echo “- – -”  > /sys/class/scsi_host/host#/scan

Or For Fibre Channel Connected LUNs.

echo “- – -” > /sys/class/fc_host/host#/scan 

scsi_host or fc_host folder can contain number of folders such as host0,host1.  Run the scan for each folders.

    $ find . -name *.gif -exec ls {} \;The -exec parameter holds the real power. When a file is found that matches the search criteria, the -exec parameter defines what to do with the file. This tells computer to
         Search, all files that have a name ending in .gif, list all found files using the ls command.
The -exec parameter requires further scrutiny(close look). When a filename is found that matches the search criteria, the find command executes ls {} string, substituting the filename and path for the {} text.  If snkr.gif was found in search, find would execute this command.
      
  $ls  ./snkr.gif

Optional execution
       -ok is an important alternative to -exec . It behaves the  same as -exec , but prompts you to see of you want to run command on the file. 
      The following commands lists all the .txt files in home directory. To delete the files, you must enter Y or y when the find command prompts for action by listing the filename

   $ find $HOME/. -name *.txt -ok  rm {} \;So, -ok adds some safety to the danger of automatic file removal.

Some good Uses of find
1. Clean out temporary files

    $ find . \( -name a.out -o -name ‘*.o’ -o -name ‘core’ \) -exec rm {} \;The file masks identifying the file types to be removed are located between the parantheses. each mask is preceded by  -name and -o is OR

2. Copy a directory’s contents
   find lets you copy the entire contents of a directory while preserving the permissions, times, and ownership of  every file and subdirectory.

     $ find . | cpio -pdumv /path/to/dest/dircpio is a command designed to copy files into and out of a cpio or tar archive, automatically preserving permissions, times, and ownership of files and subdirectories.

3. List the first lines of text files

    $ find $HOME/. -name *.txt -exec head -n 1 -v {} \; > report.txt
        -v of head prints the headers giving the file names.4. Maintain LOG and TMP file storage spaces

    $ find  $LOGDIR -type d -mtime +0 -exec compress -r {} \;        searches all the directories -type d in $LOGDIR wherein a file’s data has been modified within the last 24 hours (-mtime +0) and compresses them    $ find $LOGDIR  -type d -mtime +5 -exec rm -f {} ;

         $ find . -depth – print | cpio -o -O <target dir>This copies directory trees from one machine to another machine while preserving copy permissions and the UID and GID, and leaving user files alone,

6. Locate and rename unprintable directories
It’s possible in UNIX for an errant or malicious program to create a directory with unprintable characters.

      $ find . -inum 3553 -exec mv {} newname.dir \;

7. List zero-length files

     $ find . -empty  -exec ls {} \; 

8.  Using different options in find

     $ find   /   -type  -f  -user root   -perm   644  -name *.gif     -exec    ls -lh {} \;9. Find all files owned by no one in particular and give them  to root:

   $ find    / -nogroup   -exec chgrp  root {} \;10. Using find with xargs
    $ find  . -iname *.gif | xargs ls -lht   Find current directory (.) for files with .gif extension and the output of find is passed to xargs11. Use -type option for types of files such as  sym. link(l), plain file (f), directory (d), block special file (b),  character special file (c), named pipe(p), socket (s) etc.
   
    $ find / -type s -exec ls -li {} \;
     
The following command find all the symbolic links in a directory, and print the files the link points to

    $find  .  -type l -print  | xargs ls -ld   | awk  ‘{print $10}’Resources:
1. http://www.ibm.com/developerworks/aix/library/au-unix-find.html
2. http://www.grymoire.com/Unix/Find.html

global server_list
lappend server_list “server1″
lappend server_list “server2″
lappend server_list “server3″
lappend server_list “server4″

foreach s $server_list p $pass_list {
 spawn ssh -l root $s
 expect {
   -re “(yes/no).*”
    { send “yes\r”
       expect  “password:”
       send “$p\r”
    }
    “password:” {
      send “$p\r”
     }
 }
#change # according to the type of user logs in
 expect “#”
 send “/root/diskcheck \r”
 #send “ls -lht \r”
 expect “#”
 send “logout \r”
 interact
}

file: checkdisk.sh 
!/bin/bash
DISC=$1
PARTITION=`df -h |grep $DISC | awk ‘{print $1}’`
SIZE=`df -h|grep $DISC|awk ‘{print $2}’`
USED=`df -h|grep $DISC|awk ‘{print $3}’`
FREE=`df -h|grep $DISC|awk ‘{print $4}’`
echo “Partition: $PARTITION”
echo “Total size: $SIZE”
echo “Used space: $USED”
echo “Free space: $FREE”

./diskcheck sda3 

Rsync copies files either to or from a remote host, or locally on the current host. It doesnot support copying files between two remote hosts.
If a single source arg is specified without a destination, the files are listed in an output format similar to “ls -l”

-a option of rsync means archive mode which is same as -rlptgoD which ensures that (-r) recurse into directories (-l)symbolic links, (-D) devices, attributes,(-p) permissions, (-o)ownerships, etc. are preserved in the transfer. Also there are options for compression to reduce size of data during transfer.

rsync can also be used in local-only mode, where both the source and destination don’t have a ‘:’ in the name. In this case it behaves like an improved copy command.
 

ISSUE 1
www.itefix.no/phpws/index.php?module=faq&FAQ_op=view&FAQ_id=54
Can rsync transfer security/ownership information between two windows machines ?
 
A: cwRsync alone has limited support since it runs on cygwin posix emulation layer. However, after an rsync operation,
you can use Robocopy XP010 from Windows Server 2003 Resource Kit, to transfer all windows specific file information
 (NTFS security, timestamps, attributes, ownership, auditing info):
   ROBOCOPY source destination /XO /XN /XC /E /COPY:ATSOU
   options
                /XO (exclude older),
                /XN (exclude newer)
                  and /XC (exclude changed) assure that only existing files are targeted.
               Option /E is for recursive directory operation including empty ones.
               Option /COPY:ATSOU instructs Robocopy to copy only
                              attributes (A),
                              timestamps (T),
                             NTFS security information (S),
                            Ownership (O) and auditing (U).

       Windows Server 2003 Resource Kit can be downloaded from
microsoft.com/downloads/thankyou.aspx?familyId=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displayLang=en    
 

Using JEDI we can secure the systems of users inside and outside network before allowing them to connect to SSL VPN appliance

JEDI components include

• Native Host checks and policy-based enforcement
• Host check Client interface
• Host check Server Integration Interface
• Cache cleaner

We may develop a layered protection approach, managing and provisioning a variety of endpoing check all from   within the SSL VPN.  We may choose to check for virus detection, personal firewall software before allowing a usr to access to any of the IVE realms, launch the software on the user’s system if necessary, map the user to roles based on the individual policies defined in your own DLL, and then further restrict access to individual resources based on the existence of spyware detection software. Then you may use Cache Cleaner to remove residual files and clear the users.

In short,
      JEDI can push   missing software, antivirus signatures, personal firewall, malware detection agent, spawning virtual desktops.

Source:  f.netline.junipermarketing.com/netline000s/?msg=chief.txt&_m=26%2e10ws%2ea%2emfm%2el
 

       3. Tunnel:
                      Use tunnel  zones to set up VPN tunnels with other security devices.
           1. untrust-tun – which hosts VPN tunnels
           2. name name_str - a user defoned tunnel zone. such zones can be created using the 
                    set zone name name_str tunnel tunnel

      4. Function:
          Use function  zones as described below.
          1. null – which serves as temporary storage for any interfaces that are not currently bound to another zones.
          2. self – which hosts the interface for remote mangement commections. e.g. when you connect to the device via
                        HTTP, SCS, or Telnet, you connect to the Self zone.
         3. ha – which hosts the high availability interfaces HA1 and HA2
         4. mgt – which hosts the out-of-band mangement  interface,   MGT
       

There are two ways to fix this in qmail and one workaround that might be sufficient for some applications.
 1. patch=> christopher K Davis patch
    This is an adaption of a patch by Chuck Foster that should work with any resolver library, no matter how old, and uses a   guard byte to avoid the “number of bytes placed in the buffer” library bug.
    
 2. Bump the packet buffer size up to  65536
          Works with recent BIND resolver libraries, which will automatically do a TCP query within the library code if the reply comes back   with truncation bit set. This is the simplest fix, though it’s also potentially the most wasteful of memory, depending on how your    system handles paging.
    To do This just replace PACKETSZ with 65536 in dns.c and rebuild qmail.
   
 3. Run dnscache from djbdns
   dnscache is, as the name implies, a caching DNS server. It knows how to handle large DNS responses and removes unnecessary information  from them, so the response it returns is usually much smaller than the direct response.
   It generally improves DNS lookup performance for all  services that use DNS.
   Because it doesnot require patching qmail, this might be an acceptable workaround.
   Unfortunately, it’s not complete fix because response can still be too large for qmail.
   
 Since djbdns(dnscache) trims the DNS requests but after trimming also the size of the response can exceed 512 bytes because the DNS response can be as large as 65536. So this is not the complete solution. So using Christopher’s patch we can handle over sized DNS packets.
   
 The patch can be found at
   http://www.ckdhr.com/ckd/qmail-103.patch
 

  SSL is a common protocol and most web  browsers have SSL capabilities built in. It allow more precise access control. First of all they provide tunnels to specific application rather than to entire corporate LAN. So, users on SSL VPN connections can onlu access the application that they are configured to access rather than the whole network. Also it is easier to provide different access rights to different users and have more granular control over users access.
  SSL   VPN’s have been gaining in prevalance and popularity; however they are not the right solutions for every instances.
Next con of SSL VPN’s is that you are accessing the applications through a web browser which means that they really only work for web-based applications. It is possible to web-enable other applications so that they can be accessed through SSL VPN’s, however doing so adds to the complexity of the solution and eliminates some of the pros.
   Having direct access only to the Web-enabled SSL application also means that users don’t have access to network resources such as,
               1. printers 
               2. centralized storage and
               3. unable to use the VPN for the file sharing or file backups

Note: In case of Juniper router, if the firewall blocks the IPSec connection then it automatically changes to the SSL VPN.