisc noqueue master docker0 state UP group default link/ether de:40:60:4d:bf:ef brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::dc40:60ff:fe4d:bfef/64 scope link valid_lft forever preferred_lft forever (10 puntos) lsof lista los archivos abiertos. Identifiquen los archivos abiertos por el protocolo TCP en el puerto 80 2025-02-13 01:38 ⌚ njs v18.19.1|py |go 0% ip-172-31-31-175 (172.31.31.175) in ~ ○ → sudo lsof -i TCP:80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 66702 root 5u IPv4 190481 0t0 TCP *:http (LISTEN) nginx 66702 root 7u IPv6 190483 0t0 TCP *:http (LISTEN) nginx 66704 www-data 5u IPv4 190481 0t0 TCP *:http (LISTEN) nginx 66704 www-data 7u IPv6 190483 0t0 TCP *:http (LISTEN) (20 puntos) Utilizando netstat, listen los puertos por los que está escuchando el servidor. Deben filtrar usando las siguientes opciones de netstat (esto es un solo comando con estas opciones): 2025-02-13 01:39 ⌚ njs v18.19.1|py |go 9% ip-172-31-31-175 (172.31.31.175) in ~ ○ → sudo netstat -tulnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 309/systemd-resolve tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 309/systemd-resolve tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 66702/nginx: master tcp 0 0 0.0.0.0:90 0.0.0.0:* LISTEN 1136/docker-proxy tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 66702/nginx: master tcp6 0 0 :::10 :::* LISTEN 1/init tcp6 0 0 :::90 :::* LISTEN 1143/docker-proxy tcp6 0 0 :::80 :::* LISTEN 66702/nginx: master udp 0 0 127.0.0.1:323 0.0.0.0:* 613/chronyd udp 0 0 127.0.0.54:53 0.0.0.0:* 309/systemd-resolve udp 0 0 127.0.0.53:53 0.0.0.0:* 309/systemd-resolve udp 0 0 172.31.31.175:68 0.0.0.0:* 480/systemd-network udp6 0 0 ::1:323 :::* 613/chronyd (30 puntos) Utilizando ss, listen los puertos por los que está escuchando el servidor. Deben filtrar usando las siguientes opciones de ss (esto es un solo comando con estas opciones): 2025-02-13 01:41 ⌚ njs v18.19.1|py |go 9% ip-172-31-31-175 (172.31.31.175) in ~ ○ → sudo ss -s -t -e -p Total: 253 TCP: 21 (estab 12, closed 1, orphaned 0, timewait 0) Transport Total IP IPv6 RAW 1 0 1 UDP 5 4 1 TCP 20 8 12 INET 26 12 14 FRAG 0 0 0 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process ESTAB 0 0 172.31.31.175:http 66.63.187.168:46100 users:(("nginx",pid=66704,fd=12)) uid:33 ino:215605 sk:10f cgroup:/system.slice/nginx.service <-> ESTAB 0 0 172.31.31.175:https 172.71.158.224:21048 users:(("nginx",pid=66704,fd=8)) uid:33 ino:215422 sk:110 cgroup:/system.slice/nginx.service <-> ESTAB 0 0 172.31.31.175:59150 67.220.251.145:https users:(("ssm-agent-worke",pid=914,fd=14)) timer:(keepalive,3.014ms,0) ino:99488 sk:fa cgroup:/system.slice/snap.amazon-ssm-agent.amazon-ssm-agent.service <-> ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:190.14.11.2]:53465 users:(("sshd",pid=52774,fd=4),("sshd",pid=52704,fd=4)) timer:(keepalive,12min,0) ino:156741 sk:100 cgroup:/system.slice/ssh.socket <-> ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:190.14.11.2]:53836 users:(("sshd",pid=65783,fd=4),("sshd",pid=65613,fd=4)) timer:(keepalive,50min,0) ino:187704 sk:109 cgroup:/system.slice/ssh.socket <-> ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:190.14.11.2]:51723 users:(("sshd",pid=51964,fd=4),("sshd",pid=51917,fd=4)) timer:(keepalive,8min7sec,0) ino:154664 sk:101 cgroup:/system.slice/ssh.socket <-> ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:200.119.170.148]:59753 users:(("sshd",pid=70964,fd=4),("sshd",pid=70917,fd=4)) timer:(keepalive,74min,0) ino:200925 sk:10a cgroup:/system.slice/ssh.socket <-> ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:190.56.194.12]:49226 users:(("sshd",pid=55146,fd=4),("sshd",pid=54988,fd=4)) timer:(keepalive,24min,0) ino:162669 sk:102 cgroup:/system.slice/ssh.socket <-> ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:190.56.194.12]:57568 users:(("sshd",pid=72892,fd=4),("sshd",pid=72836,fd=4)) timer:(keepalive,89min,0) ino:205881 sk:10b cgroup:/system.slice/ssh.socket <-> ESTAB 0 1352 [::ffff:172.31.31.175]:10 [::ffff:190.56.194.12]:55435 users:(("sshd",pid=76145,fd=4),("sshd",pid=76047,fd=4)) timer:(on,181ms,0) ino:214361 sk:111 cgroup:/system.slice/ssh.socket <-> ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:190.56.194.12]:52844 users:(("sshd",pid=62056,fd=4),("sshd",pid=62009,fd=4)) timer:(keepalive,42min,0) ino:179498 sk:10d cgroup:/system.slice/ssh.socket <-> ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:190.56.51.34]:39007 users:(("sshd",pid=62539,fd=4),("sshd",pid=62469,fd=4)) timer:(keepalive,43min,0) ino:180594 sk:10e cgroup:/system.slice/ssh.socket <->