- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- CD/DVD WRITE DISABLE
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2010 10:08 AM
тАО12-08-2010 10:08 AM
Please be specific.
Thx.
Solved! Go to Solution.
- Tags:
- DVD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2010 11:55 AM
тАО12-08-2010 11:55 AM
SolutionIf someone has already created that device node, remove it, or set its permissions to root access only.
You seem to be trying to prepare a HP-UX system for processing some sort of sensitive information. Would you like some friendly advice?
(Whoa, I think I was channeling Clippy there. Anyway...)
You should keep in mind that physical access (the ability to poke the server with fingers and tools) to the server will trump most software security mechanisms. If you are planning to handle sensitive information, putting the server behind locked doors should be your *first* step.
Once your server is physically accessible by trusted personnel only, the problem of a writable CD/DVD should also be mostly solved: a writable CD/DVD drive is not useful to an unauthorized person if he/she cannot insert a blank CD/DVD.
When thinking about software-level security mechanisms, you should remember this: *anything* root can do, root can also undo. The OS cannot protect the system against a malicious person who has real root access, because with root access the malicious person can disable or override the protection mechanisms of the OS.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2010 12:10 PM
тАО12-08-2010 12:10 PM
Re: CD/DVD WRITE DISABLE
> Please be specific.
You first. What is your actual requirement?
The best actual solution may be to lock the
door, not to try to hobble the software, and
keep it hobbled "permanently". (Or did you
intend to run a cron job to check on this
stuff every few minutes to make sure that no
one has removed the hobbles?)
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1459606
Spreading the same problem across multiple
threads may not be the best path to the best
solution. (My first thought on reading this
post was, "What about the USB ports?".)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2010 04:19 PM
тАО12-08-2010 04:19 PM
Re: CD/DVD WRITE DISABLE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2010 07:59 PM
тАО12-08-2010 07:59 PM
Re: CD/DVD WRITE DISABLE
Some years ago, I had occasion to visit a
certain government-operated facility which
employed armed guards and labyrinthine
hallways. It was a "medium motel": The
media check in, but they don't check out.
Physical security has its limitations, too
(like, say, a trusted senior employee with a
9-track tape under his coat), but it's
probably wiser to be aware of those
limitations than it is to believe that
there's some simple technical fix to a very
complex problem, and then relax.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2010 02:23 PM
тАО12-09-2010 02:23 PM
Re: CD/DVD WRITE DISABLE
physically remove the CD/DVD RW hardware from the server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2010 03:24 PM
тАО12-09-2010 03:24 PM
Re: CD/DVD WRITE DISABLE
>
>
> physically remove the CD/DVD RW hardware
> from the server
Simple, but not particularly effective, if a
user can plug in his own USB-interface drive.
(Or SCSI, or ...)
Everything's complicated. (If you don't
think so, then think more. Or better. But,
"If you don't think too good, don't think too
much.")
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2011 12:05 PM
тАО02-03-2011 12:05 PM
Re: CD/DVD WRITE DISABLE
This was accomplished by removing read/execute permissions on the following executables that perform these write operations:
chmod 770 /usr/bin/cdrecord
chmod 770 /usr/bin/growisofs
You may want to start with these and then check for other programs that do this and restrict read/execute to them as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2011 12:14 PM
тАО02-03-2011 12:14 PM
Re: CD/DVD WRITE DISABLE
If you want to write to a CD, you must have physical access to the CD drive to insert a media.
Restrict the physical access like everyone is doing.
Since you usually need to be root to have write access, don't allow root access to others.
Any action done by root to prevent write access can be reverted by "another" root user.
However, IMHO to allow any kind of network access is much more dangerous ... ;-)
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2011 12:31 PM
тАО02-03-2011 12:31 PM
Re: CD/DVD WRITE DISABLE
Thx to all who responded.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2011 12:45 PM
тАО02-03-2011 12:45 PM
Re: CD/DVD WRITE DISABLE
Is this requirement made by non-technical management alerted by some articles in newspapers about swiss bank account data sold to several european governments on CD-Rs?
LOL!
If anyone would like to get some data from the server with bad intentions, I think the very last choice would be to burn them on the server itself ...
just my 2 cents ...
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
