JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Trusted Extensions Configuration and Administration     Oracle Solaris 11 Express 11/10
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

7.  Trusted Extensions Administration Concepts

8.  Trusted Extensions Administration Tools

Administration Tools for Trusted Extensions

txzonemgr Script

Device Manager

Label Builder in Trusted Extensions

Command Line Tools in Trusted Extensions

Configuration Files in Trusted Extensions

Remote Administration in Trusted Extensions

9.  Getting Started as a Trusted Extensions Administrator (Tasks)

10.  Security Requirements on a Trusted Extensions System (Overview)

11.  Administering Security Requirements in Trusted Extensions (Tasks)

12.  Users, Rights, and Roles in Trusted Extensions (Overview)

13.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

14.  Remote Administration in Trusted Extensions (Tasks)

15.  Trusted Extensions and LDAP (Overview)

16.  Managing Zones in Trusted Extensions (Tasks)

17.  Managing and Mounting Files in Trusted Extensions (Tasks)

18.  Trusted Networking (Overview)

19.  Managing Networks in Trusted Extensions (Tasks)

20.  Multilevel Mail in Trusted Extensions (Overview)

21.  Managing Labeled Printing (Tasks)

22.  Devices in Trusted Extensions (Overview)

23.  Managing Devices for Trusted Extensions (Tasks)

24.  Trusted Extensions Auditing (Overview)

25.  Software Management in Trusted Extensions (Reference)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

C.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Oracle Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

D.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Oracle Solaris Man Pages That Are Modified by Trusted Extensions

Glossary

Index

Command Line Tools in Trusted Extensions

Commands that are unique to Trusted Extensions and commands that are modified by Trusted Extensions are contained in the Oracle Solaris Reference Manual. The man command finds all the commands. For a short description of the commands and a link to the man pages, see Appendix D, List of Trusted Extensions Man Pages.

The following table lists commands that are unique to Trusted Extensions. The commands are listed in man page format. The table indicates examples or explanations of the commands.

Table 8-2 User and Administrative Trusted Extensions Commands

Man Page
Trusted Extensions Modification
For More Information
add_allocatable(1M)
Enables a device to be allocated by adding the device to device allocation databases. By default, removable devices are allocatable.
How to Configure a Device in Trusted Extensions
atohexlabel(1M)
Translates a label into hexadecimal format.
How to Obtain the Hexadecimal Equivalent for a Label
chk_encodings(1M)
Checks the integrity of the label_encodings file.
How to Debug a label_encodings File in Oracle Solaris Trusted Extensions Label Administration
getlabel(1)
Displays the label of the selected files or directories.
How to Display the Labels of Mounted Files
getzonepath(1)
Displays the full pathname of a specific zone.
Acquiring a Sensitivity Label in Oracle Solaris Trusted Extensions Developer’s Guide
hextoalabel(1M)
Translates a hexadecimal label into its readable equivalent.
How to Obtain a Readable Label From Its Hexadecimal Form
plabel(1)
Displays the label of the current process.
See the man page.
remove_allocatable(1M)
Prevents allocation of a device by removing its entry from device allocation databases.
How to Configure a Device in Trusted Extensions
setlabel(1)
Relabels the selected item. Requires the solaris.label.file.downgrade or solaris.label.file.upgrade authorization. These authorizations are in the Object Label Management rights profile.
tnctl(1M)
Caches network information in the kernel.
How to Synchronize the Kernel Cache With Trusted Network Databases
tnd(1M)
Executes the trusted network daemon when the LDAP naming service is enabled.
How to Synchronize the Kernel Cache With Trusted Network Databases
tninfo(1M)
Displays kernel-level network information and statistics.
How to Compare Trusted Network Database Information With the Kernel Cache.
updatehome(1M)
Updates .copy_files and .link_files for the current label.
How to Configure Startup Files for Users in Trusted Extensions

The following table lists Oracle Solaris commands that are modified or extended by Trusted Extensions. The commands are listed in man page format. The table indicates examples or explanations of the commands.

Table 8-3 User and Administrative Commands That Trusted Extensions Modifies

Man Page
Purpose of Command
For More Information
allocate(1)
Adds options to clean the allocated device, and to allocate a device to a specific zone. In Trusted Extensions, regular users do not use this command.
How to Allocate a Device in Trusted Extensions in Oracle Solaris Trusted Extensions User Guide
deallocate(1)
Adds options to clean the device, and to deallocate a device from a specific zone. In Trusted Extensions, regular users do not use this command.
How to Allocate a Device in Trusted Extensions in Oracle Solaris Trusted Extensions User Guide
list_devices(1)
Adds the -a option to display device attributes, such as authorizations and labels. Adds the -d option to display the default attributes of an allocated device type. Adds the -z option to display available devices that can be allocated to a labeled zone.
See the man page.
tar(1)
Adds the -T option to archive and extract files and directories that are labeled.
How to Back Up Files in Trusted Extensions and How to Restore Files in Trusted Extensions
auditconfig(1M)
Adds the windata_down and windata_up audit policy options.
How to Change Audit Policy in System Administration Guide: Security Services
auditreduce(1M)
Adds the -l option to select audit records by label.
How to Select Audit Events From the Audit Trail in System Administration Guide: Security Services
automount(1M)
Modifies the names and contents of auto_home maps to account for zone names and zone visibility from higher labels.
Changes to the Automounter in Trusted Extensions
ifconfig(1M)
Adds the all-zones option to make an interface available to every zone on the system.
How to Verify That a Host's Interfaces Are Up
netstat(1M)
Adds the -R option to display extended security attributes for sockets and routing table entries.
How to Debug the Trusted Extensions Network
route(1M)
Adds the -secattr option to display the security attributes of the route: cipso, doi, max_sl, and min_sl.
How to Configure Routes With Security Attributes
ikeadm(1M)
Adds a debug flag, 0x0400, for label processing.
See the man page.
in.iked(1M)
In the global zone, uses two multilevel ports, UDP ports 500 and 4500, to negotiate labeled security associations.
See the ike.config(4) man page.
ipseckey(1M)
Adds the label, outer-label, and implicit-label extensions. These extensions associate Trusted Extensions labels with the traffic that is carried inside a security association.
See the man page.
Copyright © 1992, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next