JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Trusted Extensions Configuration and Administration     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information


Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

7.  Trusted Extensions Administration Concepts

8.  Trusted Extensions Administration Tools

Administration Tools for Trusted Extensions

txzonemgr Script

Device Manager

Label Builder in Trusted Extensions

Command Line Tools in Trusted Extensions

Configuration Files in Trusted Extensions

Remote Administration in Trusted Extensions

9.  Getting Started as a Trusted Extensions Administrator (Tasks)

10.  Security Requirements on a Trusted Extensions System (Overview)

11.  Administering Security Requirements in Trusted Extensions (Tasks)

12.  Users, Rights, and Roles in Trusted Extensions (Overview)

13.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

14.  Remote Administration in Trusted Extensions (Tasks)

15.  Trusted Extensions and LDAP (Overview)

16.  Managing Zones in Trusted Extensions (Tasks)

17.  Managing and Mounting Files in Trusted Extensions (Tasks)

18.  Trusted Networking (Overview)

19.  Managing Networks in Trusted Extensions (Tasks)

20.  Multilevel Mail in Trusted Extensions (Overview)

21.  Managing Labeled Printing (Tasks)

22.  Devices in Trusted Extensions (Overview)

23.  Managing Devices for Trusted Extensions (Tasks)

24.  Trusted Extensions Auditing (Overview)

25.  Software Management in Trusted Extensions (Reference)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

C.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Oracle Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

D.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Oracle Solaris Man Pages That Are Modified by Trusted Extensions



Command Line Tools in Trusted Extensions

Commands that are unique to Trusted Extensions and commands that are modified by Trusted Extensions are contained in the Oracle Solaris Reference Manual. The man command finds all the commands. For a short description of the commands and a link to the man pages, see Appendix D, List of Trusted Extensions Man Pages.

The following table lists commands that are unique to Trusted Extensions. The commands are listed in man page format. The table indicates examples or explanations of the commands.

Table 8-2 User and Administrative Trusted Extensions Commands

Man Page
Trusted Extensions Modification
For More Information
Enables a device to be allocated by adding the device to device allocation databases. By default, removable devices are allocatable.
Translates a label into hexadecimal format.
Checks the integrity of the label_encodings file.
Displays the label of the selected files or directories.
Displays the full pathname of a specific zone.
Translates a hexadecimal label into its readable equivalent.
Displays the label of the current process.
See the man page.
Prevents allocation of a device by removing its entry from device allocation databases.
Relabels the selected item. Requires the solaris.label.file.downgrade or solaris.label.file.upgrade authorization. These authorizations are in the Object Label Management rights profile.
Caches network information in the kernel.
Executes the trusted network daemon when the LDAP naming service is enabled.
Displays kernel-level network information and statistics.
Updates .copy_files and .link_files for the current label.

The following table lists Oracle Solaris commands that are modified or extended by Trusted Extensions. The commands are listed in man page format. The table indicates examples or explanations of the commands.

Table 8-3 User and Administrative Commands That Trusted Extensions Modifies

Man Page
Purpose of Command
For More Information
Adds options to clean the allocated device, and to allocate a device to a specific zone. In Trusted Extensions, regular users do not use this command.
Adds options to clean the device, and to deallocate a device from a specific zone. In Trusted Extensions, regular users do not use this command.
Adds the -a option to display device attributes, such as authorizations and labels. Adds the -d option to display the default attributes of an allocated device type. Adds the -z option to display available devices that can be allocated to a labeled zone.
See the man page.
Adds the -T option to archive and extract files and directories that are labeled.
Adds the windata_down and windata_up audit policy options.
Adds the -l option to select audit records by label.
Modifies the names and contents of auto_home maps to account for zone names and zone visibility from higher labels.
Adds the all-zones option to make an interface available to every zone on the system.
Adds the -R option to display extended security attributes for sockets and routing table entries.
Adds the -secattr option to display the security attributes of the route: cipso, doi, max_sl, and min_sl.
Adds a debug flag, 0x0400, for label processing.
See the man page.
In the global zone, uses two multilevel ports, UDP ports 500 and 4500, to negotiate labeled security associations.
See the ike.config(4) man page.
Adds the label, outer-label, and implicit-label extensions. These extensions associate Trusted Extensions labels with the traffic that is carried inside a security association.
See the man page.