Skip Navigation Links | |
Exit Print View | |
Trusted Extensions Configuration Guide Oracle Solaris 10 8/11 Information Library |
1. Security Planning for Trusted Extensions
Planning for Security in Trusted Extensions
Understanding Trusted Extensions
Understanding Your Site's Security Policy
Planning Who Will Configure Trusted Extensions
For International Customers of Trusted Extensions
Planning System Hardware and Capacity for Trusted Extensions
Planning Your Labeled Zones in Trusted Extensions
Trusted Extensions Zones and Oracle Solaris Zones
Zone Creation in Trusted Extensions
Planning for Multilevel Access
Planning for the LDAP Naming Service in Trusted Extensions
Planning for Auditing in Trusted Extensions
Planning User Security in Trusted Extensions
Devising a Configuration Strategy for Trusted Extensions
Resolving Additional Issues Before Enabling Trusted Extensions
Backing Up the System Before Enabling Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
B. Using CDE Actions to Install Zones in Trusted Extensions
After the Trusted Extensions software is enabled and the system is rebooted, the following security features are in place. Many features are configurable by the security administrator.
Auditing is enabled.
An Oracle label_encodings file is installed and configured.
Two trusted desktops are added. Solaris Trusted Extensions (CDE) is the trusted version of CDE. Solaris Trusted Extensions (JDS) is the trusted version of the Sun Java Desktop System. Each windowing environment creates Trusted Path workspaces in the global zone.
As in the Oracle Solaris OS, rights profiles for roles are defined. As in the Oracle Solaris OS, roles are not defined.
To use roles to administer Trusted Extensions, you must create the roles. During configuration, you create the Security Administrator role.
Three Trusted Extensions network databases, tnrhdb, tnrhtp, and tnzonecfg are added. The databases are administered by using the Security Templates tool and the Trusted Network Zones tool in the Solaris Management Console.
Trusted Extensions provides GUIs to administer the system. Some GUIs are extensions to an Oracle Solaris GUI.
In Trusted CDE, administrative actions are provided in the Trusted_Extensions folder. Some of these actions are used when you initially configure Trusted Extensions. The tools are introduced in Chapter 2, Trusted Extensions Administration Tools, in Trusted Extensions Administrator’s Procedures.
The txzonemgr script enables administrators to configure Trusted Extensions zones and networking. For more information, see the txzonemgr(1M) man page.
A trusted editor enables administrators to modify local administrative files. In Trusted CDE, the Admin Editor action invokes a trusted editor.
The Device Allocation Manager manages attached devices.
The Solaris Management Console provides Java-based tools to manage local and network administrative databases. The use of these tools is required for managing the trusted network, zones, and users.