1. La mejor distro para principiantes: Ubuntu 10.04 (Aspirante: Mandriva 2010.1)
2. La mejor distro para expertos: Fedora 13 (Aspirante: Slackware)
3. La mejor distro para los que migran desde Windows: PCLinuxOS (Aspirante: Mepis 8.5)
4. La mejor distro para hardware antiguo: Puppy Linux (Aspirante: Slitaz)
5. La mejor distro de escritorio: Linux Mint 9 (Aspirante: Crunchbag)
6. La mejor distro para netbooks: Ubuntu Netbook Edition 10.04 (Aspirante: MeeGo 1.0)
7. La mejor distro para administradores: Debian 5.0 (Aspirante: Arch Linux)
8. La mejor distro para la oficina: openSUSE 11.3 (Aspirante: gOS)
9. La mejor distro para servidores: CentOS 5.5 (Aspirante: PC-BSD -aunque no sea estrictamente una solución Linux, aclaran)
10. La mejor distro para multimedia: Ubuntu Studio (Aspirante: PureDyne)

GUIASLINUX, tu sitio con más de 800 manuales online, listas para ser descargados gratis y sin registros.

SSH y autentificación mediante clave pública/privada

Ejemplo práctico Cfengine: Actualización masiva de PHP

by santisaez

1 day ago

Administrador de Sistemas en el grupo Hostalia/Acens

Personal info: Santi Saez

• Location: Bilbao
• Twitter: http://twitter.com/santisaez
• Web: http://woop.es
• 20 files uploaded

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

#1: Encrypt Data Communication

All data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or using keys / certificates.

1. Use scp, ssh, rsync, or sftp for file transfer. You can also mount remote server file system or your own home directory using special sshfs and fuse tools.
2. GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories.
3. Fugu is a graphical frontend to the commandline Secure File Transfer application (SFTP). SFTP is similar to FTP, but unlike FTP, the entire session is encrypted, meaning no passwords are sent in cleartext form, and is thus much less vulnerable to third-party interception. Another option is FileZilla - a cross-platform client that supports FTP, FTP over SSL/TLS (FTPS), and SSH File Transfer Protocol (SFTP).
4. OpenVPN is a cost-effective, lightweight SSL VPN.
5. Lighttpd SSL (Secure Server Layer) Https Configuration And Installation
6. Apache SSL (Secure Server Layer) Https (mod_ssl) Configuration And Installation

#1.1: Avoid Using FTP, Telnet, And Rlogin / Rsh

Under most network configurations, user names, passwords, FTP / telnet / rsh commands and transferred files can be captured by anyone on the same network using a packet sniffer. The common solution to this problem is to use either OpenSSH , SFTP, or FTPS (FTP over SSL), which adds SSL or TLS encryption to FTP. Type the following command to delete NIS, rsh and other outdated service:
# yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve

#2: Minimize Software to Minimize Vulnerability

Do you really need all sort of web services installed? Avoid installing unnecessary software to avoid vulnerabilities in software. Use the RPM package manager such as yum or apt-get and/or dpkg to review all installed set of software packages on a system. Delete all unwanted packages.
# yum list installed
# yum list packageName
# yum remove packageName
OR
# dpkg --list
# dpkg --info packageName
# apt-get remove packageName

#3: One Network Service Per System or VM Instance

Run different network services on separate servers or VM instance. This limits the number of other services that can be compromised. For example, if an attacker able to successfully exploit a software such as Apache flow, he / she will get an access to entire server including other services such as MySQL, e-mail server and so on. See how to install Virtualization software:

• Install and Setup XEN Virtualization Software on CentOS Linux 5
• How To Setup OpenVZ under RHEL / CentOS Linux

#4: Keep Linux Kernel and Software Up to Date

Applying security patches is an important part of maintaining Linux server. Linux provides all necessary tools to keep your system updated, and also allows for easy upgrades between versions. All security update should be reviewed and applied as soon as possible. Again, use the RPM package manager such as yum and/or apt-get and/or dpkg to apply all security updates.
# yum update
OR
# apt-get update && apt-get upgrade
You can configure Red hat / CentOS / Fedora Linux to send yum package update notification via email. Another option is to apply all security updates via a cron job. Under Debian / Ubuntu Linux you can use apticron to send security notifications.

#5: Use Linux Security Extensions

Linux comes with various security patches which can be used to guard against misconfigured or compromised programs. If possible use SELinux and other Linux security extensions to enforce limitations on network and other programs. For example, SELinux provides a variety of security policies for Linux kernel.

#5.1: SELinux

I strongly recommend using SELinux which provides a flexible Mandatory Access Control (MAC). Under standard Linux Discretionary Access Control (DAC), an application or process running as a user (UID or SUID) has the user's permissions to objects such as files, sockets, and other processes. Running a MAC kernel protects the system from malicious or flawed applications that can damage or destroy the system. See the official Redhat documentation which explains SELinux configuration.

#6: User Accounts and Strong Password Policy

Use the useradd / usermod commands to create and maintain user accounts. Make sure you have a good and strong password policy. For example, a good password includes at least 8 characters long and mixture of alphabets, number, special character, upper & lower alphabets etc. Most important pick a password you can remember. Use tools such as "John the ripper" to find out weak users passwords on your server. Configure pam_cracklib.so to enforce the password policy.

#6.1: Password Aging

The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password. The /etc/login.defs file defines the site-specific configuration for the shadow password suite including password aging configuration. To disable password aging, enter:
chage -M 99999 userName
To get password expiration information, enter:
chage -l userName
Finally, you can also edit the /etc/shadow file in the following fields:

{userName}:{password}:{lastpasswdchanged}:{Minimum_days}:{Maximum_days}:{Warn}:{Inactive}:{Expire}:

Where,

1. Minimum_days: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password.
2. Maximum_days: The maximum number of days the password is valid (after that user is forced to change his/her password).
3. Warn : The number of days before password is to expire that user is warned that his/her password must be changed.
4. Expire : Days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.

I recommend chage command instead of editing the /etc/shadow by hand:
# chage -M 60 -m 7 -W 7 userName
Recommend readings:

• Linux: Force Users To Change Their Passwords Upon First Login
• Linux turn On / Off password expiration / aging
• Lock the user password
• Search for all account without password and lock them
• Use Linux groups to enhance security

#6.2: Restricting Use of Previous Passwords

You can prevent all users from using or reuse same old passwords under Linux. The pam_unix module parameter remember can be used to configure the number of previous passwords that cannot be reused.

#6.3: Locking User Accounts After Login Failures

Under Linux you can use the faillog command to display faillog records or to set login failure limits. faillog formats the contents of the failure log from /var/log/faillog database / log file. It also can be used for maintains failure counters and limits.To see failed login attempts, enter:
faillog
To unlock an account after login failures, run:
faillog -r -u userName
Note you can use passwd command to lock and unlock accounts:
# lock account
passwd -l userName
# unlocak account
passwd -u userName


#6.4: How Do I Verify No Accounts Have Empty Passwords?

Type the following command
# awk -F: '($2 == "") {print}' /etc/shadow
Lock all empty password accounts:
# passwd -l accountName

#6.5: Make Sure No Non-Root Accounts Have UID Set To 0

Only root account have UID 0 with full permissions to access the system. Type the following command to display all accounts with UID set to 0:
# awk -F: '($3 == "0") {print}' /etc/passwd
You should only see one line as follows:

root:x:0:0:root:/root:/bin/bash

If you see other lines, delete them or make sure other accounts are authorized by you to use UID 0.

#7: Disable root Login

Never ever login as root user. You should use sudo to execute root level commands as and when required. sudo does greatly enhances the security of the system without sharing root password with other users and admins. sudo provides simple auditing and tracking features too.

#8: Physical Server Security

You must protect Linux servers physical console access. Configure the BIOS and disable the booting from external devices such as DVDs / CDs / USB pen. Set BIOS and grub boot loader password to protect these settings. All production boxes must be locked in IDCs (Internet Data Center) and all persons must pass some sort of security checks before accessing your server. See also:

• 9 Tips To Protect Linux Servers Physical Console Access.

#9: Disable Unwanted Services

Disable all unnecessary services and daemons (services that runs in the background). You need to remove all unwanted services from the system start-up. Type the following command to list all services which are started at boot time in run level # 3:
# chkconfig --list | grep '3:on'
To disable service, enter:
# service serviceName stop
# chkconfig serviceName off

#9.1: Find Listening Network Ports

Use the following command to list all open ports and associated programs:
netstat -tulpn
OR
nmap -sT -O localhost
nmap -sT -O server.example.com
Use iptables to close open ports or stop all unwanted network services using above service and chkconfig commands.

#9.2: See Also

• update-rc.d like command on Redhat Enterprise / CentOS Linux.
• Ubuntu / Debian Linux: Services Configuration Tool to Start / Stop System Services.
• Get Detailed Information About Particular IP address Connections Using netstat Command.

#10: Delete X Windows

X Windows on server is not required. There is no reason to run X Windows on your dedicated mail and Apache web server. You can disable and remove X Windows to improve server security and performance. Edit /etc/inittab and set run level to 3. Finally, remove X Windows system, enter:
# yum groupremove "X Window System"

#11: Configure Iptables and TCPWrappers

Iptables is a user space application program that allows you to configure the firewall (Netfilter) provided by the Linux kernel. Use firewall to filter out traffic and allow only necessary traffic. Also use the TCPWrappers a host-based networking ACL system to filter network access to Internet. You can prevent many denial of service attacks with the help of Iptables:

• Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit).
• How to: Linux Iptables block common attack.
• psad: Linux Detect And Block Port Scan Attacks In Real Time.

#12: Linux Kernel /etc/sysctl.conf Hardening

/etc/sysctl.conf file is used to configure kernel parameters at runtime. Linux reads and applies settings from /etc/sysctl.conf at boot time. Sample /etc/sysctl.conf:

# Turn on execshield
kernel.exec-shield=1
kernel.randomize_va_space=1
# Enable IP spoofing protection
net.ipv4.conf.all.rp_filter=1
# Disable IP source routing
net.ipv4.conf.all.accept_source_route=0
# Ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_messages=1
# Make sure spoofed packets get logged
net.ipv4.conf.all.log_martians = 1

#13: Separate Disk Partitions

Separation of the operating system files from user files may result into a better and secure system. Make sure the following filesystems are mounted on separate partitions:

• /usr
• /home
• /var and /var/tmp
• /tmp

Create septate partitions for Apache and FTP server roots. Edit /etc/fstab file and make sure you add the following configuration options:

1. noexec - Do not set execution of any binaries on this partition (prevents execution of binaries but allows scripts).
2. nodev - Do not allow character or special devices on this partition (prevents use of device files such as zero, sda etc).
3. nosuid - Do not set SUID/SGID access on this partition (prevent the setuid bit).

Sample /etc/fstab entry to to limit user access on /dev/sda5 (ftp server root directory):

/dev/sda5  /ftpdata          ext3    defaults,nosuid,nodev,noexec 1 2

#13.1: Disk Quotas

Make sure disk quota is enabled for all users. To implement disk quotas, use the following steps:

1. Enable quotas per file system by modifying the /etc/fstab file.
2. Remount the file system(s).
3. Create the quota database files and generate the disk usage table.
4. Assign quota policies.
5. See implementing disk quotas tutorial for further details.

#14: Turn Off IPv6

Internet Protocol version 6 (IPv6) provides a new Internet layer of the TCP/IP protocol suite that replaces Internet Protocol version 4 (IPv4) and provides many benefits. Currently there are no good tools out which are able to check a system over network for IPv6 security issues. Most Linux distro began enabling IPv6 protocol by default. Crackers can send bad traffic via IPv6 as most admins are not monitoring it. Unless network configuration requires it, disable IPv6 or configure Linux IPv6 firewall:

• RedHat / Centos Disable IPv6 Networking.
• Debian / Ubuntu And Other Linux Distros Disable IPv6 Networking.
• Linux IPv6 Howto - Chapter 19. Security.
• Linux IPv6 Firewall configuration and scripts are available here.

#15: Disable Unwanted SUID and SGID Binaries

All SUID/SGID bits enabled file can be misused when the SUID/SGID executable has a security problem or bug. All local or remote user can use such file. It is a good idea to find all such files. Use the find command as follows:
#See all set user id files:
find / -perm +4000
# See all group id files
find / -perm +2000
# Or combine both in a single command
find / \( -perm -4000 -o -perm -2000 \) -print
find / -path -prune -o -type f -perm +6000 -ls

You need to investigate each reported file. See reported file man page for further details.

#15.1: World-Writable Files

Anyone can modify world-writable file resulting into a security issue. Use the following command to find all world writable and sticky bits set files:
find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
You need to investigate each reported file and either set correct user and group permission or remove it.

#15.2: Noowner Files

Files not owned by any user or group can pose a security problem. Just find them with the following command which do not belong to a valid user and a valid group
find /dir -xdev \( -nouser -o -nogroup \) -print
You need to investigate each reported file and either assign it to an appropriate user and group or remove it.

#16: Use A Centralized Authentication Service

Without a centralized authentication system, user auth data becomes inconsistent, which may lead into out-of-date credentials and forgotten accounts which should have been deleted in first place. A centralized authentication service allows you maintaining central control over Linux / UNIX account and authentication data. You can keep auth data synchronized between servers. Do not use the NIS service for centralized authentication. Use OpenLDAP for clients and servers.

#16.1: Kerberos

Kerberos performs authentication as a trusted third party authentication service by using cryptographic shared secret under the assumption that packets traveling along the insecure network can be read, modified, and inserted. Kerberos builds on symmetric-key cryptography and requires a key distribution center. You can make remote login, remote copy, secure inter-system file copying and other high-risk tasks safer and more controllable using Kerberos. So, when users authenticate to network services using Kerberos, unauthorized users attempting to gather passwords by monitoring network traffic are effectively thwarted. See how to setup and use Kerberos.

#17: Logging and Auditing

You need to configure logging and auditing to collect all hacking and cracking attempts. By default syslog stores data in /var/log/ directory. This is also useful to find out software misconfiguration which may open your system to various attacks. See the following logging related articles:

1. Linux log file locations.
2. How to send logs to a remote loghost.
3. How do I rotate log files?.
4. man pages syslogd, syslog.conf and logrotate.

#17.1: Monitor Suspicious Log Messages With Logwatch / Logcheck

Read your logs using logwatch or logcheck. These tools make your log reading life easier. You get detailed reporting on unusual items in syslog via email. A sample syslog report:

 ################### Logwatch 7.3 (03/24/06) ####################
        Processing Initiated: Fri Oct 30 04:02:03 2009
        Date Range Processed: yesterday
                              ( 2009-Oct-29 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: www-52.nixcraft.net.in
  ################################################################## 

 --------------------- Named Begin ------------------------ 

 **Unmatched Entries**
    general: info: zone XXXXXX.com/IN: Transfer started.: 3 Time(s)
    general: info: zone XXXXXX.com/IN: refresh: retry limit for master ttttttttttttttttttt#53 exceeded (source ::#0): 3 Time(s)
    general: info: zone XXXXXX.com/IN: Transfer started.: 4 Time(s)
    general: info: zone XXXXXX.com/IN: refresh: retry limit for master ttttttttttttttttttt#53 exceeded (source ::#0): 4 Time(s)

 ---------------------- Named End ------------------------- 

  --------------------- iptables firewall Begin ------------------------ 

 Logged 87 packets on interface eth0
   From 58.y.xxx.ww - 1 packet to tcp(8080)
   From 59.www.zzz.yyy - 1 packet to tcp(22)
   From 60.32.nnn.yyy - 2 packets to tcp(45633)
   From 222.xxx.ttt.zz - 5 packets to tcp(8000,8080,8800) 

 ---------------------- iptables firewall End ------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Users logging in through sshd:
    root:
       123.xxx.ttt.zzz: 6 times

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda3             450G  185G  241G  44% /
 /dev/sda1              99M   35M   60M  37% /boot

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End #########################

(Note output is truncated)

#17.2: System Accounting with auditd

The auditd is provided for system auditing. It is responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. With auditd you can answers the following questions:

1. System startup and shutdown events (reboot / halt).
2. Date and time of the event.
3. User respoisble for the event (such as trying to access /path/to/topsecret.dat file).
4. Type of event (edit, access, delete, write, update file & commands).
5. Success or failure of the event.
6. Records events that Modify date and time.
7. Find out who made changes to modify the system's network settings.
8. Record events that modify user/group information.
9. See who made changes to a file etc.

See our quick tutorial which explains enabling and using the auditd service.

#18: Secure OpenSSH Server

The SSH protocol is recommended for remote login and remote file transfer. However, ssh is open to many attacks. See how to secure OpenSSH server:

• Top 20 OpenSSH Server Best Security Practices.

#19: Install And Use Intrusion Detection System

A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic.

It is a good practice to deploy any integrity checking software before system goes online in a production environment. If possible install AIDE software before the system is connected to any network. AIDE is a host-based intrusion detection system (HIDS) it can monitor and analyses the internals of a computing system.

Snort is a software for intrusion detection which is capable of performing packet logging and real-time traffic analysis on IP networks.

#20: Protecting Files, Directories and Email

Linux offers excellent protections against unauthorized data access. File permissions and MAC prevent unauthorized access from accessing data. However, permissions set by the Linux are irrelevant if an attacker has physical access to a computer and can simply move the computer's hard drive to another system to copy and analyze the sensitive data. You can easily protect files, and partitons under Linux using the following tools:

• To encrypt and decrypt files with a password, use gpg command.
• Linux or UNIX password protect files with openssl and other tools.
• See how to encrypting directories with ecryptfs.
• TrueCrypt is free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X and Linux.
• Howto: Disk and partition encryption in Linux for mobile devices.
• How to setup encrypted Swap on Linux.

#20.1: Securing Email Servers

You can use SSL certificates and gpg keys to secure email communication on both server and client computers:

• Linux Securing Dovecot IMAPS / POP3S Server with SSL Configuration.
• Linux Postfix SMTP (Mail Server) SSL Certificate Installations and Configuration.
• Courier IMAP SSL Server Certificate Installtion and Configuration.
• Configure Sendmail SSL encryption for sending and receiving email.
• Enigmail: Encrypted mail with Mozilla thunderbird.

Other Recommendation:

• Backups - It cannot be stressed enough how important it is to make a backup of your Linux system. A proper offsite backup allows you to recover from cracked server i.e. an intrusion. The traditional UNIX backup programs are dump and restore are also recommended.
• How to: Looking for Rootkits.
• Howto: Enable ExecShield Buffer Overflows Protection.
• Subscribe to Redhat or Debian Linux security mailing list or RSS feed.

Recommend readings:

1. Red Hat Enterprise Linux - Security Guide.
2. Linux security cookbook- A good collections of security recipes for new Linux admin.
3. Snort 2.1 Intrusion Detection, Second Edition - Good introduction to Snort and Intrusion detection under Linux.
4. Hardening Linux - Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks.
5. Linux Security HOWTO.

In the next part of this series I will discuss how to secure specific applications (such as Proxy, Mail, LAMP, Database) and a few other security tools. Did I miss something? Please add your favorite system security tool or tip in the comments.

-->

Featured Articles:

• 20 Linux System Monitoring Tools Every SysAdmin Should Know
• 20 Linux Server Hardening Security Tips
• My 10 UNIX Command Line Mistakes
• Top 5 Email Client For Linux, Mac OS X, and Windows Users
• Top 20 OpenSSH Server Best Security Practices
• Top 10 Open Source Web-Based Project Management Software
• Top 5 Linux Video Editor Software

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

• Email this to a friend
• Download PDF version
• Printable version
• Comment RSS feed
• Last Updated: Nov/30/2009

MÚLTIPLES FORMAS DE VER INFORMACIÓN DEL SISTEMA

Copyright 2005-2008 Sergio González Durán
Se concede permiso para copiar, distribuir y/o modificar este documento siempre y cuando se cite al autor y la fuente de linuxtotal.com.mx y según los términos de la GNU Free Documentation License, Versión 1.2 o cualquiera posterior publicada por la Free Software Foundation.

autor: sergio.gonzalez.duran@gmail.com

Sistemas basados en GNU/Linux (Al igual que sus parientes basados en Unix como BSD o los de Macinstosh) conservan la tradición de tener multitud de comandos que permiten conocer el estado del sistema. Es decir, cada uno da pequeñas piezas de información sobre multitud de partes diferentes de lo que esta sucediendo en tu sistema Linux. Algunos de estos comandos pueden ser ejecutados por cualquier usuario y otros varios solo por root. En esta ocasión te presento, sin ningún orden en específico, una recopilación de los más útiles y usados de estos comandos.

uname

Imprime información del sistema

(Procesador instalado en el equipo)
#> uname -p
Intel(R) Core(TM) Duo CPU T2450  @ 2.00GHz

(versión del kernel)
#> uname -r
2.6.22.9-laptop-1mdv

(o toda la información de uname a través de la opción -a)
#> uname -a
Linux segolap 2.6.22.9-laptop-1mdv #1 SMP Thu Sep 27 04:17:10 CEST 2007 i686 Intel(R) Core(TM) Duo CPU T2450  @ 2.00GHz GNU/Linux

Este último, muestra en orden, el tipo de kernel, el nombre del equipo, versión de kernel, fecha y hora, arquitectura del CPU (i686), tipo de procesador y tipo de sistema operativo (GNU/Linux).

fdisk

Permite manipular/crear particiones en Linux, pero tiene una interesante opción de consulta, -l:

#> fdisk -l

Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0002ecbc

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          63      506016   83  Linux
/dev/sda2              64       10261    81915435   83  Linux
/dev/sda3           10262       18929    69625710   83  Linux
/dev/sda4           18930       19457     4241160    5  Extended
/dev/sda5           18930       19457     4241128+  82  Linux swap / Solaris

Disk /dev/sdb: 40.0 GB, 40007761920 bytes
255 heads, 63 sectors/track, 4864 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000063b0

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1        4863    39062016    c  W95 FAT32 (LBA)

Podemos observar en este listado varios aspectos muy útiles, primero que tenemos dos dispositivos conectados al sistema, /dev/sda y /dev/sdb, los dos son discos duros, el primero es el propio del equipo y tiene varias particiones, incluso determinamos cual es la partición de arranque que es /dev/sda1. El segundo dispositivo contiene una partición Windows como podemos ver en la columna 'System' del último renglón 'W95 FAT32', que indiscutiblemente es de Windows, no es una memoria flash por el tamaño (Disk /dev/sdb: 40.0 GB) mostrado. Asi que se trata de un disco duro externo.

free

¿Sientes tu sistema demasiado lento?, comienza checando con free que despliega como se encuentra de saturada la memoria física RAM y la de la partición SWAP.

(la opción -m muestra el listado en megas)
#> free -m
             total       used       free     shared    buffers     cached
Mem:          2018        989       1028          0         39        450
-/+ buffers/cache:        500       1517
Swap:         4141          0       4141

La línea 'Mem:' es la memoría fisica RAM, que en este ejemplo tiene 2 GB de los cuáles se están usando 989 megas, bastante razonable todavía, la línea 'Swap:' muestra la partición de swap (lo que en Windows se le conoce como archivo de intercambio), que generalmente se establece al doble de la RAM y que idealmente no debe estar usada, como el ejemplo lo muestra. Cuando tu línea Swap muestra demasiado uso y casi nada libre, tienes serios problemas de rendimiento, considera entonces en incrementar tu RAM. Prueba con free -mt para ver una línea más al final con la suma de las dos Mem + Swap.

mount

Comando que se utiliza para montar dispositivos, algo complejo y con múltiples opciones. Pero para este tutorial, basta con que lo invoques sin opción alguna ni argumentos, para que nos revele la información de que tienes montado y en que lugar esta montado.

#> mount
/dev/sda1 on /boot type ext3 (rw,noatime)
/dev/sda2 on / type ext3 (rw,noatime)
/dev/sda3 on /home type ext3 (rw,noatime)
none on /proc type proc (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/sdb1 on /media/hd type vfat (rw,nosuid,nodev,sync,users,umask=0022,iocharset=utf8)

Un pequeño análisis me permite determinar que en el equipo hay tres particiones sobre el mismo disco duro (dispositivo /dev/sda), que son /boot (sda1), / (sda2), y /home (sda3), todas son del tipo 'ext3' el filesystem por defecto de Linux. Hay dos sistemas virtuales montados en /proc y otro dispositivo (/dev/sdb1) accesible a través del directorio /media/hd y que es del tipo DOS FAT. Como podrás observar, esta información se complementa a la arrojada por fdisk -l.

lsmod

Muestra el status de los módulos del kernel actualmente cargados en el sistema.

[root@segolap ~]# lsmod
Module                  Size  Used by
fat                    45852  1 vfat
i915                   22688  3
drm                    72628  4 i915
vmnet                  34564  16
parport_pc             32004  0
parport                31592  1 parport_pc
blkcipher               5860  1 ecb
snd_seq_midi_event      6912  1 snd_seq_oss
snd_seq                46800  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device          7276  3 snd_seq_dummy,snd_seq_oss,snd_seq
ieee80211              31752  1 ipw3945
ieee80211_crypt         5248  2 ieee80211_crypt_wep,ieee80211
mmc_core               23108  2 mmc_block,sdhci
agpgart                27656  3 drm,intel_agp
snd_pcm                69636  3 snd_pcm_oss,snd_hda_intel
libata                108688  2 ata_piix,ahci
scsi_mod              124972  6 usb_storage,sr_mod,sg,scsi_wait_scan,sd_mod,libata
... listado no completo

El listado se autoexplica, el módulo, su tamaño y quien lo usa. Por ejemplo, el módulo 'ieee80211' es utilizado por el driver para tarjetas inalámbricas 'ipw3945', etc. Este comando se complementa con el de inserción de módulos insmod y con el que remueve módulos rmmod.

lspci

Lista los dispositivos PCI del sistema.

#> lspci
00:00.0 Host bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML and 945GT Express Memory Controller Hub (rev 03)
00:02.1 Display controller: Intel Corporation Mobile 945GM/GMS/GME, 943/940GML Express Integrated Graphics Controller (rev 03)
00:1b.0 Audio device: Intel Corporation 82801G (ICH7 Family) High Definition Audio Controller (rev 02)
00:1c.0 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 1 (rev 02)
00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2 (rev 02)
00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev e2)
00:1f.0 ISA bridge: Intel Corporation 82801GBM (ICH7-M) LPC Interface Bridge (rev 02)
00:1f.1 IDE interface: Intel Corporation 82801G (ICH7 Family) IDE Controller (rev 02)
00:1f.2 SATA controller: Intel Corporation 82801GBM/GHM (ICH7 Family) SATA AHCI Controller (rev 02)
00:1f.3 SMBus: Intel Corporation 82801G (ICH7 Family) SMBus Controller (rev 02)
04:00.0 Ethernet controller: Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (rev 02)
05:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)
06:00.0 FLASH memory: ENE Technology Inc ENE PCI Memory Stick Card Reader Controller
06:00.1 Generic system peripheral [0805]: ENE Technology Inc ENE PCI SmartMedia / xD Card Reader Controller
06:00.3 FLASH memory: ENE Technology Inc ENE PCI Secure Digital / MMC Card Reader Controller

Tomemos una línea de ejemplo:

05:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)

El primer campo (05:00.0) es el slot PCI donde se ubica el dispositivo bus 05 dispositivo 00 función 0, después sigue la clase de dispositivo (Network controller), el fabricante (Intel Corporation), el nombre del dispositivo (PRO/Wireless 3945ABG Network Connection) y el número de revisión del mismo (rev 02).

Información bastante útil, ya que por ejemplo, en mi caso, este dispositivo no funcionó cuando recien instalé Linux, pero con esta info del sistema comencé a determinar el tipo de drivers que necesitaba para hacerla funcionar.

Puedes obtener aun más información de cada dispositivo PCI con la opción -v y aun más con -vv, asi que trata con lspci -vv y observa cuanto puedes lograr saber de cada dispositivo.

lsusb

Lista los dispositivos usb del sistema.

#> lsusb
Bus 005 Device 004: ID 05e3:0702 Genesys Logic, Inc. USB 2.0 IDE Adapter
Bus 005 Device 003: ID 064e:a101 Suyin Corp.
Bus 005 Device 001: ID 0000:0000
Bus 001 Device 001: ID 0000:0000
Bus 002 Device 004: ID 062a:0003 Creative Labs
Bus 002 Device 001: ID 0000:0000
Bus 003 Device 001: ID 0000:0000
Bus 004 Device 001: ID 0000:0000

mmmmm, no muy informativo que digamos, pero solo hay que saber buscar, asi que si usamos la opción -v, nos devuelve más información, en mi caso, la cámara web de mi laptop no funcionaba, para buscar los drivers o configuración adecuada busqué con este comando y encontré lo siguiente:

#> lsusb -v
...
Bus 005 Device 003: ID 064e:a101 Suyin Corp.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass          239 Miscellaneous Device
  bDeviceSubClass         2 Common Class
  bDeviceProtocol         1 Interface Association
  bMaxPacketSize0        64
  idVendor           0x064e Suyin Corp.
  idProduct          0xa101
  bcdDevice            1.00
  iManufacturer           2 SuYin
  iProduct                1 Acer CrystalEye webcam
  iSerial                 3 CN0314-OV03-VA-R02.00.00
...

El listado es bastante largo, asi que lo muestro con lo relevante solamente, en el 'Bus 005 Device 003:' se encuentra algo llamado 'Suyin Corp', y viendo más detalle con -v encuentro que es 'Acer CrystalEye webcam', asi que con esto se facilita la búsqueda en Internet para conseguir los drivers adecuados para linux, cosa que con paciencia eventualmente se logra. Ya que encontré que con la distro Mandriva viene soportada por defecto.

blkid

Block Id. Despliega los atributos del dispositivo de bloque.

#> blkid
/dev/sda1: UUID="d22801c6-85ca-11dc-849e-afde43df714c" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda2: UUID="ae22f1dc-85ca-11dc-acbd-cb4aee4dedb7" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda3: UUID="d3990398-85ca-11dc-aab5-4d80db2607e2" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda5: TYPE="swap" UUID="f6bfa9b2-85ca-11dc-abd6-01935478454b"
/dev/sdb1: LABEL="SEGO" UUID="46CD-5C01" TYPE="vfat"

dmidecode y lshw

Ahora bien, que si de determinar el hardware del equipo se trata, nada como este comando. Que lo que hace es leer la información del BIOS directamente y te regresa un listado muy completo de todo el hardware encontrado en el equipo. DMI es por Desktop Management interface y lee la información del llamado SMBIOS (System Management BIOS).

dmidecode por defecto ofrece un listado bastante largo y completo, asi que si deseas uno más corto o resumido, úsalo con -q.

Si no tienes instalado dmidecode prueba con lshw que básicamente hace lo mismo.

df

Reporta el uso de espacio en los discos duros.

# df
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              77G   16G   58G  22% /
/dev/sda1             479M   21M  433M   5% /boot
/dev/sda3              66G   36G   30G  55% /home
/dev/sdb1              38G   24G   14G  64% /media/hd

Muy fácil de entender y usar, úsalo seguido, sobre todo si descargas bastante y asi podrás saber cuando se están llenando tus dispositivos de almacenamiento. En algunas versiones de df tendrás que usar la opción -h (formato humano) para que puedas ver el mismo listado mostrado en Megas o Gigas.

uptime

Muestra cuanto tiempo lleva prendido el sistema y otra información.

#> uptime
 19:59:45 up  2:18,  2 users,  load average: 1.14, 1.13, 1.09

Primero la hora actual, seguido de 'up 2:18', que significa prendido por dos horas y 18 minutos, claro este campo puede cambiar a días, etc., dos usuarios en el sistema y por último la carga promedio del CPU (load average), en el último minuto, 5 y 15 respectivamente. Mientras más bajo este número es mejor, queriendo decir que por ejemplo, se requieren 1.14 procesadores en el momento que se ejecutó 'uptime' para en ese preciso instante terminar con todos los procesos del sistema. Esto no es exactamente preciso pero te puede dar una buena idea lo cargado o desocupado que esta tu CPU. Ahora bien, ¿quienes son esos dos usuarios en el sistema?, veámoslo con el siguiente comando.

w

Muestra que usuarios están en el sistema y lo que están haciendo.

# w
 20:07:12 up  2:25,  2 users,  load average: 1.18, 1.12, 1.09
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1      19:09    7:34   0.16s  0.16s -bash
sergio   :0        17:43   ?xdm?   2:22m  0.06s /bin/sh /usr/bin/quanta

La primera línea de w es lo mismo que regresa uptime, y después nos dice quienes son los dos usuarios en el sistema, en que terminal están 'TTY', si fuera desde otro equipo mostraría la IP, la hora en que se loguearon 'LOGIN@', y la última columna muestra lo que están ejecutando en el momento en que se ejecutó w.

Como complemento de uptime y w puedes usar lo siguiente:

#> who -b
  system boot  2008-01-13 17:41

Indica la fecha y hora en que el sistema inició.

lsof

List open files. Muestra los archivos que un proceso ha abierto para poder ejecutarse.

(ejecutamos 'man lsof' en una terminal)
#> man lsof
(desde otra terminal determinamos su PID)
#> ps -ed | grep man
root      9700  6514  0 21:11 pts/1    00:00:00 man lsof
(y ejecutamos lsof con la opción -p)
#> lsof -p 9700
COMMAND  PID USER   FD   TYPE DEVICE    SIZE    NODE NAME
man     9700 root  cwd    DIR    8,2    4096 5603329 /root
man     9700 root  rtd    DIR    8,2    4096       2 /
man     9700 root  txt    REG    8,2   43416 9529630 /usr/bin/man
man     9700 root  mem    REG    8,2  254076 9520457 /usr/share/locale/UTF-8/LC_CTYPE
man     9700 root  mem    REG    8,2 1298800 7277050 /lib/i686/libc-2.6.1.so
man     9700 root  mem    REG    8,2      52 9521060 /usr/share/locale/en_US.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES
man     9700 root  mem    REG    8,2   26052 9519467 /usr/lib/gconv/gconv-modules.cache
man     9700 root  mem    REG    8,2  565473 7274508 /lib/ld-2.6.1.so
man     9700 root    0u   CHR  136,1               3 /dev/pts/1
man     9700 root    1u   CHR  136,1               3 /dev/pts/1
man     9700 root    2u   CHR  136,1               3 /dev/pts/1
man     9700 root    3r   REG    8,2    4808 4523300 /etc/man.config

Podemos observar de las librerias, archivos de configuración (última línea), y los comandos que se invocaron para ejcutar una consulta de manual. este comando lsof es altamente útil cuando se trata de determinar las dependencias que un programa requiere para ejecutarse.

Si utilizas lsof sin argumentos te dará un larguísimo listado de todos los procesos que se estén ejecutando en ese momento.

last y lastb

last muestra un listado de los últimos usuarios logueados al sistema e información relevante, lastb last bad, muestra los últimos intentos de logueo al sistema que fracasaron, utilísimo para determinar posibles intentos de acceso ilegítimo al sistemo (hackeo).

#> last
root     tty1                          Sun Jan 13 19:59   still logged in
sergon   :0                            Sun Jan 13 17:43   still logged in
reboot   system boot  2.6.22.9-laptop- Sun Jan 13 17:41          (04:19)
root     tty1                          Sun Jan 13 00:23 - crash  (17:18)
sergon   :0                            Sat Jan 12 23:56 - 00:48  (00:52)
reboot   system boot  2.6.22.9-laptop- Sat Jan 12 23:55          (22:05)
sergon   :0                            Sat Jan 12 19:35 - down   (00:57)
reboot   system boot  2.6.22.9-laptop- Sat Jan 12 19:34          (00:59)
sergon   :0                            Sat Jan 12 17:41 - down   (01:16)
reboot   system boot  2.6.22.9-laptop- Sat Jan 12 17:40          (01:17)
sergon   :0                            Sat Jan 12 08:15 - 12:41  (04:25)
reboot   system boot  2.6.22.9-laptop- Sat Jan 12 08:15          (04:26)
sergon   :0                            Fri Jan 11 22:11 - crash  (10:03)
reboot   system boot  2.6.22.9-laptop- Fri Jan 11 21:49          (14:51)
sergon   :0                            Thu Jan 10 22:12 - 22:36  (00:23)
reboot   system boot  2.6.22.9-laptop- Thu Jan 10 22:11          (00:24)

Podemos ver que usuario se logueó, en que terminal, día, fecha y hora, a que hora terminó o si continua logueado (still logged in). Es posible también conocer por ejemplo en las líneas que dice 'crash' que el sistema no se apagó adecuadamente.

#> lastb
# lastb
pedro    192.168.0.10                  Sun Jan 13 22:04 - 22:04  (00:00)
root     tty2                          Sun Jan 13 21:20 - 21:20  (00:00)

Con lastb obtenemos los intentos de logueo que fracasaron. Por ejemplo, en un sistema real en producción donde no existiera el usuario 'pedro' resultaría obvio que alguien esta tratando de obtener acceso remoto, adivinando usuario:contraseña. Deberías preocuparte enormemente y tomar acción, si en el listado de last observas un logueo de root u otro usuario que tu como administrador sepas no debió entrar al sistema en esas fechas u horas, o peor aun que se trata de tu ¡¡usuario!! y no habías ingresado previamente. Con seguridad significa que ya te hackearon tu sistema o consiguieron tu contraseña.

dmesg

Parte del servidor de mensajes del sistema syslog, dmesg es principalmente usado para mostrar los mensajes que se mostraron en pantalla cuando se inicio (boot) el sistema. Se usa sobretodo para realizar depuraciones al sistema de como se están cargando los diversos módulos y componentes al arranque del sistema o ya en ejecución. Debido a lo extenso del sistema, es conveniente redireccionar la salida a un archivo:

#> dmesg > mensajes

Con less o cat o en tu editor favorito puedes con calma analizar el archivo.

ps

El comando por excelencia para mostrar información de procesos, en este artículo de LinuxTotal.com.mx se encuentra una amplia explicación de este comando y otros usados para la administración de procesos.

Este artículo seguirá creciendo de vez en cuando con nueva información sobre comandos que regresan datos valiosos del sistema, asi que chécalo de tiempo en tiempo.

AÑADIR ESTA PÁGINA A MIS FAVORITOS

publicado o modificado el: 2008-01-13

Otros artículos de LinuxTotal.com.mx:

• Verificar Linux contra rootkits con rkhunter y chkrootkit
• Manual básico de CRON
• Entendiendo la demanda SCO vs. IBM
• Crear un log propio para iptables
• Como cerrar conexiones de ssh

• Subir
• Inicio
• Información
• Servicios
• Noticias y Enlaces
• Contacto

The Linux® technology, development model, and community have all been game-changing influences on the IT industry, and all we can really do is stand back and look at it all, happy to have been along for the ride for developerWorks' first 10 years. The Linux zone team has put together this greatly abbreviated collection of things that stand out in our minds as having rocked the world of Linux in a significant way.

CONTENT GOES HERE

-->

Much too much has happened with Linux in the last 10 years to do anything like a complete job of listing the important events and technological advances surrounding this operating system. But nevertheless, in celebration of our 10th birthday, the Linux zone team looks back and presents to you some major milestones, why they matter, and what we wrote about them. Please to enjoy.

Be sure to check out the developerWorks 10th birthday page to see what else is going on across the site, including a timeline of developerWorks events over the last 10 years.

1. Linux Professional Institute certification

In 2000, LPI announced the availability of test 1a, the first exam in its new Linux administrator certification program, a program that now consists of seven tests across three certification levels. developerWorks published its first series of LPI exam-prep tutorials by Daniel Robbins in 2002, and we've kept up with it ever since.

Why it matters: You can argue about the value of certifications, but the fact that employers were looking for a consistent measure of Linux expertise was one of many signs that Linux had arrived.

What we've written about it:

• LPI exam prep tutorials
• Roadmap for LPIC-1

Back to top

2. Samba

Andrew Tridgell's Samba on Linux predates developerWorks by a good five or six years, but his implementation of Microsoft's Server Message Block (SMB) protocol is such an important component of mixed networks everywhere that we really didn't feel right not including it here.

Why it matters: In many companies, Linux snuck in as a Web server, firewall, e-mail server, or other specialized appliance. Why not try hiding in plain sight as a Windows® file and print server? Linux plays well with others, and this is proof.

What we've written about it:

• "Interview with Andrew Tridgell: Taking Samba beyond POSIX"
• "Common threads: Samba domain controller support"
• "Common threads: Inside Samba 2.2"
• "Linux-powered networking, Part 3: Integrate Linux and Windows with Samba"

Back to top

3. Linux on S/390

"One box, one operating system" no longer applied to Linux when it arrived on the S/390® mainframe in early 2000.

Why it matters: You can now run numerous virtual Linux instances at once, distributing your costs across multiple application sessions running on a single piece of hardware. Plus, your Linux expertise now scales as well as your applications.

What we've written about it:

• Linux on System z
• "Five network/system tricks for Linux on System z"

Back to top

4. SELinux

Released under the GPL by the US National Security Agency in early 2001 and merged into the kernel since 2.6.0, Security Enhanced Linux provides support for a number of access control policy models, such as mandatory access control and role-based access control.

Why it matters: Although not the simplest thing to use, SELinux brings an additional level of security to Linux for installations for which discretionary access control is not enough. And there's something sort of cool about the NSA giving technology away.

What we've written about it:

• "Anatomy of Security-Enhanced Linux"
• "SELinux from scratch"
• "Role-based access control in SELinux"
• "Secure Linux containers cookbook"

Back to top

5. Linux LiveCDs

A LiveCD lets you boot Linux on a machine without actually installing anything on the hard drive—Linux boots from the CD or DVD and lives in RAM while running. Many distributions have LiveCD versions, and there are a number of LiveCD distributions created for specific tasks, such as system diagnosis and recovery.

Why it matters: Your favorite Linux distribution can generally be assumed not to be installed on any given machine, so for demos, trial software, the aforementioned diagnostic purposes, or just to show off Linux to a Windows user, having a self-contained disk that you can pop in and boot from is an invaluable tool.

What we've written about it:

• "Spin up a Linux LiveCD"
• "Build a Fedora LiveCD"
• "Knoppix gives bootable, one-disk Linux"
• "System recovery with Knoppix"
• "Assess system security using a Linux LiveCD"
• "Restore compromised systems with diagnostics LiveCDs"

Back to top

6. Linux clusters

Linux users early on started chaining multiple boxes together to provide more fault tolerance or better performance. Beowulf, for one, was an important early architecture for multi-machine parallel computations. There's even a load-balancing cluster LiveCD, ClusterKnoppix.

Why it matters: Cluster computing is supercomputing (or fault tolerance) for everyone, using free software and commodity hardware to achieve what only specialized, expensive systems could do before.

What we've written about it:

• "Beowulf clusters: e pluribus unum"
• "High-performance Linux clustering, Part 1: Clustering fundamentals"
• "High performance Linux clustering, Part 2: Build a working cluster"
• "Craft a load-balancing cluster with ClusterKnoppix"

Back to top

7. Linux supercomputing

Of course, tightly coupled, multi-core systems will always outperform networked boxes. Blue Gene®/L and the now Blue Gene/P running Linux are setting records in the most compute-intensive technical and scientific workload environments.

Why it matters: Besides the gee-whiz value of running the fastest computers on Earth, advanced techniques and standards for multiprocessing environments are flowing back to the rest of us for business computing.

What we've written about it:

• "Protein modeling with Blue Gene/L"

Back to top

8. Linux on Playstation

Sony has allowed and even encouraged the installation of Linux on its game consoles, and for developers interested in exploring Cell/B.E. programming, the PS3 is an accessible option.

Why it matters: Linux on the Playstation makes a fine computer and all, but frankly, in the greater scheme of things, we're not sure it changes the Linux landscape all that much. Consider this a subversive high-five to all the hackers out there who try things like this just because you can™.

What we've written about it:

• "Programming high-performance applications on the Cell BE processor, Part 1: An introduction to Linux on the PLAYSTATION 3"
• "Programming high-performance applications on the Cell BE processor, Part 2: Program the synergistic processing elements of the Sony PLAYSTATION 3"
• "Programming high-performance applications on the Cell BE processor, Part 3: Meet the synergistic processing unit"
• "Programming high-performance applications on the Cell BE processor, Part 4: Program the SPU for performance"
• "PS3 fab-to-lab, Part 1: Build Linux lab equipment from a Sony PLAYSTATION 3"
• "PS3 fab-to-lab, Part 2: Generating and analyzing signals"

Back to top

9. Virtualization

Virtualization allows one or more guest operating systems to run on top of another operating system that acts as the host. The 2.6.20 kernel was the first to include the Kernel Virtual Machine (KVM), but Xen, User-Mode Linux, QEMU, VMware, and other virtualization technologies are important as well.

Why it matters: Virtualization is a necessary ingredient of many cloud architectures. For developers, virtualization can be a good way to create a nice, safe sandbox for testing.

What we've written about it:

• "Virtual Linux"
• "Discover the Linux Kernel Virtual Machine"
• "Build virtual appliances using the OVF Toolkit"
• "A moment of Xen: Virtualize Linux to test your apps"
• "System emulation with QEMU"
• "Virtualization with coLinux"

Back to top

10. One Laptop Per Child

Announced in 2005, the OLPC project was created to provide low-cost, durable, connected computers to underprivileged children around the world. As much about the user interface as the hardware, the Linux-based Sugar operating environment is designed to encourage exploring and expressing rather than focusing on traditional productivity tools.

Why it matters: It's a nice idea. It also represents a shift away from exposing Linux's traditional user interface(s), to instead employing purpose-driven UIs that overlie and conceal the gory details of the operating system. Linux might win on the desktop by simply hiding the fact that it's there.

What we've written about it:

• "Sugar, the XO laptop, and One Laptop per Child"
• "Application development for the OLPC laptop"
• "Desktop development for the OLPC laptop"

CONTENT GOES HERE

-->

Back to top