Installing and configuring the Trusted Solaris environment involves more than loading executable files, entering your site's data, and setting configuration variables. The Trusted Solaris environment also requires considerable background knowledge for making decisions that enforce your site's security policies. Trusted Solaris software provides a unique environment that is based on the following concepts:
Superuser has been weakened. No user can log in as root or su to root.
In addition to UNIX® permissions, access to data is controlled by special security tags that are called labels. Labels are assigned to users and objects, such as data files and directories.
The ability to override security policy can be assigned to specific users and to particular applications.
Some users are limited to those applications that are necessary for performing their jobs. Other users are authorized to do more.
Capabilities formerly assigned to superuser are available to separate, discrete “roles.” Roles are assigned to a limited number of users.
If you are unfamiliar with the Trusted Solaris operating environment, you might do the following:
Read – The Trusted Solaris User's Guide and the Trusted Solaris Administration Overview offer an introduction to the operating environment. You should also be familiar with the rest of the document set, which is described in Trusted Solaris 8 HW 12/02 Document Set.
Take a course – The “Trusted Solaris for System Administrators” course is available from Sun Educational Services. Click the Support & Training link at the Sun Web site, http://www.sun.com. Your Sun account representative can help you schedule the class.
Prepare for installation – Trusted Solaris Installation and Configuration provides information so that you can devise an installation strategy. Other useful information for the installation process is contained in the Solaris 8 2/02 Installation Collection.
The Solaris 8 HW 12/02 Sun Hardware Platform Guide contains important information in the following chapters:
Chapter 2, “Supported Sun Hardware”
Chapter 5, “Updating the Flash PROM on the Ultra 1, Ultra 2, Ultra 450, and Sun Enterprise 450 Systems”
Chapter 6, “Updating the Flash PROM on the Sun Enterprise 3x00, 4x00, 5x00, and 6x00 Systems”
UltraTM 1, 2, 450, and Sun EnterpriseTM 450, 3x00, 4x00, 5x00, and 6x00 systems need a Flash PROM upgrade to enable 64-bit operations.
Although similarities exist between installing the Trusted Solaris 8 HW 12/02 and the Solaris 8 HW 12/02 operating environments, there are some differences. The differences include the following:
You cannot upgrade from a Solaris environment to a Trusted Solaris environment.
You can upgrade from a Trusted Solaris 8 version of the Trusted Solaris environment to the current Trusted Solaris release.
The disk space requirements differ between the two products.
Solaris Web Start installation is not supported in the Trusted Solaris environment.
Configure the system according to site security policy – The additional procedures that are required to configure the system are provided in Trusted Solaris Installation and Configuration with pointers to other relevant documentation.