Task Map: Configuring Trusted Extensions - Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases

Skip Navigation Links
Exit Print View
	Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases

Oracle Technology Network

Document Information

1. Security Planning for Trusted Extensions

2. Installation and Configuration Roadmap for Trusted Extensions

Task Map: Preparing a Solaris System for Trusted Extensions

Task Map: Preparing For and Installing Trusted Extensions

Task Map: Configuring Trusted Extensions

3. Installing Solaris Trusted Extensions Software (Tasks)

4. Configuring Trusted Extensions (Tasks)

5. Configuring LDAP for Trusted Extensions (Tasks)

6. Configuring a Headless System With Trusted Extensions (Tasks)

A. Site Security Policy

B. Using CDE Actions to Install Zones in Trusted Extensions

C. Configuration Checklist for Trusted Extensions

Task Map: Configuring Trusted Extensions

For a secure installation, create roles early in the configuration process. The order of tasks when roles configure the system is shown in the following task map.

1. Configure the global zone.
	Tasks	For Instructions
	Protect machine hardware by requiring a password to change hardware settings.	Controlling Access to System Hardware in System Administration Guide: Security Services
	Configure labels. Labels must be configured for your site. If you plan to use the default `label_encodings` file, you can skip this task.	Check and Install Your Label Encodings File
	If you are running an IPv6 network, you modify the `/etc/system` file to enable IP to recognize labeled packets.	Enable IPv6 Networking in Trusted Extensions
	If you plan to use a Solaris ZFS snapshot to clone zones, create the ZFS pool. ZFS is derived from and an acronym for “zettabyte file system”.	Create ZFS Pool for Cloning Zones
	Boot to activate a labeled environment. Upon login, you are in the global zone. The system's `label_encodings` file enforces mandatory access control (MAC).	Reboot and Log In to Trusted Extensions
	Initialize the Solaris Management Console. This GUI is used to label zones, among other tasks.	Initialize the Solaris Management Console Server in Trusted Extensions
	Create the Security Administrator role and other roles that you plan to use locally. You create these roles just as you would create them in the Solaris OS. You can delay this task until the end. For the consequences, see Devising an Installation and Configuration Strategy for Trusted Extensions.	Creating Roles and Users in Trusted Extensions Verify That the Trusted Extensions Roles Work

Skip the next set of tasks if you are using local files administer the system.

2. Configure a naming service.
	Tasks	For Instructions
	If you plan to use files to administer Trusted Extensions, you can skip the following tasks.	No configuration is required for the files naming service.
	If you have an existing Sun Java System Directory Server (LDAP server), add Trusted Extensions databases to the server. Then make your first Trusted Extensions system a proxy of the LDAP server. If you do not have an LDAP server, then configure your first system as the server.	Chapter 5, Configuring LDAP for Trusted Extensions (Tasks)
	Manually set up an LDAP toolbox for the Solaris Management Console. The toolbox can be used to modify Trusted Extensions attributes on network objects.	Configuring the Solaris Management Console for LDAP (Task Map)
	For systems that are not the LDAP server or proxy server, make them an LDAP client.	Make the Global Zone an LDAP Client in Trusted Extensions
	In the LDAP scope, create the Security Administrator role and other roles that you plan to use. You can delay this task until the end. For the consequences, see Devising an Installation and Configuration Strategy for Trusted Extensions.	Creating Roles and Users in Trusted Extensions Verify That the Trusted Extensions Roles Work

3. Create labeled zones.
	Tasks	For Instructions
	Run the `txzonemgr` command. Follow the menus to configure the network interfaces, then create and customize the first labeled zone. After all zones are successfully customized, you can add zone-specific network addresses to the labeled zones.	Creating Labeled Zones
	Or, use Trusted CDE actions.	Appendix B, Using CDE Actions to Install Zones in Trusted Extensions

Many of the next set of tasks are described in Solaris Trusted Extensions Administrator’s Procedures.

4. Complete system setup.
	Tasks	For Instructions
	Identify additional remote hosts that require a label, one or more multilevel ports, or a different control message policy.	Configuring Trusted Network Databases (Task Map) in Solaris Trusted Extensions Administrator’s Procedures
	Create a multilevel home directory server, then automount the installed zones.	Creating Home Directories in Trusted Extensions
	Configure auditing, mount file systems, and perform other tasks before enabling users to log in to the system.	Solaris Trusted Extensions Administrator’s Procedures
	Add users from an NIS environment to your LDAP server.	Add an NIS User to the LDAP Server
	Add a host and its labeled zones to the LDAP server.	Configuring Trusted Network Databases (Task Map) in Solaris Trusted Extensions Administrator’s Procedures

Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices

Previous

Next