Skip Navigation Links | |
Exit Print View | |
Trusted Extensions Administrator's Procedures Oracle Solaris 10 1/13 Information Library |
1. Trusted Extensions Administration Concepts
2. Trusted Extensions Administration Tools
3. Getting Started as a Trusted Extensions Administrator (Tasks)
Security Requirements When Administering Trusted Extensions
Role Creation in Trusted Extensions
Role Assumption in Trusted Extensions
Getting Started as a Trusted Extensions Administrator (Task Map)
How to Enter the Global Zone in Trusted Extensions
How to Exit the Global Zone in Trusted Extensions
How to Administer the Local System With the Solaris Management Console
How to Start CDE Administrative Actions in Trusted Extensions
How to Edit Administrative Files in Trusted Extensions
4. Security Requirements on a Trusted Extensions System (Overview)
5. Administering Security Requirements in Trusted Extensions (Tasks)
6. Users, Rights, and Roles in Trusted Extensions (Overview)
7. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
8. Remote Administration in Trusted Extensions (Tasks)
9. Trusted Extensions and LDAP (Overview)
10. Managing Zones in Trusted Extensions (Tasks)
11. Managing and Mounting Files in Trusted Extensions (Tasks)
12. Trusted Networking (Overview)
13. Managing Networks in Trusted Extensions (Tasks)
14. Multilevel Mail in Trusted Extensions (Overview)
15. Managing Labeled Printing (Tasks)
16. Devices in Trusted Extensions (Overview)
17. Managing Devices for Trusted Extensions (Tasks)
18. Trusted Extensions Auditing (Overview)
19. Software Management in Trusted Extensions (Tasks)
A. Quick Reference to Trusted Extensions Administration
Solaris 10 1/13 – In this release, Trusted Extensions adds audit events for the printing subsystem. Read the /etc/security/audit_event file for the definitions of trusted printing events, AUE_print_request, AUE_print_request_ps, AUE_print_request_unlabeled, and AUE_print_request_nobanner.
Solaris 10 10/08 – In this release, Trusted Extensions provides the following features:
The Trusted Extensions shared IP stack allows default routes to isolate labeled zones from each other and from the global zone.
The loopback interface, lo0, is an all-zones interface.
Separation of duty can be enforced by role. The System Administrator role creates users, but cannot assign passwords. The Security Administrator role assigns passwords, but cannot create users. For details, see Create Rights Profiles That Enforce Separation of Duty in Trusted Extensions Configuration Guide.
This guide includes a list of Trusted Extensions man pages in Appendix B, List of Trusted Extensions Man Pages.
Solaris 10 5/08 – In this release, Trusted Extensions provides the following features:
The service management facility (SMF) manages Trusted Extensions as the svc:/system/labeld service. By default, the labeld service is disabled. When the service is enabled, the system must still be configured and rebooted to enforce Trusted Extensions security policies.
The CIPSO Domain of Interpretation (DOI) number that your system uses is configurable.
For information about the DOI, see Network Security Attributes in Trusted Extensions.
To specify a DOI that differs from the default, see Configure the Domain of Interpretation in Trusted Extensions Configuration Guide.
Trusted Extensions recognizes CIPSO labels in NFS Version 3 (NFSv3) mounted file systems, as well as in NFS Version 4 (NFSv4). Therefore, you can mount NFSv3 file systems on a Trusted Extensions system as a labeled file system. To use udp as an underlying protocol for multilevel mounts in NFSv3, see How to Configure a Multilevel Port for NFSv3 Over udp.
The name service cache daemon, nscd, can be configured to run in every labeled zone at the label of the zone.