SunSHIELD Basic Security Module Guide


The SolarisTM SHIELDTM Basic Security Module (BSM) provides additional security features, defined as C2 in the Trusted Computer System Evaluation Criteria (TCSEC), that are not supplied in standard UNIX®. The features provided by the BSM are the security auditing subsystem and a device-allocation mechanism that provides the required object-reuse characteristics for removable or assignable devices. C2 discretionary-access control, as well as C2 identification and authentication features, are provided by the standard Solaris system.

Who Should Use This Book

The SunSHIELD Basic Security Module Guide is intended for the system administrator whose duties include setting up and maintaining BSM. Familiarity with basic system administration concepts and with a text editor are helpful.

How This Book Is Organized

Chapter 1, Installation describes enabling and disabling the BSM. Topics include how to enable the Solaris system to use these additional security features, and how clients and servers interact in an enabled environment.

Chapter 2, Administering Auditing explains the system management and configuration of the auditing subsystem. Topics include managing audit trail storage, determining global and per-user preselection, and setting site-specific configuration options.

Chapter 3, Audit Trail Analysis explains processes for audit trail analysis and postprocessing. Topics discussed include overall audit record structure and formats, the audit trail printing utility, and the audit record selection and merging utility.

Chapter 4, Device Allocation describes the allocation mechanism for removable or assignable devices. Topics discussed include setting up and administering allocatable device files and using the allocation mechanism by nonprivileged users.

Appendix A, Audit Record Descriptions describes in detail the content of the audit records generated.

Appendix B, BSM Reference lists and describes the man pages added for the Solaris SunSHIELDTM Basic Security Module.

Ordering Sun Documents

The SunDocsSM program provides more than 250 manuals from Sun Microsystems, Inc. If you live in the United States, Canada, Europe, or Japan, you can purchase documentation sets or individual manuals using this program.

For a list of documents and how to order them, see the catalog section of the SunExpressTM Internet site at

What Typographic Changes Mean

The following table describes the typographic changes used in this book.

Table P-1 Typographic Conventions

Typeface or Symbol 




The names of commands, files, and directories; on-screen computer output 

Edit your .login file.

Use ls -a to list all files.

machine_name % You have mail.



What you type, contrasted with on-screen computer output 

machine_name% su



Command-line placeholder: 

replace with a real name or value 

To delete a file, type rm filename.


Book titles, new words or terms, or words to be emphasized 

Read Chapter 6 in User's Guide. These are called class options. You must be root to do this.

Shell Prompts in Command Examples

The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.

Table P-2 Shell Prompts



C shell prompt 


C shell superuser prompt 


Bourne shell and Korn shell prompt 

Bourne shell and Korn shell superuser prompt