| | | |
A |
|
| access, See computer access |
|
| access policy |
| | devices ( ) |
| | Discretionary Access Control (DAC) ( ) ( ) |
| | Mandatory Access Control (MAC) ( ) |
|
| accessing |
| | administrative tools ( ) |
| | audit records by label ( ) |
| | devices ( ) |
| | global zone ( ) |
| | home directories ( ) |
| | printers ( ) |
| | remote multilevel desktop ( ) |
| | Solaris Management Console ( ) |
| | ZFS dataset mounted in lower-level zone from higher-level zone ( ) |
|
| accessing the X server ( ) |
|
| account locking, preventing ( ) |
|
| accounts |
| | See roles | |
| | See also users | |
| | creating ( ) |
| | planning ( ) |
|
| accreditation checks ( ) |
|
| accreditation ranges, label_encodings file ( ) |
|
| Action failed. Reconnect to Solaris Zone? ( ) |
|
| add_allocatable command ( ) |
|
| adding |
| | default routes for labeled zones ( ) |
| | LDAP toolbox ( ) |
| | local role with roleadd ( ) |
| | local user with useradd ( ) |
| | network databases to LDAP server ( ) |
| | nscd daemon to every labeled zone ( ) |
| | roles ( ) |
| | shared network interfaces ( ) |
| | Trusted Extensions to a Solaris system ( ) |
| | users by using lpaddent ( ) |
| | users who can assume roles ( ) |
| | zone-specific network interface ( ) |
| | zone-specific nscd daemon ( ) |
|
| Additional Trusted Extensions Configuration Tasks ( ) |
|
| ADMIN_HIGH label ( ) |
|
| ADMIN_LOW label |
| | lowest label ( ) |
| | protecting administrative files ( ) |
|
| administering |
| | account locking ( ) |
| | assigning device authorizations ( ) |
| | auditing in Trusted Extensions ( ) |
| | changing label of information ( ) |
| | convenient authorizations for users ( ) |
| | device allocation ( ) |
| | device authorizations ( ) |
| | devices ( ) ( ) |
| | file systems |
| | | mounting ( ) |
| | | overview ( ) |
| | | troubleshooting ( ) |
| | files |
| | | backing up ( ) |
| | | restoring ( ) |
| | from the global zone ( ) |
| | hiding labels from users ( ) |
| | labeled printing ( ) |
| | LDAP ( ) |
| | mail ( ) |
| | multilevel ports ( ) |
| | network in Trusted Extensions ( ) |
| | network of users ( ) |
| | PostScript printing ( ) |
| | printing in Trusted Extensions ( ) |
| | printing interoperability with Trusted Solaris 8 ( ) |
| | quick reference for administrators ( ) |
| | remote host database ( ) |
| | remote host templates ( ) |
| | remotely ( ) |
| | remotely by a role ( ) |
| | remotely from command line ( ) |
| | remotely with Solaris Management Console ( ) ( ) |
| | routes with security attributes ( ) |
| | serial line for login ( ) |
| | sharing file systems ( ) |
| | startup files for users ( ) |
| | system files ( ) |
| | third-party software ( ) |
| | timeout when relabeling information ( ) |
| | trusted network databases ( ) |
| | trusted networking ( ) |
| | unlabeled printing ( ) |
| | user privileges ( ) |
| | users ( ) ( ) |
| | zones ( ) |
| | zones from Trusted JDS ( ) |
|
| Administering Trusted Extensions Remotely (Task Map) ( ) |
|
| administrative labels ( ) |
|
| administrative roles, See roles |
|
| Administrative Roles tool ( ) |
|
| administrative tools |
| | accessing ( ) |
| | commands ( ) |
| | configuration files ( ) |
| | description ( ) |
| | Device Manager ( ) |
| | label builder ( ) |
| | Labeled Zone Manager ( ) |
| | Solaris Management Console ( ) ( ) |
| | txzonemgr script ( ) |
|
| allocate command ( ) |
|
| Allocate Device authorization ( ) ( ) ( ) ( ) |
|
| allocate error state, correcting ( ) |
|
| allocating, using Device Manager ( ) |
|
| allocating devices |
| | for copying data ( ) |
| | tape drive ( ) |
|
| Always Print Banner checkbox ( ) |
|
| applications |
| | evaluating for security ( ) |
| | installing ( ) |
| | trusted and trustworthy ( ) |
|
| assigning |
| | editor as the trusted editor ( ) |
| | privileges to users ( ) |
| | rights profiles ( ) |
|
| Assume Role menu item ( ) |
|
| assuming, roles ( ) |
|
| atohexlabel command ( ) ( ) |
|
| audio devices, preventing remote allocation ( ) |
|
| audit classes for Trusted Extensions, list of new X audit classes ( ) |
|
| audit events for Trusted Extensions, list of ( ) |
|
| audit planning ( ) |
|
| audit policy in Trusted Extensions ( ) |
|
| audit records in Trusted Extensions, policy ( ) |
|
| Audit Review profile, reviewing audit records ( ) |
|
| Audit Tasks of the System Administrator ( ) |
|
| audit tokens for Trusted Extensions |
| | label token ( ) |
| | list of ( ) |
| | xatom token ( ) |
| | xclient token ( ) |
| | xcolormap token ( ) |
| | xcursor token ( ) |
| | xfont token ( ) |
| | xgc token ( ) |
| | xpixmap token ( ) |
| | xproperty token ( ) |
| | xselect token ( ) |
| | xwindow token ( ) |
|
| auditconfig command ( ) |
|
| auditing, planning ( ) |
|
| auditing in Trusted Extensions |
| | additional audit events ( ) |
| | additional audit policies ( ) |
| | additional audit tokens ( ) |
| | additions to existing auditing commands ( ) |
| | differences from Solaris auditing ( ) |
| | reference ( ) |
| | roles for administering ( ) |
| | security administrator tasks ( ) |
| | system administrator tasks ( ) |
| | tasks ( ) |
| | X audit classes ( ) |
|
| auditreduce command ( ) |
|
| authorizations |
| | adding new device authorizations ( ) |
| | Allocate Device ( ) ( ) ( ) |
| | assigning ( ) |
| | assigning device authorizations ( ) |
| | authorizing a user or role to change label ( ) |
| | Configure Device Attributes ( ) |
| | convenient for users ( ) |
| | creating customized device authorizations ( ) |
| | creating local and remote device authorizations ( ) |
| | customizing for devices ( ) |
| | granted ( ) |
| | Print PostScript ( ) |
| | Print Postscript ( ) |
| | profiles that include device allocation authorizations ( ) |
| | Revoke or Reclaim Device ( ) ( ) |
| | solaris.print.nobanner ( ) |
| | solaris.print.ps ( ) |
|
| authorizing |
| | device allocation ( ) |
| | PostScript printing ( ) |
| | unlabeled printing ( ) |
|
| automount command ( ) |
| | | |
C |
|
| Cannot reach global zone ( ) |
|
| CD-ROM drives, accessing ( ) |
|
| Change Password menu item |
| | description ( ) |
| | using to change root password ( ) |
|
| changing |
| | IDLETIME keyword ( ) |
| | labels by authorized users ( ) |
| | rules for label changes ( ) |
| | security level of data ( ) |
| | system security defaults ( ) |
| | user privileges ( ) |
|
| checking |
| | label_encodings file ( ) |
| | roles are working ( ) |
|
| checklists for initial setup team ( ) |
|
| chk_encodings command ( ) ( ) |
|
| choosing, See selecting |
|
| classification label component ( ) |
|
| clearances, label overview ( ) |
|
| collecting information |
| | before enabling Trusted Extensions ( ) |
| | for LDAP service ( ) |
| | planning Trusted Extensions configuration ( ) |
|
| colors, indicating label of workspace ( ) |
|
| commands |
| | executing with privilege ( ) |
| | troubleshooting networking ( ) |
| | trusted_edit trusted editor ( ) |
|
| commercial applications, evaluating ( ) |
|
| Common Tasks in Trusted Extensions (Task Map) ( ) |
|
| compartment label component ( ) |
|
| component definitions, label_encodings file ( ) |
|
| computer access |
| | administrator responsibilities ( ) |
| | restricting ( ) |
|
| Computers and Networks tool |
| | adding known hosts ( ) ( ) |
| | modifying tnrhdb database ( ) |
|
| Computers and Networks tool set ( ) |
|
| configuration files, copying ( ) |
|
| Configure Device Attributes authorization ( ) |
|
| configuring |
| | access to headless Trusted Extensions ( ) |
