The checklists are for planning and for reference. They provide an overall view of what to remember when installing and configuring the systems at your site, and a record of doing so.
The following checklists summarize what you have done at your site. Where indicated, there are separate worksheets to plan particular site features, such as servers and labels.
Read Trusted Solaris Administration Overview.
Understand site security requirements.
See Trusted Solaris Label Administration. For highlights, see "Planning Labels".
See Trusted Solaris Audit Administration. For highlights, see "Planning Auditing".
See "Planning User Security" and Table 4-3.
See Table 4-1 for password and account locking considerations.
See Trusted Solaris Administrator's Procedures.
See Trusted Solaris Administrator's Procedures and "Planning System Configuration".
Planning labels requires extensive knowledge. Trusted Solaris Label Administration describes in detail the modifications required to the label_encodings file you choose.
Label visibility exceptions are implemented per user when creating users.
Label visibility exceptions per system can be done but are not recommended. See Trusted Solaris Label Administration for why and how.
When localizing a label_encodings file, localize the label names only. However, the names ADMIN_HIGH and ADMIN_LOW must not be localized. All labeled hosts that you contact must have label names that match the label names in the Trusted Solaris label_encodings file.
GFI
Site-specific
Modified Trusted Solaris single-label
Modified Trusted Solaris multilabel
Create multiple user Sensitivity Labels -- Yes, default
Hide upgraded names in directories -- No, default
Visible to each user, default
The first decision to make is whether to have an open network or a closed network.
Identify accessible domains
Identify accessible hosts
Identify Trusted Solaris systems that can access to unlabeled systems or domains
Identify the NIS or NIS+ master
Identify the NIS or NIS+ slaves/replicas
Identify the NIS+ subdomain masters
Identify the file servers
Identify the audit servers
Identify the print servers
Identify the mail servers
Identify network routers/gateways
Identify end user systems
Identify other hosts on the network
Identify the labels at which machines can communicate.
Identify an single-label or limited range hosts in the Trusted Solaris network.
Determine the label(s) applied to incoming data from unlabeled hosts
Planning auditing can require extensive knowledge. Trusted Solaris Audit Administration describes in detail how to set up auditing.
Auditing security decisions include:
Classes of events to audit for success
Classes of events to audit for failure
Classes of events to audit for both
Users/roles with what additional auditing
Who has access to the audit administration server
Who has access to the audit servers
Who has the rights profile for audit file backup
Who has the rights profile for audit file review
Auditing system decisions include:
Primary and secondary audit partitions for each host
Size of audit partitions
List the system information for each host in the Trusted Solaris network:
name
kernel architecture
IP address
Determine the security information for each host in the Trusted Solaris network:
root password
PROM/BIOS security level
PROM/BIOS password
Attached peripherals permitted?
Access to printers
Access to unlabeled domains