Forming an Install Team for Trusted Extensions - Trusted Extensions Configuration and Administration

Trusted Extensions Configuration and Administration

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Trusted Extensions Configuration and ... » Initial Configuration of Trusted Extensions » Security Planning for Trusted Extensions » Planning for Security in Trusted Extensions » Forming an Install Team for Trusted Extensions

Updated: July 2014

Trusted Extensions Configuration and Administration

Document Information

Using This Documentation

Part I Initial Configuration of Trusted Extensions

Chapter 1 Security Planning for Trusted Extensions

What's New in Trusted Extensions in Oracle Solaris 11.2

Planning for Security in Trusted Extensions

Understanding Trusted Extensions

Understanding Your Site's Security Policy

Planning Who Will Configure Trusted Extensions

Devising a Label Strategy

Planning System Hardware and Capacity for Trusted Extensions

Planning Your Trusted Network

Planning Your Labeled Zones in Trusted Extensions

Planning for Multilevel Services

Planning for the LDAP Naming Service in Trusted Extensions

Planning for Auditing in Trusted Extensions

Planning User Security in Trusted Extensions

Forming an Install Team for Trusted Extensions

Resolving Additional Issues Before Enabling??Trusted Extensions

Backing Up the System Before Enabling Trusted Extensions

Results of Enabling Trusted Extensions From an Administrator's Perspective

Chapter 2 Configuration Roadmap for Trusted Extensions

Task Map: Preparing for and Enabling Trusted Extensions

Task Map: Choosing a Trusted Extensions Configuration

Task Map: Configuring Trusted Extensions With the Provided Defaults

Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements

Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris

Initial Setup Team Responsibilities

Resolving Security Issues Before Installing Trusted Extensions

Installing and Enabling Trusted Extensions

Chapter 4 Configuring Trusted Extensions

Setting Up the Global Zone in Trusted Extensions

Creating Labeled Zones

Configuring the Network Interfaces in Trusted Extensions

Creating Roles and Users in Trusted Extensions

Creating Centralized Home Directories in Trusted Extensions

Troubleshooting Your Trusted Extensions Configuration

Additional Trusted Extensions Configuration Tasks

Chapter 5 Configuring LDAP for Trusted Extensions

Configuring LDAP on a Trusted Extensions Network

Configuring an LDAP Proxy Server on a Trusted Extensions System

Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System

Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition

Creating a Trusted Extensions LDAP Client

Part II Administration of Trusted Extensions

Appendix A Site Security Policy

Appendix B Configuration Checklist for Trusted Extensions

Appendix C Quick Reference to Trusted Extensions Administration

Appendix D List of Trusted Extensions Man Pages

Language:

Forming an Install Team for Trusted Extensions

The following describes the configuration strategy from the most secure strategy to the least secure strategy:

A two-person team configures the software. The configuration process is audited.
Two people are at the computer when the software is enabled. Early in the configuration process, this team creates administrative roles, and trusted users who can assume those roles. The team also sets up auditing to audit events that are executed by roles. After roles are assigned to users, and the computer is rebooted, the users log in and assume an administrative role. The software enforces task division by role. The audit trail provides a record of the configuration process. For an illustration of a secure configuration process, see Figure 1–1.
One person enables and configures the software by assuming the appropriate role. The configuration process is audited.
Early in the configuration process, the root role creates additional roles. The root role also sets up auditing to audit events that are executed by roles. Once these additional roles have been assigned to the initial user, and the computer is rebooted, the user logs in and assume the appropriate role for the current task. The audit trail provides a record of the configuration process.
One person enables and configures the software by assuming the root role. The configuration process is not audited.
By using this strategy, no record is kept of the configuration process.
The initial setup team changes the root role into a user.
No record is kept in the software of the name of the user who is acting as root. This setup might be required for remote administration of a headless system.

Task division by role is shown in the following figure. The security administrator configures auditing, protects file systems, sets device policy, determines which programs require privilege to run, and protects users, among other tasks. The system administrator shares and mounts file systems, installs software packages, and creates users, among other tasks.

Figure 1-1 Administering a Trusted Extensions System: Task Division by Role

image:Graphic shows the configuration team tasks, then shows the tasks for the Security Administrator and the System Administrator.

Copyright © 1992, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices