test

Trusted Solaris Installation and Configuration

Appendix B Checklists for Configuring and Installing Trusted Solaris

The checklists are for planning and for reference. They provide an overall view of what to remember when installing and configuring the workstations at your site, and a record of doing so.

Site Summary Checklist

The following checklists summarize what you have done at your site. Where indicated, there are separate worksheets to plan particular site features, such as servers and labels.

Background Checklist

Checklist Summaries

Labels

See Trusted Solaris Label Administration. For highlights, see "Planning Labels".

Network

See "Planning the Network".

Auditing

See Trusted Solaris Audit Administration. For highlights, see "Planning Auditing".

Workstations and Servers

See "Planning Workstations".

First Users

See "Plan User Security" and Table 3-4.

Administrative Roles

See "To Create a Role" for password and account locking considerations.

Users, Roles and Rights Profiles

See Trusted Solaris Administrator's Procedures.

Printers

See Trusted Solaris Administrator's Procedures and "Planning Workstations".

Planning Labels

Planning labels requires extensive knowledge. Trusted Solaris Label Administration describes in detail the modifications required to the label_encodings file you choose.

Label visibility exceptions are implemented per user when creating users.

Label visibility exceptions per workstation can be done but are not recommended. See Trusted Solaris Label Administration for why and how.

Note -

When localizing a label_encodings file, localize the label names only. However, the names ADMIN_HIGH and ADMIN_LOW must not be localized. All labeled workstations that you contact must have label names that match the label names in the Trusted Solaris label_encodings file.

Label Decisions

Choose a label_encodings file

  1. GFI

  2. Site-specific

  3. Modified Trusted Solaris single-label

  4. Modified Trusted Solaris multilabel

Decide Trusted Solaris configuration

  • Create multiple user Sensitivity Labels -- Yes, default

  • Hide upgraded names in directories -- No, default

Decide label visibility

Visible to each user, default

Planning the Network

The first decision to make is whether to have an open network or a closed network.

Open Network Security Information

If the network is open:

Name Service Domain Information

For the NIS or NIS+ domain:

  1. Identify the NIS or NIS+ master

  2. Identify the NIS or NIS+ slaves/replicas

  3. Identify the NIS+ subdomain masters

  4. Identify the file servers

  5. Identify the audit servers

  6. Identify the print servers

  7. Identify the mail servers

  8. Identify network routers/gateways

  9. Identify end user workstations

  10. Identify other workstations on the network

Labels of Communicating Machines

Identify the labels at which machines can communicate.

Planning Auditing

Planning auditing can require extensive knowledge. Trusted Solaris Audit Administration describes in detail how to set up auditing.

Auditing Security Information

Auditing security decisions include:

Auditing System Information

Auditing system decisions include:

Planning Workstations

System Information for Each Machine

List the system information for each workstation/server in the Trusted Solaris network:

Security Information for Each Machine

Determine the security information for each workstation/server in the Trusted Solaris network: