Understanding Your Site's Security Policy

Through its configurability, the Trusted Solaris environment effectively enables you to integrate your site's security policy with the operating environment. Thus, you need to have a good feel for the scope of your policy and the ability of Trusted Solaris software to accommodate it. A good configuration should provide a balance between consistency with your site security policy and convenience for those working in the environment.

The Trusted Solaris operating environment is configured by default to conform with the ITSEC evaluation certificate FB1 (and FC2 which is less stringent). To meet these evaluated levels, you must:

• Select NIS+ as the naming service.

• Select multiple-label environment operation for the FB1 level. The FC2 level permits single- or multiple-label operation.

Note that your configuration may no longer conform with the ITSEC security levels if you do any of the following:

• Change the kernel switch settings in the /etc/system file, other than those switches and their values documented in this manual.

• Provide security-relevant execution profiles to non-administrative users.

• Change the default entries in these configurable files:

  • /usr/openwin/server/tsol/*

  • /usr/dt/app-defaults/C/Sel_Mgr

  • /usr/dt/bin/Xsession

  • /usr/dt/bin/Xtsolusersession

  • /usr/dt/config/sel_config

  • /usr/dt/app-defaults/C/Dtwm

  • /usr/dt/app-defaults/C/Dt

  • /usr/dt/config/C/sys.dtwmrc