1. Trusted Extensions Administration Concepts
2. Trusted Extensions Administration Tools
3. Getting Started as a Trusted Extensions Administrator (Tasks)
4. Security Requirements on a Trusted Extensions System (Overview)
Configurable Oracle Solaris Security Features
Trusted Extensions Interfaces for Configuring Security Features
Extension of Oracle Solaris Security Mechanisms by Trusted Extensions
Security Requirements Enforcement
Users and Security Requirements
Rules When Changing the Level of Security for Data
Customization of Solaris Trusted Extensions (CDE)
5. Administering Security Requirements in Trusted Extensions (Tasks)
6. Users, Rights, and Roles in Trusted Extensions (Overview)
7. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
8. Remote Administration in Trusted Extensions (Tasks)
9. Trusted Extensions and LDAP (Overview)
10. Managing Zones in Trusted Extensions (Tasks)
11. Managing and Mounting Files in Trusted Extensions (Tasks)
12. Trusted Networking (Overview)
13. Managing Networks in Trusted Extensions (Tasks)
14. Multilevel Mail in Trusted Extensions (Overview)
15. Managing Labeled Printing (Tasks)
16. Devices in Trusted Extensions (Overview)
17. Managing Devices for Trusted Extensions (Tasks)
18. Trusted Extensions Auditing (Overview)
19. Software Management in Trusted Extensions (Tasks)
A. Quick Reference to Trusted Extensions Administration
Trusted Extensions uses the same security features that the Oracle Solaris OS provides, and adds some features. For example, the Oracle Solaris OS provides eeprom protection, password requirements and strong password algorithms, system protection by locking out a user, and protection from keyboard shutdown.
Trusted Extensions differs from the Oracle Solaris OS in the actual procedures that are used to modify these security defaults. In Trusted Extensions, you typically administer systems by assuming a role. Local settings are modified by using the trusted editor. Changes that affect the network of users, roles, and hosts are made in the Solaris Management Console.
Procedures are provided in this book where Trusted Extensions requires a particular interface to modify security settings, and that interface is optional in the Oracle Solaris OS. Where Trusted Extensions requires the use of the trusted editor to edit local files, no separate procedures are provided in this book. For example, the procedure How to Prevent Account Locking for Users describes how to update a user's account by using the Solaris Management Console to prevent the account from being locked. However, the procedure for setting a system-wide password lock policy is not provided in this book. You follow the Oracle Solaris instructions, except that in Trusted Extensions, you use the trusted editor to modify the system file.
The following Oracle Solaris security mechanisms are extensible in Trusted Extensions as they are in the Oracle Solaris OS:
Audit events and classes – Adding audit events and audit classes is described in Chapter 30, Managing Solaris Auditing (Tasks), in System Administration Guide: Security Services.
Rights profiles – Adding rights profiles is described in Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.
Roles – Adding roles is described in Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.
Authorizations – For an example of adding a new authorization, see Customizing Device Authorizations in Trusted Extensions (Task Map).
As in the Oracle Solaris OS, privileges cannot be extended.
Trusted Extensions provides the following unique security features:
Labels – Subjects and objects are labeled. Processes are labeled. Zones and the network are labeled.
Device Allocation Manager – By default, devices are protected by allocation requirements. The Device Allocation Manager GUI is the interface for administrators and for regular users.
Change Password menu item – The Trusted Path menu enables you to change your user password, and the password of the role that you have assumed.