Gerardo Andre Fernandez Cruz - 23763 | Lab2

(20 puntos) Utilizando httpie, hagan una solicitud de HTTP al servidor.

Comando: http GET http://3.221.27.185/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Sun, 09 Feb 2025 22:01:41 GMT
Server: nginx/1.24.0 (Ubuntu)
Transfer-Encoding: chunked

(20 puntos) Utilizando netstat, listen los puertos por los que está escuchando el servidor. Deben filtrar usando las siguientes opciones de netstat (esto es un solo comando con estas opciones):
tcp
udp
numeric (muestra los puertos por número)
program (muestra qué programa es el que está escuchando)

Comando: netstat -tulpn
(No info could be read for "-p": geteuid()=1000 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.54:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:90              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp6       0      0 :::10                   :::*                    LISTEN      -
tcp6       0      0 :::90                   :::*                    LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
udp        0      0 127.0.0.54:53           0.0.0.0:*                           -
udp        0      0 127.0.0.53:53           0.0.0.0:*                           -
udp        0      0 172.31.31.175:68        0.0.0.0:*                           -
udp        0      0 127.0.0.1:323           0.0.0.0:*                           -
udp6       0      0 ::1:323                 :::*                                -


(30 puntos) Utilizando ss, listen los puertos por los que está escuchando el servidor. Deben filtrar usando las siguientes opciones de ss (esto es un solo comando con estas opciones):
summary
tcp
conexiones establecidas
resuelvan los puertos numericos
uso de memoria
información interna de tcp
proceso que usa el socket

Comando:ss -s -t -e -n -m -p
Total: 211
TCP:   14 (estab 3, closed 3, orphaned 0, timewait 2)

Transport Total     IP        IPv6
RAW       1         0         1
UDP       5         4         1
TCP       11        6         5
INET      17        10        7
FRAG      0         0         0

State          Recv-Q          Send-Q                            Local Address:Port                                 Peer Address:Port
Process
ESTAB          0               0                                 172.31.31.175:36364                              67.220.251.145:443
 timer:(keepalive,10sec,0) ino:9735 sk:1 cgroup:/system.slice/snap.amazon-ssm-agent.amazon-ssm-agent.service <->
         skmem:(r0,rb131072,t0,tb87040,f0,w0,o0,bl0,d0)
ESTAB          0               368                      [::ffff:172.31.31.175]:10                       [::ffff:200.119.178.117]:17653
 timer:(on,117ms,0) ino:15955 sk:2 cgroup:/system.slice/ssh.socket <->
         skmem:(r0,rb131072,t0,tb208896,f1936,w2160,o0,bl0,d0)
ESTAB          0               256                      [::ffff:172.31.31.175]:10                        [::ffff:181.174.106.63]:18961
 timer:(on,163ms,0) ino:33845 sk:3 cgroup:/system.slice/ssh.socket <->
         skmem:(r0,rb1133561,t0,tb87040,f256,w3840,o0,bl0,d0)

(10 puntos) Utilizando tail dentro del servidor, obtengan las últimas 15 líneas del archivo /var/log/nginx/access.log

Comando: tail -n 15 /var/log/nginx/access.log
172.70.83.87 - - [09/Feb/2025:22:00:54 +0000] "GET /favicon.ico HTTP/1.1" 404 196 "https://nrywhite.lat/23197/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
172.68.76.136 - - [09/Feb/2025:22:01:07 +0000] "GET /23016 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
172.68.76.136 - - [09/Feb/2025:22:01:07 +0000] "GET /23016/ HTTP/1.1" 200 224 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
108.162.212.192 - - [09/Feb/2025:22:01:09 +0000] "GET / HTTP/1.1" 200 652 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
108.162.212.192 - - [09/Feb/2025:22:01:19 +0000] "GET /23016/ HTTP/1.1" 200 224 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
3.221.27.185 - - [09/Feb/2025:22:01:22 +0000] "GET / HTTP/1.1" 200 652 "-" "HTTPie/3.2.2"
3.221.27.185 - - [09/Feb/2025:22:01:41 +0000] "GET / HTTP/1.1" 200 652 "-" "HTTPie/3.2.2"
172.68.76.162 - - [09/Feb/2025:22:03:01 +0000] "GET / HTTP/1.1" 200 652 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0"
172.68.76.162 - - [09/Feb/2025:22:03:07 +0000] "GET /23763/ HTTP/1.1" 200 236 "https://nrywhite.lat/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0"
172.68.76.162 - - [09/Feb/2025:22:03:10 +0000] "GET /23763/Lab2/ HTTP/1.1" 200 173 "https://nrywhite.lat/23763/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0"
162.158.11.148 - - [09/Feb/2025:22:04:12 +0000] "GET /23525/lab1/ HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0"
162.158.11.157 - - [09/Feb/2025:22:04:12 +0000] "GET /23525/lab1/imagen10.jpg HTTP/1.1" 404 134 "https://nrywhite.lat/23525/lab1/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0"
167.94.138.180 - - [09/Feb/2025:22:04:31 +0000] "GET / HTTP/1.1" 200 1968 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
167.94.138.180 - - [09/Feb/2025:22:04:39 +0000] "GET /favicon.png HTTP/1.1" 200 110254 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
167.94.138.180 - - [09/Feb/2025:22:04:45 +0000] "GET /favicon.ico HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"

(10 puntos) Utilizando ps y grep identifiquen qué procesos está corriendo amazon dentro del servidor

Comando: ps aux | grep amazon
root         526  0.0  1.2 1759296 11980 ?       Ssl  21:15   0:00 /snap/amazon-ssm-agent/11092/amazon-ssm-agent
root         955  0.0  1.8 1860804 18396 ?       Sl   21:15   0:01 /snap/amazon-ssm-agent/11092/ssm-agent-worker
ubuntu     10389  0.0  0.2   7076  2048 pts/1    S+   22:07   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn amazon

(10 puntos) Utilizando dig dentro del servidor, obtengan la ip que resuelve al hacer un dns lookup uvg.edu.gt

Comando: dig +short uvg.edu.gt
45.223.56.41
45.223.155.41

(5 puntos) Cuanta memoria RAM, total usada y libre, tiene el servidor? (su respuesta debe estar en MB)

Comando: free -m
               total        used        free      shared  buff/cache   available
Mem:             957         430         165           1         527         526
Swap:              0           0           0