| | as a role or as superuser? ( ) |
| | auditing ( ) |
| | authorizations for devices ( ) |
| | devices ( ) |
| | labeled printing ( ) |
| | LDAP for Trusted Extensions ( ) |
| | LDAP proxy server for Trusted Extensions clients ( ) |
| | network interfaces ( ) |
| | routes with security attributes ( ) |
| | serial line for login ( ) |
| | Solaris Management Console for LDAP ( ) |
| | startup files for users ( ) |
| | Trusted Extensions labeled zones ( ) |
| | Trusted Extensions software ( ) |
| | trusted network ( ) |
|
| Configuring an LDAP Proxy Server on a Trusted Extensions Host (Task Map) ( ) |
|
| Configuring an LDAP Server on a Trusted Extensions Host (Task Map) ( ) |
|
| Configuring Labeled IPsec (Task Map) ( ) |
|
| Configuring Labeled Printing (Task Map) ( ) |
|
| Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) ( ) |
|
| Configuring the Solaris Management Console for LDAP (Task Map) ( ) |
|
| configuring Trusted Extensions |
| | checklist for install team ( ) |
| | headless access ( ) |
| | initial procedures ( ) |
| | labeled zones ( ) |
| | task maps ( ) |
|
| Configuring Trusted Network Databases (Task Map) ( ) |
|
| controlling, See restricting |
|
| .copy_files file |
| | description ( ) |
| | setting up for users ( ) ( ) |
| | startup file ( ) |
|
| Create a new zone menu item ( ) |
|
| creating |
| | accounts ( ) |
| | accounts during or after configuration ( ) |
| | authorizations for devices ( ) |
| | home directories ( ) ( ) |
| | home directory server ( ) |
| | labeled zones ( ) |
| | LDAP client ( ) |
| | LDAP proxy server for Trusted Extensions clients ( ) |
| | LDAP toolbox ( ) |
| | local role with roleadd ( ) |
| | local user with useradd ( ) |
| | roles ( ) |
| | users who can assume roles ( ) |
| | zones ( ) |
|
| Creating Labeled Zones ( ) |
|
| credentials, registering LDAP with the Solaris Management Console ( ) |
|
| customizing |
| | device authorizations ( ) |
| | label_encodings file ( ) |
| | unlabeled printing ( ) |
| | user accounts ( ) |
|
| Customizing Device Authorizations in Trusted Extensions (Task Map) ( ) |
|
| Customizing User Environment for Security (Task Map) ( ) |
|
| cut and paste, and labels ( ) |
|
| cutting and pasting, configuring rules for label changes ( ) |
| | | |
D |
|
| DAC, See discretionary access control (DAC) |
|
| databases |
| | in LDAP ( ) |
| | trusted network ( ) |
|
| datasets, See ZFS |
|
| deallocate command ( ) |
|
| deallocating, forcing ( ) |
|
| debugging, See troubleshooting |
|
| deciding |
| | to configure as a role or as superuser ( ) |
| | to use a Sun-supplied encodings file ( ) |
|
| decisions to make |
| | based on site security policy ( ) |
| | before enabling Trusted Extensions ( ) |
|
| default routes, specifying for labeled zones ( ) |
|
| deleting, labeled zones ( ) |
|
| desktops |
| | accessing multilevel remotely ( ) |
| | logging in to a failsafe session ( ) |
| | workspace color changes ( ) |
|
| /dev/kmem kernel image file, security violation ( ) |
|
| developer responsibilities ( ) |
|
| device allocation |
| | authorizing ( ) |
| | overview ( ) |
| | profiles that include allocation authorizations ( ) |
|
| device-clean scripts |
| | adding to devices ( ) |
| | requirements ( ) |
|
| Device Manager |
| | administrative tool ( ) |
| | description ( ) |
| | use by administrators ( ) |
|
| devices |
| | access policy ( ) |
| | accessing ( ) |
| | adding customized authorizations ( ) |
| | adding device_clean script ( ) |
| | administering ( ) |
| | administering with Device Manager ( ) |
| | allocating ( ) |
| | configuring devices ( ) |
| | configuring serial line ( ) |
| | creating new authorizations ( ) |
| | in Trusted Extensions ( ) |
| | policy defaults ( ) |
| | preventing remote allocation of audio ( ) |
