In truth, some accounts are actually hacked by viruses, but that’s a subject I’ve already handled.

So what are we to do? The good news is there’s an easy process to protect your accounts:

1. Never use the same password for more than one site
2. Use passwords that contain upper and lowercase letters, numbers and symbols
3. Use the above in a random fashion
4. Never type your password on a computer that has any possibility of infection

There, now that you know what you need to do, practice safe computing and have a nice day.

What? That’s too hard? You can’t remember T$d63Fes% as a password? Thankfully, there’s an easier solution – use a password manager.

Password managers have been around for as long as there have been passwords. My first was a little black book that got washed one too many times. My second was a Palm Pilot, that I lost, and that probably got washed too. Fortunately, today’s solutions don’t risk the possibility of loss or accidentally getting washed. There are many to choose from, but the one I want to detail today is from Lastpass.com.

Lastpass is a browser plug-in for Firefox and Microsoft browsers. By default, it replaces the insecure (yes, they are) password managers built-in to those browsers. Your passwords are actually saved on the Lastpass servers, freeing you from the possibility of losing all your passwords because of a computer failure. I know what you’re thinking – “But that gives somebody else my information!” Actually, no. Before any of your passwords are sent to Lastpass, they are encrypted with your master password. Lastpass uses 256-bit AES encryption which is as good (or better in most cases) as the federal government uses. Maybe that’s a bad example. How about “Its what geeks use.” There, that’s better.

There’s a whole lot of techno-babble I could detail and explain, but suffice it to say that Lastpass gives you secure access to really secure passwords. I’m not going to explain how to install it either, find out at their website.

The real beauty of Lastpass is the password generator, which will give you all of the requirements above. When you use the password generator, you can pretty much guarantee you have a secure password. The design of passwords is customizable for websites that support one style of password but not another (upper/lowercase OK, symbols not OK).

Since Lastpass stores EjaJ9LQ$z%Y^ for you, you don’t have to remember it. Simply visit the site you want and Lastpass will automatically fill in your username and password for you (HINT: If it doesn’t automatically fill in your password, press ALT-PGUP which is the key combination to cycle through all passwords for that site).

You’ll still need to go back through sites and generate new passwords to be secure, but Lastpass should automatically detect the password change and prompt you to save it.

“But, what about when I’m not on my PC?”

The lastpass.com website allows you to login and access your passwords from any PC, also granting you the ability to sign-in to a website directly from lastpass.com without ever typing anything.

Lastly, if you don’t trust the PC you’re using – maybe a internet cafe or hotel computer – you can use one-time passwords. These passwords are exactly what they sound like – they allow you to login one time with that password. So, even if somehow, someone captures your password, its useless once you’ve used it. Of course, you do have to set these up in advance.

There really is no excuse for bad passwords anymore. With the Lastpass plug-in and the lastpass.com website, you have secure password management, offsite storage and one-time use protection when you’re not at your PC.

Just remember to use a secure password for your Lastpass password. By the way, Bible verses make excellent passwords (Ephesians6:7, 1Corithians13:4-8).

If you’ve never heard of Mondo, I’m not surprised. Mondo is a Linux backup program designed to be reliable, easy and comprehensive – which all backup suites should be. Here are some excerpts from the about page:

… backs up your GNU/Linux server or workstation to tape, CD-R, CD-RW, DVD-R[W], DVD+R[W], NFS or hard disk partition. … you will be able to restore all of your data, from bare metal if necessary. Mondo is in use by Lockheed-Martin, Nortel Networks, Siemens, HP, IBM, NASA’s JPL, the US Dept of Agriculture, …

Mondo supports LVM 1/2, RAID, ext2, ext3, JFS, XFS, ReiserFS, VFAT, UFS, and can support additional filesystems easily: … software raid as well as most hardware raid controllers. … Mondo runs on all major Linux distributions … You may even use it to backup non-Linux partitions, such as NTFS.

Mondo is free! It has been published under the GPL v2 (GNU Public License), …

A few of things you might have noticed there:

1. Mondo is a Linux backup program. I stated this before, but I want to make sure all the Windows users out there know what they’re missing. You can use Mondo to backup a Windows-only workstation, but that’s another post too.
2. Large companies (probably larger than you deal with) use this software. You probably don’t have the resources to test every configuration that you’ll run into, but they most likely have.
3. This is FREE software. Everyone will know before long that I’m a huge proponent of free software. Best of all, should you need commercial support, it’s there!

Now, let’s get started.

I’m going to assume your distribution already has Mondo in their repositories or that you already know how to download and install a package. If not, maybe I’ll cover that in another post. I’ll also assume that you can read documentation and that you can figure out the command-line options for Mondo. The intention of this post is to help you automate Mondo so you can use it for a daily backup.

My particular need of this solution came at the time a client’s 10/20 Travan drive failed, and the purchase of a new one combined with maintenance of tapes was more than finding a modern solution. I had used Mondo once before to backup up my own personal system before moving to a larger drive, so I had some experience with it.

I know very little about BASH scripting, just enough to get myself in trouble, so if there are huge glaring errors in my script, feel free to point them out in the comments and I will feel free to ignore them as I rewrite the script in Perl. I called my script makemondobackup; inventive I know.

#!/bin/bash

#Setup some static variables
DATABASE=/etc/mondo/database
MNT_POINT=/backup
SCRIPT=”MMBK”
TMPDIR=/tmp/makemondo.$RANDOM

#Functions
function logOut() {
echo -n $SCRIPT” ”
echo -n $(date +%H%M%S)”: ”
echo $1
}

# Check for the old log. I don’t think it appends, but why take the chance.
if [ -f /var/log/mondo-archive.log ]; then
logOut “Deleteing old mondo-archive.log”
rm -f /var/log/mondo-archive.log
else
logOut “Old mondo-archive.log does not exist”
fi

# Mount the drive if not mounted.
MNT_INFO=$(mount | awk -v mnt=$MNT_POINT ‘{ if ($3 == mnt) print $0 }’)
#’ To fix sysntax coloring in mc
if [ "$MNT_INFO" == "" ]; then
logOut “/backup Not Mounted”
mount /dev/sda1 /backup
else
logOut “/backup Mounted”
fi
MNT_INFO=$(mount | awk -v mnt=$MNT_POINT ‘{ if ($3 == mnt) print $0 }’)
#’ To fix sysntax coloring again in mc
if [ "$MNT_INFO" == "" ]; then
logOut “/backup Still Not Mounted. Something went wrong.”
exit
fi

# What backup device are we using?
VOLUME=`ls $MNT_POINT | grep -i “Volume_”`

#logrotate -f /etc/mondo/mondologrotate
# Count the number of previous backups on the drive, looking for directories beg
inning with “20″
MYBACKUPS=(`ls $MNT_POINT | grep “^20″ | sort`)
logOut “I found ${#MYBACKUPS[*]} backups”
while [ ${#MYBACKUPS[@]} -gt 6 ]; do
logOut “Too many backups, deleting oldest ${MYBACKUPS[0]}”
rm -rf /backup/${MYBACKUPS[0]}
# sed ‘/${MYBACKUPS[0]}/ d’ > “$DATABASE.tmp”
grep -v ${MYBACKUPS[0]} $DATABASE > “$DATABASE.tmp”
mv -f $DATABASE “$DATABASE.bak”
mv -f “$DATABASE.tmp” $DATABASE
MYBACKUPS=(`ls $MNT_POINT | grep “^2″ | sort`)
done

# Name for backup folder
DATE=$(date +%Y%m%d-%H%M%S)
# Create the temp and backup directories
logOut “Creating $TMPDIR”
mkdir $TMPDIR
logOut “Creating /backup/$DATE”
mkdir /backup/$DATE

# Actual mondoarchive command
# -Oi = create iso files
# -d = where to backup to
# -E = Exclude these directories
# -S -T = Temp dirs
# -p = prefix for iso files
# -0 = compression level [0-9]
# -F = do not write floppy images
CMDTORUN=”mondoarchive -Oi -d /backup/$DATE -E /backup -S $TMPDIR -T $TMPDIR -0
-F -p $HOSTNAME”
logOut “Executing: $CMDTORUN”
touch /backup/$DATE/mondo-run.log
$CMDTORUN 2>&1 > /backup/$DATE/mondo-run.log

# Check the exit code to see if everything went OK
if [ "$?" -ne "0" ]; then
logOut “We didn’t exit correctly. Not cleaning up $TMPDIR.”
else
logOut “Good exit. Cleaning up $TMPDIR.”
rm -rf $TMPDIR
logOut “Adding $DATE $VOLUME backup to $DATABASE”
#Write the backup info to the database
echo “$DATE $VOLUME” >> $DATABASE
fi

# Finally copy the backup script and other necessities
mkdir /backup/$DATE/etc
cp -rf /etc/mondo/* /backup/$DATE/etc
mkdir /backup/$DATE/images
cp -rf /root/images/* /backup/$DATE/images
cp /var/log/mondo-archive.log /backup/$DATE

# Email the report. Don’t need to do this now.
#mailx -s “server-$DATE” nunya@biznes.com < /backup/$DATE/mondo-archive.log

#Unmount the drive
umount /backup

My script requires a few things to be setup that the next version will automatically take care of. First, we expect the external drive to be sda1; if this is different on your system, change the mount line. Second, we expect each external drive to have a “label” (a file indicating what Volume number it is), so you have to label each drive by hand. Third, I expect you are allowing Mindi (Mondo’s cousin) to run so that we have bootable CD images that are copied to the backup. I can’t imagine why you wouldn’t, but people do odd things. Fourth, the file database must be created as the script will probably crash horribly without it. Lastly, everything should be placed in /etc/mondo as that was the arbitrary place I decided they should go.

The script takes care of mounting the drive (if it’s not already mounted), creating the backup directory on the external drive, running mondoarchive (the actual Mondo backup command), cleaning up after and unmounting the drive so the someone can change them out. It also copies the log file if everything went ok, and leaves it where it is, if it didn’t. I’ve left my numerous comments in, hopefully they help you understand my original design.

I run the script using a single cronjob, saved in /etc/cron.d and called mondo, detailed here:

# Regular cron job for backup

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Every day at 7:30p
0 19 * * 1-5 root test -x /etc/mondo/makemondobackup && /etc/mondo/makemondobackup | mailx -s “Backup Run Log” nunya@biznes.com
#

Obviously, you want to change the email address for the logs to go to; poor Nunya has enough logs to read on his own. Don’t forget an empty line at the end of your cronjob. You will spend many hours trying to figure out why you script doesn’t run.

If you are monitoring backups for your clients, check your logs every morning. If you didn’t get a log, find out why. I recently picked up a client whose previous consultant let them get 30 days behind on backups. They didn’t find out until they had a drive failure. It is going to happen. Drive failure is a “when”, not an “if.” Your clients will respect you so much more if they can recover quickly.

I love Linux for the simple fact that anything difficult can be made simple. I have run about three months of backups using this script and test about every other week. I have had yet to have a backup fail or fail to restore.

My hope is that this script and Mondo can help you automate those servers that aren’t getting regular backups; there are far too many of them out there. External drives are cheap folks, make your backups.