JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11 Security Guidelines     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


1.  Overview of Oracle Solaris 11 Security

2.  Configuring Oracle Solaris 11 Security

Installing the Oracle Solaris OS

Securing the System

Verify Your Packages

Disable Unneeded Services

Remove Power Management Capability From Users

Place Security Message in Banner Files

Place Security Message on the Desktop Login Screen

Securing Users

Set Stronger Password Constraints

Set Account Locking for Regular Users

Set More Restrictive umask Value for Regular Users

Audit Significant Events in Addition to Login/Logout

Monitor lo Events in Real Time

Remove Unneeded Basic Privileges From Users

Securing the Kernel

Configuring the Network

Display Security Message to ssh and ftp Users

Disable the Network Routing Daemon

Disable Broadcast Packet Forwarding

Disable Responses to Echo Requests

Set Strict Multihoming

Set Maximum Number of Incomplete TCP Connections

Set Maximum Number of Pending TCP Connections

Specify a Strong Random Number for Initial TCP Connection

Reset Network Parameters to Secure Values

Protecting File Systems and Files

Protecting and Modifying Files

Securing Applications and Services

Creating Zones to Contain Critical Applications

Managing Resources in Zones

Configuring IPsec and IKE

Configuring IP Filter

Configuring Kerberos

Adding SMF to a Legacy Service

Creating a BART Snapshot of the System

Adding Multilevel (Labeled) Security

Configuring Trusted Extensions

Configuring Labeled IPsec

3.  Monitoring and Maintaining Oracle Solaris 11 Security

A.  Bibliography for Oracle Solaris Security

Adding Multilevel (Labeled) Security

Trusted Extensions extends Oracle Solaris security by enforcing a mandatory access control (MAC) policy. Sensitivity labels are automatically applied to all sources of data (networks, file systems, and windows) and consumers of data (user and processes). Access to all data is restricted based on the relationship between the label of the data (object) and the consumer (subject). The layered functionality consists of a set of label-aware services.

A partial list of Trusted Extensions services includes:

The group/feature/trusted-desktop packages provide the Oracle Solaris multilevel, trusted desktop environment.

Configuring Trusted Extensions

You must install the Trusted Extensions packages, then configure the system. After package installation, the system can run a desktop with a directly connected bitmapped display, such as a laptop or workstation. Network configuration is required to communicate with other systems.

For information and procedures see the following:

Configuring Labeled IPsec

You can protect your labeled packets with IPsec.

For information and procedures see the following: