Tighter Security Defaults in Trusted Extensions

Trusted Extensions establishes tighter security defaults than the Solaris OS:

Auditing

By default, auditing is enabled.

An administrator can turn off auditing. However, auditing is typically required at sites that install Trusted Extensions.

Devices

By default, device allocation is enabled.

By default, device allocation requires authorization. Therefore, by default, regular users cannot use removable media.

An administrator can remove the authorization requirement. However, device allocation is typically required at sites that install Trusted Extensions.

Printing

Regular users can print only to printers that include the user's label in the printer's label range.

By default, printed output has trailer and banner pages. These pages, and the body pages, include the label of the print job.

By default, users cannot print PostScript files.

Roles

Roles are available in the Solaris OS, but their use is optional. In Trusted Extensions, roles are required for proper administration.

Making the root user a role is possible in the Solaris OS. In Trusted Extensions, the root user is made a role to better audit who is acting as superuser.