| | protecting ( ) |
| | protecting nonallocatable ( ) |
| | reclaiming ( ) |
| | setting label range for nonallocatable ( ) |
| | setting policy ( ) |
| | troubleshooting ( ) |
| | using ( ) |
|
| dfstab file, for public zone ( ) |
|
| differences |
| | administrative interfaces in Trusted Extensions ( ) |
| | between Trusted Extensions and Solaris auditing ( ) |
| | between Trusted Extensions and Solaris OS ( ) |
| | defaults in Trusted Extensions ( ) |
| | extending Solaris interfaces ( ) |
| | limited options in Trusted Extensions ( ) |
|
| directories |
| | accessing lower-level ( ) |
| | authorizing a user or role to change label of ( ) |
| | for naming service setup ( ) |
| | mounting ( ) |
| | sharing ( ) |
|
| disabling, Trusted Extensions ( ) |
|
| discretionary access control (DAC) ( ) |
|
| diskettes, accessing ( ) |
|
| displaying |
| | labels of file systems in labeled zone ( ) |
| | status of every zone ( ) |
|
| DOI, remote host templates ( ) |
|
| domain of interpretation (DOI), entry in /etc/system file ( ) |
|
| dominance of labels ( ) |
|
| Downgrade DragNDrop or CutPaste Info authorization ( ) |
|
| Downgrade File Label authorization ( ) |
|
| downgrading labels, configuring rules for selection confirmer ( ) |
|
| dpadm service ( ) |
|
| DragNDrop or CutPaste without viewing contents authorization ( ) |
|
| dsadm service ( ) |
|
| dtsession command, running updatehome ( ) |
|
| dtterm terminal, forcing the sourcing of .profile ( ) |
| | | |
L |
|
| label audit token ( ) |
|
| label_encodings file |
| | checking ( ) |
| | contents ( ) |
| | installing ( ) |
| | localizing ( ) |
| | modifying ( ) |
| | reference for labeled printing ( ) |
| | source of accreditation ranges ( ) |
|
| label ranges |
| | restricting printer label range ( ) |
| | setting on frame buffers ( ) |
| | setting on printers ( ) |
|
| labeld service ( ) |
| | disabling ( ) |
|
| labeled printing |
| | banner pages ( ) |
| | body pages ( ) |
| | PostScript files ( ) |
| | removing label ( ) |
| | removing PostScript restriction ( ) |
| | without banner page ( ) ( ) |
|
| Labeled Zone Manager, See txzonemgr script |
|
| labeled zones, See zones |
|
| labeling |
| | turning on labels ( ) |
| | zones ( ) |
|
| labels |
| | See also label ranges | |
| | authorizing a user or role to change label of data ( ) |
| | classification component ( ) |
| | compartment component ( ) |
| | configuring rules for label changes ( ) |
| | default in remote host templates ( ) |
| | described ( ) |
| | determining text equivalents ( ) |
| | displaying in hexadecimal ( ) |
| | displaying labels of file systems in labeled zone ( ) |
| | dominance ( ) |
| | downgrading and upgrading ( ) |
| | hiding from users ( ) |
| | of processes ( ) |
| | of user processes ( ) |
| | on printer output ( ) |
| | overview ( ) |
| | planning ( ) |
| | printing without page labels ( ) |
| | relationships ( ) |
| | repairing in internal databases ( ) |
| | specifying for zones ( ) |
| | troubleshooting ( ) |
| | well-formed ( ) |
|
| LDAP |
| | displaying entries ( ) |
| | enabling administration from a client ( ) |
| | managing the naming service ( ) |
| | naming service for Trusted Extensions ( ) |
| | planning ( ) |
| | starting ( ) |
| | stopping ( ) |
| | troubleshooting ( ) |
| | Trusted Extensions databases ( ) |
|
| LDAP configuration |
| | creating client ( ) |
| | for Trusted Extensions ( ) |
| | Sun Ray servers, and ( ) |
|
| LDAP server |
| | collecting information for ( ) |
| | configuring multilevel port ( ) |
| | configuring naming service ( ) |
| | configuring proxy for Trusted Extensions clients ( ) |
| | creating proxy for Trusted Extensions clients ( ) |
| | installing in Trusted Extensions ( ) |
| | planning for separation of duty ( ) |
| | protecting log files ( ) |
| | registering credentials with Solaris Management Console ( ) |
|
| lengthening timeout, for relabeling ( ) |
|
| limiting, defined hosts on the network ( ) |
|
| .link_files file |
| | description ( ) |
| | setting up for users ( ) |
| | startup file ( ) |
|
| list_devices command ( ) |
|
| localizing, changing labeled printer output ( ) |
|
| log files, protecting Directory Server logs ( ) |
|
| logging in |
| | to a home directory server ( ) |
| | using rlogin command ( ) |
|
| login |
| | by roles ( ) |
| | configuring serial line ( ) |
| | remote ( ) |
| | remote by roles ( ) |
|
| logout, requiring ( ) |
|
| lpaddent command ( ) |
| | | |
M |
|
| MAC, See mandatory access control (MAC) |
|
| mail |
| | administering ( ) |
| | implementation in Trusted Extensions ( ) |
| | multilevel ( ) |
|
| man pages, quick reference for Trusted Extensions administrators ( ) |
|
| managing, See administering |
|
| Managing Devices in Trusted Extensions (Task Map) ( ) |
|
| Managing Printing in Trusted Extensions (Task Map) ( ) |
|
| Managing Software in Trusted Extensions (Tasks) ( ) |
|
| Managing Trusted Networking (Task Map) ( ) |
|
| Managing Users and Rights With the Solaris Management Console (Task Map) ( ) |
|
| Managing Zones (Task Map) ( ) |
|
| mandatory access control (MAC) |
| | enforcing on the network ( ) |
| | in Trusted Extensions ( ) |
|
| maximum labels, remote host templates ( ) |
|
| media, copying files from removable ( ) |
|
| minimum labels, remote host templates ( ) |
|
| MLPs, See multilevel ports (MLPs) |
|
| modifying, label_encodings file ( ) |
|
| mounting |
| | file systems ( ) |
| | files by loopback mounting ( ) |
| | overview ( ) |
| | troubleshooting ( ) |
| | ZFS dataset on labeled zone ( ) |
|
| Mozilla, lengthening timeout when relabeling ( ) |
|
| multiheaded system, trusted stripe ( ) |
|
| multilevel mounts, NFS protocol versions ( ) |
|
| multilevel ports (MLPs) |
| | administering ( ) |
| | example of NFSv3 MLP ( ) |
| | example of web proxy MLP ( ) |
|
| multilevel printing |
| | accessing by print client ( ) |
| | configuring ( ) |
|
| multilevel server, planning ( ) |
| | | |
P |
|
| packages, accessing the media ( ) |
|
| passwords |
| | assigning ( ) |
| | Change Password menu item ( ) ( ) |
| | changing for root ( ) |
| | changing user passwords ( ) |
| | storage ( ) |
| | testing if password prompt is trusted ( ) |
|
| plabel command ( ) |
|
| planning |
| | See also Trusted Extensions use | |
| | account creation ( ) |
| | administration strategy ( ) |
| | auditing ( ) |
| | data migration ( ) |
| | hardware ( ) |
| | labels ( ) |
| | LDAP naming service ( ) |
| | network ( ) |
| | NFS server ( ) |
| | printing ( ) |
| | Trusted Extensions ( ) |
| | Trusted Extensions configuration strategy ( ) |
| | zones ( ) |
|
| policy.conf file |
| | changing defaults ( ) |
| | changing Trusted Extensions keywords ( ) |
| | defaults ( ) |
| | how to edit ( ) |
|
| PostScript |
| | enabling to print ( ) |
| | printing restrictions in Trusted Extensions ( ) |
|
| preventing, See protecting |
|
| Print Postscript authorization ( ) ( ) ( ) |
|
| Print without Banner authorization ( ) ( ) |
|
| Print without Label authorization ( ) |
|
| printer output, See printing |
|
| printers, setting label range ( ) |
|
| printing |
| | adding conversion filters ( ) |
| | and label_encodings file ( ) |
| | authorizations for unlabeled output from a public system ( ) |
| | configuring for multilevel labeled output ( ) |
| | configuring for print client ( ) |
| | configuring labeled zone ( ) |
| | configuring labels and text ( ) |
| | configuring public print jobs ( ) |
| | in local language ( ) |
| | internationalizing labeled output ( ) |
| | interoperability with Trusted Solaris 8 ( ) |
| | labeling a Solaris print server ( ) |
| | localizing labeled output ( ) |
| | managing ( ) |
| | model scripts ( ) |
| | planning ( ) |
| | PostScript files ( ) |
| | PostScript restrictions in Trusted Extensions ( ) |
| | preventing labels on output ( ) |
| | public jobs from a Solaris print server ( ) |
| | removing PostScript restriction ( ) |
| | restricting label range ( ) |
| | using a Solaris print server ( ) |
| | without labeled banners and trailers ( ) ( ) |
| | without page labels ( ) ( ) |
|
| privileges |
| | changing defaults for users ( ) |
| | non-obvious reasons for requiring ( ) |
| | removing proc_info from basic set ( ) |
| | restricting users' ( ) |
| | when executing commands ( ) |
|
| proc_info privilege, removing from basic set ( ) |
|
| procedures, See tasks and task maps |
|
| processes |
| | labels of ( ) |
| | labels of user processes ( ) |
| | preventing users from seeing others' processes ( ) |
|
| profiles, See rights profiles |
|
| programs, See applications |
|
| protecting |
| | devices ( ) ( ) |
| | devices from remote allocation ( ) |
| | file systems by using non-proprietary names ( ) |
| | files at lower labels from being accessed ( ) |
| | from access by arbitrary hosts ( ) |
| | information with labels ( ) |
| | labeled hosts from contact by arbitrary unlabeled hosts ( ) |
| | nonallocatable devices ( ) |
|
| publications, security and UNIX ( ) |
| | | |
R |
|
| real UID of root, required for applications ( ) |
|
| rebooting |
| | activating labels ( ) |
| | enabling login to labeled zone ( ) |
|
| Reducing Printing Restrictions in Trusted Extensions (Task Map) ( ) |
|
| regaining control of desktop focus ( ) |
|
| registering, LDAP credentials with the Solaris Management Console ( ) |
|
| regular users, See users |
|
| relabeling information ( ) |
|
| remote administration |
| | defaults ( ) |
| | methods ( ) |
|
| remote host templates |
| | assigning ( ) |
| | assigning to hosts ( ) |
| | creating ( ) |
| | tool for administering ( ) |
|
| remote hosts, using fallback mechanism in tnrhdb ( ) |
|
| Remote Login authorization ( ) |
|
| remote logins, enabling for roles ( ) |
|
| remote multilevel desktop, accessing ( ) |
|
| removable media, mounting ( ) |
|
| remove_allocatable command ( ) |
|
| removing |
| | labels on printer output ( ) |
| | zone-specific nscd daemon ( ) |
|
| removing Trusted Extensions, See disabling |
|
| repairing, labels in internal databases ( ) |
|
| requirements for Trusted Extensions |
| | Solaris installation options ( ) |
| | Solaris installed systems ( ) |
|
| resolv.conf file, loading during configuration ( ) |
|
| restoring control of desktop focus ( ) |
|
| restricting |
| | access to computer based on label ( ) |
| | access to devices ( ) |
| | access to global zone ( ) |
| | access to lower-level files ( ) |
| | access to printers with labels ( ) |
| | mounts of lower-level files ( ) |
| | printer access with labels ( ) |
| | printer label range ( ) |
| | remote access ( ) |
|
| Revoke or Reclaim Device authorization ( ) ( ) |
|
| rights, See rights profiles |
|
| rights profiles |
| | assigning ( ) |
| | Convenient Authorizations ( ) |
| | customizing for separation of duty ( ) |
| | with Allocate Device authorization ( ) |
| | with device allocation authorizations ( ) |
| | with new device authorizations ( ) |
|
| Rights tool ( ) |
|
| roadmaps |
| | Task Map: Configuring Trusted Extensions ( ) |
| | Task Map: Preparing a Solaris System for Trusted Extensions ( ) |
| | Task Map: Preparing For and Enabling Trusted Extensions ( ) |
|
| role workspace, global zone ( ) |
|
| roleadd command ( ) |
|
| roles |
| | adding local role with roleadd ( ) |
| | administering auditing ( ) |
| | administering remotely ( ) ( ) |
| | assigning rights ( ) |
| | assuming ( ) ( ) |
| | creating ( ) |
| | creating Security Administrator ( ) |
| | determining when to create ( ) |
| | leaving role workspace ( ) |
| | logging in remotely ( ) |
| | remote login ( ) |
| | role assumption from unlabeled host ( ) |
| | separation of duty ( ) ( ) |
| | trusted application access ( ) |
| | verifying they work ( ) |
| | workspaces ( ) |
|
| root passwords, required in Trusted Extensions ( ) |
|
| root UID, required for applications ( ) |
|
| route command ( ) ( ) |
|
| routing ( ) |
| | accreditation checks ( ) |
| | commands in Trusted Extensions ( ) |
| | concepts ( ) |
| | example of ( ) |
| | specifying default routes for labeled zones ( ) |
| | static with security attributes ( ) |
| | tables ( ) ( ) |
| | using route command ( ) |
| | | |
S |
|
| scripts |
| | getmounts ( ) |
| | getzonelabels ( ) |
| | /usr/sbin/txzonemgr ( ) ( ) |
|
| secure attention, key combination ( ) |
|
| security |
| | initial setup team ( ) |
| | publications ( ) |
| | root password ( ) |
| | site security policy ( ) |
|
| Security Administrator role |
| | administering network of users ( ) |
| | administering PostScript restriction ( ) |
| | administering printer security ( ) |
| | assigning authorizations to users ( ) |
| | audit tasks ( ) |
| | configuring a device ( ) |
| | configuring serial line for login ( ) |
| | creating ( ) |
| | creating Convenient Authorizations rights profile ( ) |
| | enabling unlabeled body pages from a public system ( ) |
| | enforcing security ( ) |
| | protecting nonallocatable devices ( ) |
|
| security administrators, See Security Administrator role |
|
| security attributes ( ) |
| | modifying defaults for all users ( ) |
| | modifying user defaults ( ) |
| | setting for remote hosts ( ) |
| | using in routing ( ) |
|
| security information, on printer output ( ) |
|
| security label set, remote host templates ( ) |
|
| security mechanisms |
| | extensible ( ) |
| | Solaris ( ) |
|
| security policy |
| | auditing ( ) |
| | training users ( ) |
| | users and devices ( ) |
|
| security templates, See remote host templates |
|
| Security Templates tool ( ) ( ) |
| | assigning templates ( ) |
| | modifying tnrhdb ( ) ( ) |
| | using ( ) |
|
| sel_config file ( ) |
| | configuring selection transfer rules ( ) |
|
| selecting, audit records by label ( ) |
|
| Selection Manager |
| | changing timeout ( ) |
| | configuring rules for selection confirmer ( ) |
|
| Selection Manager application ( ) |
|
| separation of duty |
| | creating rights profiles ( ) |
| | planning for ( ) |
| | planning for LDAP ( ) |
|
| serial line, configuring for logins ( ) |
|
| service management framework (SMF) |
| | dpadm ( ) |
| | dsadm ( ) |
| | labeld service ( ) |
|
| session range ( ) |
|
| sessions, failsafe ( ) |
|
| setlabel command ( ) |
|
| sharing, ZFS dataset from labeled zone ( ) |
|
| Shutdown authorization ( ) |
|
| similarities |
| | between Trusted Extensions and Solaris auditing ( ) |
| | between Trusted Extensions and Solaris OS ( ) |
|
| single-label operation ( ) |
|
| single-label printing, configuring for a zone ( ) |
|
| site security policy |
| | common violations ( ) |
| | personnel recommendations ( ) |
| | physical access recommendations ( ) |
| | recommendations ( ) |
| | tasks involved ( ) |
| | Trusted Extensions configuration decisions ( ) |
| | understanding ( ) |
|
| smtnrhdb command ( ) |
|
| smtnrhtp command ( ) |
|
| smtnzonecfg command ( ) |
|
| snoop command ( ) ( ) |
|
| software |
| | administering third-party ( ) |
| | importing ( ) |
| | installing Java programs ( ) |
|
| Solaris installation options, requirements ( ) |
|
| Solaris installed systems, requirements for Trusted Extensions ( ) |
|
| Solaris Management Console |
| | administering trusted network ( ) |
| | administering users ( ) |
| | Computers and Networks tool ( ) |
| | configuring for LDAP ( ) |
| | configuring LDAP toolbox ( ) |
| | description of tools and toolboxes ( ) |
| | enabling LDAP toolbox to be used ( ) |
| | initializing ( ) |
| | loading a Trusted Extensions toolbox ( ) |
| | registering LDAP credentials ( ) |
| | Security Templates tool ( ) ( ) |
| | starting ( ) |
| | toolboxes ( ) |
| | troubleshooting ( ) ( ) |
| | Trusted Network Zones tool ( ) |
| | working with Sun Java System Directory Server ( ) |
|
| Solaris OS |
| | differences from Trusted Extensions ( ) |
| | differences from Trusted Extensions auditing ( ) |
| | similarities with Trusted Extensions ( ) |
| | similarities with Trusted Extensions auditing ( ) |
|
| solaris.print.nobanner authorization ( ) ( ) |
|
| solaris.print.ps authorization ( ) |
|
| solaris.print.unlabeled authorization ( ) |
|
| Solaris Trusted Extensions, See Trusted Extensions |
|
| StarOffice, lengthening timeout when relabeling ( ) |
|
| startup files, procedures for customizing ( ) |
|
| Stop-A, enabling ( ) |
|
| Sun Java System Directory Server, See LDAP server |
|
| Sun Ray systems |
| | enabling initial contact between client and server ( ) |
| | LDAP servers, and ( ) |
| | preventing users from seeing others' processes ( ) |
| | tnrhdb address for client contact ( ) |
| | web site for documentation ( ) |
|
| System Administrator role |
| | adding device_clean script ( ) |
| | adding print conversion filters ( ) |
| | administering printers ( ) |
| | audit tasks ( ) |
| | reclaiming a device ( ) |
| | restricting ( ) |
| | reviewing audit records ( ) |
|
| system files |
| | editing ( ) ( ) |
| | Solaris /etc/default/print ( ) |
| | Solaris policy.conf ( ) |
| | Trusted Extensions sel_config ( ) |
| | Trusted Extensions tsol_separator.ps ( ) |
| | | |
T |
|
| tape devices |
| | accessing ( ) |
| | allocating ( ) |
|
| tar command ( ) |
|
| Task Map: Configuring Trusted Extensions ( ) |
|
| Task Map: Preparing a Solaris System for Trusted Extensions ( ) |
|
| Task Map: Preparing For and Enabling Trusted Extensions ( ) |
|
| tasks and task maps |
| | Additional Trusted Extensions Configuration Tasks ( ) |
| | Administering Trusted Extensions Remotely (Task Map) ( ) |
| | Audit Tasks of the Security Administrator ( ) |
| | Audit Tasks of the System Administrator ( ) |
| | Backing Up, Sharing, and Mounting Labeled Files (Task Map) ( ) |
| | Common Tasks in Trusted Extensions (Task Map) ( ) |
| | Configuring an LDAP Proxy Server on a Trusted Extensions Host (Task Map) ( ) |
| | Configuring an LDAP Server on a Trusted Extensions Host (Task Map) ( ) |
| | Configuring Labeled IPsec (Task Map) ( ) |
| | Configuring Labeled Printing (Task Map) ( ) |
| | Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) ( ) |
| | Configuring the Solaris Management Console for LDAP (Task Map) ( ) |
| | Configuring Trusted Network Databases (Task Map) ( ) |
| | Creating Labeled Zones ( ) |
| | Customizing Device Authorizations in Trusted Extensions (Task Map) ( ) |
| | Customizing User Environment for Security (Task Map) ( ) |
| | Getting Started as a Trusted Extensions Administrator (Task Map) ( ) |
| | Handling Devices in Trusted Extensions (Task Map) ( ) |
| | Handling Other Tasks in the Solaris Management Console (Task Map) ( ) |
| | Headless System Configuration in Trusted Extensions (Task Map) ( ) |
| | Managing Devices in Trusted Extensions (Task Map) ( ) |
| | Managing Printing in Trusted Extensions (Task Map) ( ) |
| | Managing Software in Trusted Extensions (Tasks) ( ) |
| | Managing Trusted Networking (Task Map) ( ) |
| | Managing Users and Rights With the Solaris Management Console ( ) |
| | