In truth, some accounts are actually hacked by viruses, but that’s a subject I’ve already handled.

So what are we to do? The good news is there’s an easy process to protect your accounts:

1. Never use the same password for more than one site
2. Use passwords that contain upper and lowercase letters, numbers and symbols
3. Use the above in a random fashion
4. Never type your password on a computer that has any possibility of infection

There, now that you know what you need to do, practice safe computing and have a nice day.

What? That’s too hard? You can’t remember T$d63Fes% as a password? Thankfully, there’s an easier solution – use a password manager.

Password managers have been around for as long as there have been passwords. My first was a little black book that got washed one too many times. My second was a Palm Pilot, that I lost, and that probably got washed too. Fortunately, today’s solutions don’t risk the possibility of loss or accidentally getting washed. There are many to choose from, but the one I want to detail today is from Lastpass.com.

Lastpass is a browser plug-in for Firefox and Microsoft browsers. By default, it replaces the insecure (yes, they are) password managers built-in to those browsers. Your passwords are actually saved on the Lastpass servers, freeing you from the possibility of losing all your passwords because of a computer failure. I know what you’re thinking – “But that gives somebody else my information!” Actually, no. Before any of your passwords are sent to Lastpass, they are encrypted with your master password. Lastpass uses 256-bit AES encryption which is as good (or better in most cases) as the federal government uses. Maybe that’s a bad example. How about “Its what geeks use.” There, that’s better.

There’s a whole lot of techno-babble I could detail and explain, but suffice it to say that Lastpass gives you secure access to really secure passwords. I’m not going to explain how to install it either, find out at their website.

The real beauty of Lastpass is the password generator, which will give you all of the requirements above. When you use the password generator, you can pretty much guarantee you have a secure password. The design of passwords is customizable for websites that support one style of password but not another (upper/lowercase OK, symbols not OK).

Since Lastpass stores EjaJ9LQ$z%Y^ for you, you don’t have to remember it. Simply visit the site you want and Lastpass will automatically fill in your username and password for you (HINT: If it doesn’t automatically fill in your password, press ALT-PGUP which is the key combination to cycle through all passwords for that site).

You’ll still need to go back through sites and generate new passwords to be secure, but Lastpass should automatically detect the password change and prompt you to save it.

“But, what about when I’m not on my PC?”

The lastpass.com website allows you to login and access your passwords from any PC, also granting you the ability to sign-in to a website directly from lastpass.com without ever typing anything.

Lastly, if you don’t trust the PC you’re using – maybe a internet cafe or hotel computer – you can use one-time passwords. These passwords are exactly what they sound like – they allow you to login one time with that password. So, even if somehow, someone captures your password, its useless once you’ve used it. Of course, you do have to set these up in advance.

There really is no excuse for bad passwords anymore. With the Lastpass plug-in and the lastpass.com website, you have secure password management, offsite storage and one-time use protection when you’re not at your PC.

Just remember to use a secure password for your Lastpass password. By the way, Bible verses make excellent passwords (Ephesians6:7, 1Corithians13:4-8).

First, everything on this page should be done at least once a month. However, it may be necessary to perform these steps more often if you have problems with your PC often. Power outages should be mitigated through the use of a UPS (Uninterruptable Power Supply) as not shutting down your PC correctly is a major cause of filesystem corruption.

Filesystem Check
Key to any Operating System (OS) is the underlying filesystem. A filesystem is the structure of how files are arranged in the media (hard disk, flash drive, CD, even floppy!). If the filesystem becomes corrupted the OS may not know where to retrieve files from or files may be destroyed.

Every OS has a way to check the filesystem. I’m concentrating on Windows because the vast majority of American businesses use this as their desktop OS. If you’re using XP, you’ll need to login as an Administrator (because you’re not using that account for daily activities, are you?). Vista users should be prompted to enter the Administrator password when necessary. Other than that, the procedure is the same.

Open “My Computer.” Most computers will have one hard drive usually labeled as “C:”. Right-click on the C: drive and choose “Properties”. Select the “Tools” tab and click the “Check Now” button. If you’re using Vista, the OS will prompt you for the Administrator password. On the “Check Local Disk Options” dialog, make sure “Automatically fix file system errors” is checked. Do not check “Scan for and attempt recovery of bad sectors” unless you suspect you have a hard drive problem and are willing to wait for the OS to scan every bit of the media – which can take a very long time. Windows will tell you that it can not check the drive at the current time and ask you if it may schedule the check the next time you start the computer. Obviously, you want to say yes. Then reboot the computer. Windows will check the drive on startup, usually giving you the option to abort the check by pressing a key – don’t.

The results of the check may scroll by quickly and they won’t mean a whole lot to most people. If you really want to see what Windows found, you can check in the Event Viewer. We get to the Event Viewer by clicking “My Computer” then “Control Panel” then “Administrative Tools” and finally “Event Viewer.” Once again, you will need to login as an Administrator under XP. Vista will not prompt you this time. Inside the Event Viewer, Choose “Application” (under Vista, choose “Windows Logs” first). We’re looking for the topmost entry with a source of “Winlogon” for XP, and “Wininit” for Vista. The contents of this entry is really outside the scope of this article and I couldn’t find a good resource to explain them, so maybe I’ll write a future article on them.

Clean Temporary Files

Thankfully, Windows has made it easier to cleanup unnecessary files on your drives. Under Windows XP and Vista the process is very similar. From “Start” choose “Accessories,” then “System Tools,” and “Disk Cleanup.” As usual, under XP, you need to run as an Administrator. Under Vista, you will be asked whether you want to clean up “My files only” or “Files from all users on this computer.” If you choose the latter, you’ll be prompted to enter the Administrator’s password. We’re only going to be concerned with the primary drive, choose “C:” from the drop down list if it is not already selected and click “OK.” The program will run for a minute or so, scanning for files that can safely be removed. Everything presented in the next list is safe to select, although “Compress Old Files” will cause those files to be accessed more slowly, which may cause performance issues, so I don’t recommend it. Click “OK” and reclaim some disk space.

Although Disk Cleanup does a fair job of cleaning up unnecessary files, I have found some files to be left behind. If you aren’t scared of looking into the internals of Windows, open “My Computer” and type “%TEMP%”, without the quotes, in the address bar, then press enter. You will be taken to your user account temporary files. Make sure you have no programs open when you delete these. Vista will give you the option to skip undeleteable files, whereas XP will fail the command. If it does, select the others and continue deleting.

Defragment

This is probably the easiest step of the exercise. Disk Defragmenter can be found under “Accessories”, “System Tools.” And you’re probably familiar with the fact that you need to run this as an Administrator or be prompted for a password. Once you’re in the application all you need to do is press “Defragment now” on Vista, or simply “Defragment” on XP. Vista will continue to defragment even if you close the application (unless you restart), whereas XP will not. Vista also gains the ability to schedule defragmentation, but I find most PCs are not on when it wants to run, and you shouldn’t defragment while you’re working.

I suggest that if this is your first time running the Disk Defragmenter, that you prepare to let it run all night. I also recommend not working while it is running as other applications you run will suffer a performance penalty and defragmentation will not be as complete as it could be. Successive runs should not take as long and PC performance should increase (though not necessarily enough to see). Either way, this is an important step in the health of your PC.

Conclusion

PC Maintenance is much much more than starting a few programs and pressing a few buttons. Its an important part of maintaining the value of your equipment purchase. If you are a home user, this guide will get you by well enough, but if you are a business user, make sure you seek the advice and assitance of a competant technology company in your area.

I was at a client’s office the other day when I noticed an error message pop-up on the receptionist’s desktop. Before I could even get a look at it, she clicked “OK” and the message disappeared. I asked her what that was and she said “I don’t know. Stuff like that comes up all the time. I just click ‘OK’.” Needless to say, I was not amused that this apparently had been going on for sometime and that I had not been notified about it. She responded that her PC at home does the same thing, she just thought it was normal.

Messages from your PC mean something. Sometimes they indicate a problem, sometimes they just notify you of what’s going on in your PC. In the case above, the dialog message she received was warning her that that the hard drive (where all you data is actually stored) was beginning to fail, of course it wasn’t in plain English so she didn’t know that. My point is, to simply dismiss a dialog without reading the content can be extremely dangerous.

Another case of “click fiendery” came in the form of a user running as an administrator, who answered “yes” or “OK” to seemingly every message he received from the Internet. This included ads from webpages that told him “You may have a virus. Click here to check.” This action installed malicious software (a virus) that then pestered him continually with pornography and ads on how to remove the offensive software, for a price. His excuse was that he was just tired of having to answer dialog boxes all the time. Just so you know, he was running anti-virus software already, but even that won’t prevent every bad thing that can happen to your PC.

The problem has gotten so bad that studies are being conducted to see just how gullible the average user is. You can bet your spyware and virus writers will be happy to get that information.

Unfortunately, it seems that the dialog box is overused in today’s programs. Even I myself, fail to understand why, when installing the latest large software company’s product, I have to answer questions repeatedly during the install. One would think that all the questions about where and what to install could go at the beginning of the install. So we become perturbed, and we click wildly to get the dialogs to go away so we can get back to our work. I understand your frustration, I really do.

The solution though is quite simple. SLOW DOWN. Easy for me to say, I’m not on a deadline right now. But the truth is, it’s become necessary for us to take a moment and actually READ the message we’re being given, then to apply some common sense to it.

YOU MAY HAVE A VIRUS. CLICK HERE TO CHECK. “Do I already have anti-virus software? Does this look like my anti-virus message?”

THE DEVICE DISKS/HARDDISK0 HAS ENCOUNTERED A HARD ERROR AND DATA WAS LOST “What data was lost? Is my stuff backed up? Maybe I should call someone who knows what this means.”

So the next time you ‘re presented with a dialog box and a message you weren’t expecting, take the time to read and understand it, or you may find yourself with plenty of time to think about it while your PC is getting repaired.

Every once in awhile, I will come across someone who insists on not running anti-virus software because “it slows down my PC.”

Although I will agree that anti-virus software does slow down a PC significantly, in my opinion, the benefits to an Internet-connected Windows PC outweigh the performance loss.

To be completely fair though, I do not advocate the use of “everything” security packages. The vast majority of these seem intent on locking down your PC so tight, no one – including you – can use it. These security packages tend to include a lot of software I find redundant and unnecessary, such as:

• Firewall – Both Windows XP and Vista come with perfectly adequate firewalls for the normal home user. In fact, most home users don’t even need a firewall on their PCs, because most are protected by a gateway device using NAT. As for business users, your network administrator should have a hardware-based solution, if not, call me.
• SPAM protection – In order to filter the SPAM form your mail, these packages must download it first. If you have to download it anyway, what’s the point? The idea is to prevent it from ever hitting the inbox. Most Internet Service Providers (ISPs) and hosting providers have server-based tools to allow you to prevent the junk from getting to your box, as well as providing you a way to check the junk folder for anything useful that might have slipped in there. If your hosting provider isn’t filtering or your ISP doesn’t offer filtering, it’s time to find a new one.
• Spyware/Adware protection – these types of programs are usually downloaded on impulse. That new screensaver or weather program looks so neat you just have to install it. A day later, you’re wondering why you have pop-ups for Viagra all of the sudden. Dealing with these problems is an as-occurs situation and precious system resources shouldn’t be expended looking for Potentially Unwanted Programs (PUPs) all the time. Spybot – Search & Destroy is an excellent, free program just for this purpose.
• Identity protection/Antiphishing/Backup/Web Protection – I lump all this together, because I don’t believe any of these products should be coming from your anti-virus vendor. I like the idea of my anti-virus programmer concentrating on how to keep viruses out of my machine, not on how to protect me from my own stupidity. “Do one thing, and do it well,” is part of the Unix philosophy, but it applies to any program. There are plenty of free products out to handle these issues and if you really wan to pay for them that bad, I’m sure someone will sell you a program to do one of the above.

Back to the task at hand. For home users, there are several high-quality, free, anti-virus solutions. Did I mention, they’re free? Yes, AVG is just one (and my preferred) of the many anti-virus companies that has figured out that home users are the number one source of virus infections, and that if they eliminate the home user threat, the likely-hood of a paying business customer becoming infected goes down dramatically. Now you’re not going to get advanced features like scan scheduling and multiple updates, but do you really care? No, you just know you need to be protected. So do it.

If you’re a business user, please do not install any of the free anti-virus products on your business PCs. None of them I’ve looked at make allowances for business use and for good reason. If they give away their best product, how are they going to be in business to provide you with updates? Business class programs come with advanced features you’ll probably want anyway, such as: centralized administration, email notification, custom scan settings, etc. The features are vital for keeping your business PCs in top shape.

One final note, if you’ve ever spent a single day down because of a virus, you probably lost more money that day than you would have spent on anti-virus software for your entire office. If you need a quote, please call. I’ll be happy to get you a quote to fit your needs, free of charge, complete with contact information, so you can buy direct from the vendor.

RUN AS AN ADMINISTRATOR

Back in the days of DOS (and up to Windows ME), if you used the Windows operating system, you ran with administrative privileges. Since the advent of Windows 2000, users have been given the choice to run their PCs with limited user accounts that are not allowed to change system files.

However, the average user today still performs his or her daily activity using an account with administrative privileges. This is the single biggest mistake people make using PCs today.

“So what. What’s the real danger?” you say.

Lets start with simple facts. (1.) A limited user account is exactly what it says it is – an account with no rights to change critical system files. This means that a limited user can’t change or delete files that would cause the PC to crash or otherwise become unusable. (2.) An administrative account can change system files, basically doing anything they want to do, including deleting or changing files that could cause the PC to become unstable. (3.) Any website you visit, any program you run, any file you open at all – has the same rights as you do.

“But, I don’t go to websites that would harm me and I’m not going to download anything harmful to my PC,” you say.

Wrong. According to Google, 1 in every 1000 websites is infected with malicious software. These aren’t sleazy websites either:

In the past year the Web sites of Al Gore’s “An Inconvenient Truth” movie and the Miami Dolphins were hacked, and the MySpace profile of Alicia Keys was used to attack visitors.

The point is that the web isn’t safe and that cute little game you just downloaded is possibly feeding your credit card numbers to the web right now. I’m not trying to be dramatic, I’m trying to wake you up.

So what can you do? First, make the decision to commit to a process to keep you and your PC safe. If you won’t do that, nothing I say here will make a difference. Second, create a single administrative account with a password (accounts without passwords might as well be open doors, anyone can walk through), call it something that designates the impotance, such as Installer or Admin. Third, login with the administrative account and change the account type of all other accounts to limited. Fourth, only login to the administrative account to install software, updates or perform other administrative tasks (defragment, spyware scans, etc.). Finally, never, I mean NEVER, surf the Internet, read mail or do any daily work in the administrative account.

I can hear the whining already, “but, now I have to do a whole bunch of logging off/logging on just to install software.” Yes, you do and that’s part of the point, to make it more difficult for software to be changed on your PC. Remember, if you can’t do it on your account, neither can viruses, spyware and adware.

Lastly, this is not the end of the process. Simply changing account types won’t prevent a malicious website from putting something on your PC. Your user account can still be infected, but at least this way your PC will most likely be safe, and you have an administrative account to help clean it out if necessary.

We are fortunate, in this country, to have an abundance of things to occupy our time. I could:

• Watch TV
• Play video games
• Enjoy any of the thousands of modern conveniences available today

Some of which I do occasionally. However more often than now, I end up

• Working out
• Researching new technologies
• Maintenance on the in-house servers
• Write a blog entry

Seldom, but I’m learning to make it more often, I simply take the time to simply enjoy God’s creation. I spend time in his Word. Or literally watch my garden grow at His hand.

There are many who would say that time should not be wasted; that time unspent at work is lost and never to be recovered. A few short years ago, I would have agreed. But some time ago, I realized that life already moves at too fast a pace than I am comfortable with everyday.

We are entrenched in technology. It integrates into every facet of our lives. Take a little time every now and then to unplug or eventually you’ll burn out.

If you’ve never heard of Mondo, I’m not surprised. Mondo is a Linux backup program designed to be reliable, easy and comprehensive – which all backup suites should be. Here are some excerpts from the about page:

… backs up your GNU/Linux server or workstation to tape, CD-R, CD-RW, DVD-R[W], DVD+R[W], NFS or hard disk partition. … you will be able to restore all of your data, from bare metal if necessary. Mondo is in use by Lockheed-Martin, Nortel Networks, Siemens, HP, IBM, NASA’s JPL, the US Dept of Agriculture, …

Mondo supports LVM 1/2, RAID, ext2, ext3, JFS, XFS, ReiserFS, VFAT, UFS, and can support additional filesystems easily: … software raid as well as most hardware raid controllers. … Mondo runs on all major Linux distributions … You may even use it to backup non-Linux partitions, such as NTFS.

Mondo is free! It has been published under the GPL v2 (GNU Public License), …

A few of things you might have noticed there:

1. Mondo is a Linux backup program. I stated this before, but I want to make sure all the Windows users out there know what they’re missing. You can use Mondo to backup a Windows-only workstation, but that’s another post too.
2. Large companies (probably larger than you deal with) use this software. You probably don’t have the resources to test every configuration that you’ll run into, but they most likely have.
3. This is FREE software. Everyone will know before long that I’m a huge proponent of free software. Best of all, should you need commercial support, it’s there!

Now, let’s get started.

I’m going to assume your distribution already has Mondo in their repositories or that you already know how to download and install a package. If not, maybe I’ll cover that in another post. I’ll also assume that you can read documentation and that you can figure out the command-line options for Mondo. The intention of this post is to help you automate Mondo so you can use it for a daily backup.

My particular need of this solution came at the time a client’s 10/20 Travan drive failed, and the purchase of a new one combined with maintenance of tapes was more than finding a modern solution. I had used Mondo once before to backup up my own personal system before moving to a larger drive, so I had some experience with it.

I know very little about BASH scripting, just enough to get myself in trouble, so if there are huge glaring errors in my script, feel free to point them out in the comments and I will feel free to ignore them as I rewrite the script in Perl. I called my script makemondobackup; inventive I know.

#!/bin/bash

#Setup some static variables
DATABASE=/etc/mondo/database
MNT_POINT=/backup
SCRIPT=”MMBK”
TMPDIR=/tmp/makemondo.$RANDOM

#Functions
function logOut() {
echo -n $SCRIPT” ”
echo -n $(date +%H%M%S)”: ”
echo $1
}

# Check for the old log. I don’t think it appends, but why take the chance.
if [ -f /var/log/mondo-archive.log ]; then
logOut “Deleteing old mondo-archive.log”
rm -f /var/log/mondo-archive.log
else
logOut “Old mondo-archive.log does not exist”
fi

# Mount the drive if not mounted.
MNT_INFO=$(mount | awk -v mnt=$MNT_POINT ‘{ if ($3 == mnt) print $0 }’)
#’ To fix sysntax coloring in mc
if [ "$MNT_INFO" == "" ]; then
logOut “/backup Not Mounted”
mount /dev/sda1 /backup
else
logOut “/backup Mounted”
fi
MNT_INFO=$(mount | awk -v mnt=$MNT_POINT ‘{ if ($3 == mnt) print $0 }’)
#’ To fix sysntax coloring again in mc
if [ "$MNT_INFO" == "" ]; then
logOut “/backup Still Not Mounted. Something went wrong.”
exit
fi

# What backup device are we using?
VOLUME=`ls $MNT_POINT | grep -i “Volume_”`

#logrotate -f /etc/mondo/mondologrotate
# Count the number of previous backups on the drive, looking for directories beg
inning with “20″
MYBACKUPS=(`ls $MNT_POINT | grep “^20″ | sort`)
logOut “I found ${#MYBACKUPS[*]} backups”
while [ ${#MYBACKUPS[@]} -gt 6 ]; do
logOut “Too many backups, deleting oldest ${MYBACKUPS[0]}”
rm -rf /backup/${MYBACKUPS[0]}
# sed ‘/${MYBACKUPS[0]}/ d’ > “$DATABASE.tmp”
grep -v ${MYBACKUPS[0]} $DATABASE > “$DATABASE.tmp”
mv -f $DATABASE “$DATABASE.bak”
mv -f “$DATABASE.tmp” $DATABASE
MYBACKUPS=(`ls $MNT_POINT | grep “^2″ | sort`)
done

# Name for backup folder
DATE=$(date +%Y%m%d-%H%M%S)
# Create the temp and backup directories
logOut “Creating $TMPDIR”
mkdir $TMPDIR
logOut “Creating /backup/$DATE”
mkdir /backup/$DATE

# Actual mondoarchive command
# -Oi = create iso files
# -d = where to backup to
# -E = Exclude these directories
# -S -T = Temp dirs
# -p = prefix for iso files
# -0 = compression level [0-9]
# -F = do not write floppy images
CMDTORUN=”mondoarchive -Oi -d /backup/$DATE -E /backup -S $TMPDIR -T $TMPDIR -0
-F -p $HOSTNAME”
logOut “Executing: $CMDTORUN”
touch /backup/$DATE/mondo-run.log
$CMDTORUN 2>&1 > /backup/$DATE/mondo-run.log

# Check the exit code to see if everything went OK
if [ "$?" -ne "0" ]; then
logOut “We didn’t exit correctly. Not cleaning up $TMPDIR.”
else
logOut “Good exit. Cleaning up $TMPDIR.”
rm -rf $TMPDIR
logOut “Adding $DATE $VOLUME backup to $DATABASE”
#Write the backup info to the database
echo “$DATE $VOLUME” >> $DATABASE
fi

# Finally copy the backup script and other necessities
mkdir /backup/$DATE/etc
cp -rf /etc/mondo/* /backup/$DATE/etc
mkdir /backup/$DATE/images
cp -rf /root/images/* /backup/$DATE/images
cp /var/log/mondo-archive.log /backup/$DATE

# Email the report. Don’t need to do this now.
#mailx -s “server-$DATE” nunya@biznes.com < /backup/$DATE/mondo-archive.log

#Unmount the drive
umount /backup

My script requires a few things to be setup that the next version will automatically take care of. First, we expect the external drive to be sda1; if this is different on your system, change the mount line. Second, we expect each external drive to have a “label” (a file indicating what Volume number it is), so you have to label each drive by hand. Third, I expect you are allowing Mindi (Mondo’s cousin) to run so that we have bootable CD images that are copied to the backup. I can’t imagine why you wouldn’t, but people do odd things. Fourth, the file database must be created as the script will probably crash horribly without it. Lastly, everything should be placed in /etc/mondo as that was the arbitrary place I decided they should go.

The script takes care of mounting the drive (if it’s not already mounted), creating the backup directory on the external drive, running mondoarchive (the actual Mondo backup command), cleaning up after and unmounting the drive so the someone can change them out. It also copies the log file if everything went ok, and leaves it where it is, if it didn’t. I’ve left my numerous comments in, hopefully they help you understand my original design.

I run the script using a single cronjob, saved in /etc/cron.d and called mondo, detailed here:

# Regular cron job for backup

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Every day at 7:30p
0 19 * * 1-5 root test -x /etc/mondo/makemondobackup && /etc/mondo/makemondobackup | mailx -s “Backup Run Log” nunya@biznes.com
#

Obviously, you want to change the email address for the logs to go to; poor Nunya has enough logs to read on his own. Don’t forget an empty line at the end of your cronjob. You will spend many hours trying to figure out why you script doesn’t run.

If you are monitoring backups for your clients, check your logs every morning. If you didn’t get a log, find out why. I recently picked up a client whose previous consultant let them get 30 days behind on backups. They didn’t find out until they had a drive failure. It is going to happen. Drive failure is a “when”, not an “if.” Your clients will respect you so much more if they can recover quickly.

I love Linux for the simple fact that anything difficult can be made simple. I have run about three months of backups using this script and test about every other week. I have had yet to have a backup fail or fail to restore.

My hope is that this script and Mondo can help you automate those servers that aren’t getting regular backups; there are far too many of them out there. External drives are cheap folks, make your backups.