test

Trusted Solaris Installation and Configuration

Appendix B Checklists for a Secure Trusted Solaris Environment

The checklists are for planning and for reference. They provide an overall view of what to remember when installing and configuring the systems at your site, and a record of doing so.

Site Summary Checklist

The following checklists summarize what you have done at your site. Where indicated, there are separate worksheets to plan particular site features, such as servers and labels.

Reading List

Checklist Summaries

Labels

See Trusted Solaris Label Administration. For highlights, see "Planning Labels".

Network

See "Planning the Network".

Auditing

See Trusted Solaris Audit Administration. For highlights, see "Planning Auditing".

Systems or Hosts

See "Planning System Configuration".

First Users

See "Planning User Security" and Table 4-3.

Administrative Roles

See Table 4-1 for password and account locking considerations.

Users, Roles and Rights Profiles

See Trusted Solaris Administrator's Procedures.

Printers

See Trusted Solaris Administrator's Procedures and "Planning System Configuration".

Planning Labels

Planning labels requires extensive knowledge. Trusted Solaris Label Administration describes in detail the modifications required to the label_encodings file you choose.

Label visibility exceptions are implemented per user when creating users.

Label visibility exceptions per system can be done but are not recommended. See Trusted Solaris Label Administration for why and how.

Note -

When localizing a label_encodings file, localize the label names only. However, the names ADMIN_HIGH and ADMIN_LOW must not be localized. All labeled hosts that you contact must have label names that match the label names in the Trusted Solaris label_encodings file.

Label Decisions

Choose a label_encodings file

  1. GFI

  2. Site-specific

  3. Modified Trusted Solaris single-label

  4. Modified Trusted Solaris multilabel

Decide Trusted Solaris configuration

  • Create multiple user Sensitivity Labels -- Yes, default

  • Hide upgraded names in directories -- No, default

Decide label visibility

Visible to each user, default

Planning the Network

The first decision to make is whether to have an open network or a closed network.

Open Network Security Information

If the network is open:

  1. Identify accessible domains

  2. Identify accessible hosts

  3. Identify Trusted Solaris systems that can access to unlabeled systems or domains

Name Service Domain Information

For the NIS or NIS+ domain:

  1. Identify the NIS or NIS+ master

  2. Identify the NIS or NIS+ slaves/replicas

  3. Identify the NIS+ subdomain masters

  4. Identify the file servers

  5. Identify the audit servers

  6. Identify the print servers

  7. Identify the mail servers

  8. Identify network routers/gateways

  9. Identify end user systems

  10. Identify other hosts on the network

Labels of Communicating Machines

Identify the labels at which machines can communicate.

Planning Auditing

Planning auditing can require extensive knowledge. Trusted Solaris Audit Administration describes in detail how to set up auditing.

Auditing Security Information

Auditing security decisions include:

Auditing System Information

Auditing system decisions include:

Planning System Configuration

Required System Information

List the system information for each host in the Trusted Solaris network:

Security Information for Each Machine

Determine the security information for each host in the Trusted Solaris network: