Lab 2 - Administracion de servidores remotos Diego Fernando Patzan Marroquin - 23525 ---------------------------------------------- 1. Utilizando httpie, hagan una solicitud de HTTP al servidor (20 puntos) http http://nrywhite.lat Salida: HTTP/1.1 200 OK Alt-Svc h3=":443"; ma=86400 Cf-Cache-Status DYNAMIC Cf-Ray 91055c0d7d41b0b3-GUA Connection close Content-Type text/html Date Tue, 11 Feb 2025 15:26:50 GMT Last-Modified Tue, 11 Feb 2025 07:53:45 GMT Nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZ5alI2EVCWk32j2zvQUu4d3MYC8cE2sdVSOtlHPuyKCH8tGIQxffVmlEbsjhlpM4taF7Ii3TQIy8qjVuaBsfWa%2B2MU9gelPZyYRjJowMxTUMlDLSUIEK9vFn8W6Wy8%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Server-Timing cfL4;desc="?proto=TCP&rtt=19541&min_rtt=18512&rtt_var=9000&sent=3&recv=4&lost=0&retrans=0&sent_bytes=203&recv_bytes=680&delivery_rate=54591&cwnd=250&unsent_bytes=0&cid=8bb61720f89e3617&ts=221&x=0" Transfer-Encoding chunked ------------------------------------------------------------------------------- 2. Utilizando curl, hagan una solicitud de HTTP al servidor (10 puntos) curl -v http://nrywhite.lat Salida: * Host nrywhite.lat:80 was resolved. * IPv6: 2606:4700:3030::6815:2001, 2606:4700:3030::6815:3001, 2606:4700:3030::6815:4001, 2606:4700:3030::6815:5001, 2606:4700:3030::6815:7001, 2606:4700:3030::6815:1001, 2606:4700:3030::6815:6001 * IPv4: 104.21.32.1, 104.21.16.1, 104.21.48.1, 104.21.96.1, 104.21.64.1, 104.21.80.1, 104.21.112.1 * Trying [2606:4700:3030::6815:2001]:80... * Connected to nrywhite.lat (2606:4700:3030::6815:2001) port 80 > GET / HTTP/1.1 > Host: nrywhite.lat > User-Agent: curl/8.9.1 > Accept: */* > * Request completely sent off < HTTP/1.1 301 Moved Permanently < Date: Tue, 11 Feb 2025 14:43:30 GMT < Content-Type: text/html < Transfer-Encoding: chunked < Connection: keep-alive < Location: https://nrywhite.lat/ < cf-cache-status: DYNAMIC < Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=camvlVVzwI1WCE59lAwNa4pkW9VEqSniYNvrR57gSAccipyDGe2mTsxLS3KqFXJjwZwiX6vIMdCy5dY27Kw5xz9oXCvVQWA%2BLvZYYLanxgaNg4x6eZFnJ8XrXSKcyQUb1Ieu7XFgL%2B3RAOk%3D"}],"group":"cf-nel","max_age":604800} < NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < Server: cloudflare < CF-RAY: 91051c93bd11b0c2-GUA < alt-svc: h3=":443"; ma=86400 < server-timing: cfL4;desc="?proto=TCP&rtt=16668&min_rtt=16668&rtt_var=8334&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=75&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" < 301 Moved Permanently

301 Moved Permanently

nginx/1.24.0 (Ubuntu) * Connection #0 to host nrywhite.lat left intact ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3. ¿Qué pasa si tratan de hacer una solicitud de HTTP desde el servidor hacia su computadora? (5 puntos) curl -v http://ip_publica Salida: * URL rejected: Port number was not a decimal number between 0 and 65535 * Closing connection curl: (3) URL rejected: Port number was not a decimal number between 0 and 65535 ------------------------------------------------------------------------------------------------------------------------------------------- 4. Utilizando tail, obtengan las últimas 15 líneas del archivo /var/log/nginx/access.log (10 puntos) tail -n 15 /var/log/nginx/access.log Salida: 162.158.11.150 - - [11/Feb/2025:14:37:49 +0000] "GET /favicon.ico HTTP/1.1" 404 196 "https://nrywhite.lat/23525/lab1/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" 162.158.11.150 - - [11/Feb/2025:14:37:55 +0000] "GET / HTTP/1.1" 200 394 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" 162.158.11.150 - - [11/Feb/2025:14:38:26 +0000] "GET /23391/Lab2/Lab2.txt HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" 108.162.210.137 - - [11/Feb/2025:14:39:08 +0000] "GET /23009 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 108.162.210.137 - - [11/Feb/2025:14:39:08 +0000] "GET /23009/ HTTP/1.1" 200 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 172.70.254.126 - - [11/Feb/2025:14:39:10 +0000] "GET /23009/homewebpage/ HTTP/1.1" 200 356 "https://nrywhite.lat/23009/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 172.70.254.126 - - [11/Feb/2025:14:39:10 +0000] "GET /src/main.tsx HTTP/1.1" 404 196 "https://nrywhite.lat/23009/homewebpage/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 108.162.210.137 - - [11/Feb/2025:14:39:27 +0000] "GET /23009/homewebpage/ HTTP/1.1" 304 0 "https://nrywhite.lat/23009/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 108.162.210.137 - - [11/Feb/2025:14:39:27 +0000] "GET /src/main.tsx HTTP/1.1" 404 196 "https://nrywhite.lat/23009/homewebpage/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 172.68.76.160 - - [11/Feb/2025:14:39:27 +0000] "GET /logo.jpg HTTP/1.1" 404 196 "https://nrywhite.lat/23009/homewebpage/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 108.162.210.137 - - [11/Feb/2025:14:40:24 +0000] "GET /23747 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 172.70.255.50 - - [11/Feb/2025:14:40:24 +0000] "GET /23747/ HTTP/1.1" 200 275 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 172.70.255.50 - - [11/Feb/2025:14:40:46 +0000] "GET /aws-ubuntu.py HTTP/1.1" 200 1364 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 172.70.255.50 - - [11/Feb/2025:14:41:08 +0000] "GET /23197/ HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" 162.158.11.151 - - [11/Feb/2025:14:43:30 +0000] "GET / HTTP/1.1" 301 178 "-" "curl/8.9.1" ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 5. Utilizando ps y grep identifiquen qué procesos está corriendo amazon dentro del servidor (10 puntos) ps aux | grep amazon Salida: diego 543 0.0 0.0 4088 1928 pts/2 S+ 08:46 0:00 grep --color=auto amazon ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 6. Utilizando dig, obtengan la IP que resuelve al hacer un DNS lookup de uvg.edu.gt (10 puntos) dig +short uvg.edu.gt Salida: 45.223.56.41 45.223.155.41 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 7. ¿Cuánta memoria RAM total, usada y libre tiene el servidor? (5 puntos) free -m Salida: total used free shared buff/cache available Mem: 957 494 95 20 553 462 Swap: 0 0 0 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 8. ¿Cuánto espacio de disco total, usado y disponible tiene el servidor? (5 puntos) df -m / Salida: Filesystem 1M-blocks Used Available Use% Mounted on /dev/root 28691 8401 20274 30% / ------------------------------------------------------------------------------------------------------------------------------------------------------ 9. Utilizando el comando ip obtengan la IP del servidor (5 puntos) ip a Salida: 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: enX0: mtu 9001 qdisc fq_codel state UP group default qlen 1000 link/ether 0a:ff:d6:c1:6d:a5 brd ff:ff:ff:ff:ff:ff inet 172.31.31.175/20 metric 100 brd 172.31.31.255 scope global dynamic enX0 valid_lft 3250sec preferred_lft 3250sec inet6 fe80::8ff:d6ff:fec1:6da5/64 scope link valid_lft forever preferred_lft forever 3: docker0: mtu 1500 qdisc noqueue state UP group default link/ether 02:42:47:c1:f2:7d brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:47ff:fec1:f27d/64 scope link valid_lft forever preferred_lft forever 7: veth236a14f@if6: mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 0e:f7:78:3b:d0:f5 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::cf7:78ff:fe3b:d0f5/64 scope link valid_lft forever preferred_lft forever --------------------------------------------------------------------------------------------------------------------------------------------------------- 10. Identifiquen los archivos abiertos por el protocolo TCP en el puerto 80 con lsof (10 puntos) sudo lsof -i TCP:80 Salida: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 152272 root 5u IPv4 528166 0t0 TCP *:http (LISTEN) nginx 152272 root 7u IPv6 528168 0t0 TCP *:http (LISTEN) nginx 152273 www-data 5u IPv4 528166 0t0 TCP *:http (LISTEN) nginx 152273 www-data 7u IPv6 528168 0t0 TCP *:http (LISTEN) ------------------------------------------------------------------------------------------------------------------------------------------------ 11. Utilizando netstat, listen los puertos por los que está escuchando el servidor (20 puntos) netstat -tulnp Salida: (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:90 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN - tcp6 0 0 :::10 :::* LISTEN - tcp6 0 0 :::90 :::* LISTEN - tcp6 0 0 :::80 :::* LISTEN - udp 0 0 127.0.0.54:53 0.0.0.0:* - udp 0 0 127.0.0.53:53 0.0.0.0:* - udp 0 0 172.31.31.175:68 0.0.0.0:* - udp 0 0 127.0.0.1:323 0.0.0.0:* - udp6 0 0 ::1:323 :::* - ------------------------------------------------------------------------------------------------------------------------------------------------ 12. Utilizando ss, listen los puertos por los que está escuchando el servidor (30 puntos) ss -sntapmi Salida: Total: 234 TCP: 13 (estab 3, closed 2, orphaned 0, timewait 1) Transport Total IP IPv6 RAW 1 0 1 UDP 5 4 1 TCP 11 6 5 INET 17 10 7 FRAG 0 0 0 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.54:53 0.0.0.0:* users:(("systemd-resolve",pid=301,fd=17)) skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0) cubic cwnd:10 LISTEN 0 4096 0.0.0.0:90 0.0.0.0:* users:(("docker-proxy",pid=1107,fd=4)) skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0) cubic cwnd:10 LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=152273,fd=5),("nginx",pid=152272,fd=5)) skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d211) cubic cwnd:10 LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=152273,fd=6),("nginx",pid=152272,fd=6)) skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d111) cubic cwnd:10 LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=301,fd=15)) skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0) cubic cwnd:10 ESTAB 0 0 172.31.31.175:33462 209.54.181.109:443 users:(("ssm-agent-worke",pid=126579,fd=14)) skmem:(r0,rb131072,t0,tb87040,f0,w0,o0,bl0,d0) cubic wscale:6,7 rto:203 rtt:2.755/0.501 ato:40 mss:1460 pmtu:9001 rcvmss:1460 advmss:8961 cwnd:10 bytes_sent:4340 bytes_acked:4341 bytes_received:6793 segs_out:148 segs_in:127 data_segs_out:34 data_segs_in:38 send 42395644bps lastsnd:2738 lastrcv:2736 lastack:2736 pacing_rate 84775896bps delivery_rate 37516056bps delivered:35 app_limited busy:114ms rcv_space:56575 rcv_ssthresh:56575 minrtt:0.511 snd_wnd:59648 TIME-WAIT 0 0 172.31.31.175:443 162.158.11.158:21542 LISTEN 0 4096 *:10 *:* users:(("sshd",pid=1327,fd=3),("systemd",pid=1,fd=94)) skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d28) cubic cwnd:10 LISTEN 0 4096 [::]:90 [::]:* users:(("docker-proxy",pid=1117,fd=4)) skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0) cubic cwnd:10 LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=152273,fd=7),("nginx",pid=152272,fd=7)) skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0) cubic cwnd:10 ESTAB 0 780 [::ffff:172.31.31.175]:10 [::ffff:181.174.106.63]:2549 users:(("sshd",pid=186255,fd=4),("sshd",pid=186153,fd=4)) skmem:(r0,rb1122345,t0,tb87040,f3956,w12428,o0,bl0,d0) cubic wscale:7,7 rto:287 rtt:86.232/3.805 ato:43 mss:1448 pmtu:9001 rcvmss:1448 advmss:8949 cwnd:17 ssthresh:17 bytes_sent:215610 bytes_retrans:2500 bytes_acked:212330 bytes_received:175686 segs_out:4298 segs_in:5153 data_segs_out:4159 data_segs_in:4534 send 2283700bps lastrcv:3 lastack:3 pacing_rate 2740432bps delivery_rate 1004488bps delivered:4141 busy:107453ms unacked:13 retrans:0/14 dsack_dups:10 reord_seen:1 rcv_rtt:88299.7 rcv_space:62506 rcv_ssthresh:94223 minrtt:65.347 rcv_ooopack:92 snd_wnd:64128 ESTAB 0 0 [::ffff:172.31.31.175]:10 [::ffff:181.209.152.170]:4749 users:(("sshd",pid=185069,fd=4),("sshd",pid=184971,fd=4)) skmem:(r0,rb131072,t0,tb87040,f0,w0,o0,bl0,d132) cubic wscale:7,7 rto:285 rtt:84.814/6.735 ato:41 mss:1448 pmtu:9001 rcvmss:1448 advmss:8949 cwnd:16 bytes_sent:345714 bytes_acked:345714 bytes_received:264222 segs_out:7565 segs_in:8281 data_segs_out:7464 data_segs_in:7236 send 2185300bps lastsnd:886899 lastrcv:886899 lastack:886823 pacing_rate 4370584bps delivery_rate 3892920bps delivered:7465 app_limited busy:144505ms rcv_rtt:83 rcv_space:56575 rcv_ssthresh:56575 minrtt:71.815 rcv_ooopack:8 snd_wnd:64128