HPE Community
Operating System - HP-UX
1847985 Members
6224 Online
104022 Solutions
New Discussion

how to disable dvd-rom drive?

 
SOLVED
Go to solution
Torsten.
Acclaimed Contributor

‎08-04-2009 04:57 AM

‎08-04-2009 04:57 AM

Re: how to disable dvd-rom drive?

I already asked in one of your other threads what you want to achieve ... you can set up your system that way that root only can mount the DVD. If this is not enough for you (for whatever reason), consider to disconnect the drive ...

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎08-04-2009 08:04 AM

‎08-04-2009 08:04 AM

Re: how to disable dvd-rom drive?

>Torsten: you can set up your system that way that root only can mount the DVD.

This is the default.
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎08-04-2009 08:34 AM

‎08-04-2009 08:34 AM

Re: how to disable dvd-rom drive?

I know.
That's why I asked for the reason why this drive should be "disabled".

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎08-04-2009 08:46 AM

‎08-04-2009 08:46 AM

Re: how to disable dvd-rom drive?

>ME: This is the default.

>Torsten: I know.

Other than sudo or RBAC type solutions, do you know of any way the user can mount it?
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎08-04-2009 08:47 AM

‎08-04-2009 08:47 AM

Re: how to disable dvd-rom drive?

I use sudo and a scripted mount/umount.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Bob E Campbell
Honored Contributor

‎08-04-2009 09:32 AM

‎08-04-2009 09:32 AM

Re: how to disable dvd-rom drive?

Please speak to your auditors. If you have physical access to a computer system it is not secure. If physical access to the system is restricted then disabling the drives may may it more difficult to update the software and firmware of the systems. Those updates may include security fixes that keep the remote bad guys away.

Then again if you make them happy and they go away for a year, we understand...
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎08-04-2009 06:22 PM

‎08-04-2009 06:22 PM

Re: how to disable dvd-rom drive?

Your auditors are thinking in terms of PCs on desks in the office. If your HP-UX servers are in a secure computer room, then *ALL* the hardware is as secure as the computer room. Uncontrolled physical access means absolutely no security at all. Disabling the DVD is silly when the bad guy can walk in and cycle the power to start a reboot and find a console connection to interrupt the boot process.

Now if this HP-UX box is indeed a workstation in an uncontrolled environment such as an office, then disabling the DVD prevents booting up a diagnostic CD. But why bother? The workstation is completely vulnerable with physical access.


Bill Hassell, sysadmin
0 Kudos
Reply
fizan
Super Advisor

‎08-04-2009 08:40 PM

‎08-04-2009 08:40 PM

Re: how to disable dvd-rom drive?

as of now planned to delete the device file and in case if we want it.

ioscan -funC disk (hw path is shown)
insf -eH 0.2.2.2.2
in this i got a dowt whther if we run the ioscan it will show the hw path of dvd-drive?

then whether its persistent across the reboot.?

Thanks.
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎08-04-2009 09:20 PM

‎08-04-2009 09:20 PM

Re: how to disable dvd-rom drive?

Does this make sense? IMHO not, since root only can mount the DVD and root can create the device files. In addition a reboot will recreate the device files anyway.

You still didn't explain why exactly you want to do this.

As said above, if somebody has root or physical access, "disabling" will be totally useless, if you really want, remove this unit.


Keep in mind that modern servers can have virtual media too ...

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
fizan
Super Advisor

‎08-04-2009 09:29 PM

‎08-04-2009 09:29 PM

Re: how to disable dvd-rom drive?

some of the oracle users have the root access but they dont recreate the device file. so only form our part its done tortsen,

then after rmsf -H 0.2.2.2.

wat will be the out put if we run ioscan -funC disk?

0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎08-04-2009 09:48 PM

‎08-04-2009 09:48 PM

Re: how to disable dvd-rom drive?

Keep in mind that root can do everything.

If you delete something, root can create it again.

Why on earth do you want to disable this drive???

If you are root, you can create, delete files, import, export them via network or whatever ... even without access to the DVD drive.





What is your concern regarding the DVD drive exactly???

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
fizan
Super Advisor

‎08-04-2009 09:53 PM

‎08-04-2009 09:53 PM

Re: how to disable dvd-rom drive?

in all our aix, linux boxes they disabled the usb drives and cd-drives, now they ask to disable the drives in hp-box also so this is my ground need to be done..

if i give rmsf -H 0.0.2.1
then if i run the ioscan -funC disk

/dev/rdsk/c0t0d0 will not be there
or
cd /dev/dsk
c0t0do will not be there?
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎08-04-2009 10:03 PM

‎08-04-2009 10:03 PM

Re: how to disable dvd-rom drive?

If you reboot the server the device files will be there again.

Why disable?

If somebody has physical access he can do other bad things too ... if you can connect or insert anything, you need at least system access (as root) in order to do anything.

If you allow other persons to be root, the drive is not your concern!

The only secure way to disable a drive like this is to rip it out.


Just wondering how did you "disable" them on other operating systems?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
fizan
Super Advisor

‎08-04-2009 10:31 PM

‎08-04-2009 10:31 PM

Re: how to disable dvd-rom drive?

tortsen,

if i give rmsf -H 0.0.2.1

where the special file will be deleted?
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎08-04-2009 10:34 PM

‎08-04-2009 10:34 PM

Re: how to disable dvd-rom drive?

It will delete the dsk and rdsk file until next run of insf or next reboot or even next ioscan on 11.31.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
fizan
Super Advisor

‎08-04-2009 11:56 PM

‎08-04-2009 11:56 PM

Re: how to disable dvd-rom drive?

so in ioscan nothing gets changed. by doing rmsf

changes only in /dev/dsk and /dev/rdsk.
0 Kudos
Reply
R.K. #
Honored Contributor

‎08-05-2009 03:31 AM

‎08-05-2009 03:31 AM

Re: how to disable dvd-rom drive?

Hi..

Earlier..
disk 9 1/10/0/1.12.0 sdisk CLAIMED DEVICE HP 36.4GMAN3367MC
/dev/dsk/c1t12d0 /dev/rdsk/c1t12d0

# rmsf -H 1/10/0/1.12.0
# ioscan -fnC disk

disk 9 1/10/0/1.12.0 sdisk CLAIMED DEVICE HP 36.4GMAN3367MC

So you will not see /dev/dsk/ and /dev/rdsk/, you will see only HW path in one line.

To make everything normal:
# insf -eC

Don't fix what ain't broke
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

‎08-05-2009 04:55 AM

‎08-05-2009 04:55 AM

Re: how to disable dvd-rom drive?

>> in all our aix, linux boxes they disabled the usb drives and cd-drives, now they ask to disable the drives in hp-box also so this is my ground need to be done..

Ok, so there's that Windoze thinking again.

First of all an assumption that physical access to the system is uncontrolled, which is hopefully NOT the case but you still have to confirm that.

Secondly, it sounds like this particular audit concern tries to target 'uncontrolled' files coming and going to the system, notably going. [ one of my customers has a similar rule ]. The TEAC DV-28E-C is a DVD-ROM. So that should be all you need to tell them if the concern is data being taken from the system using physical media.

Good luck!
Hein.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.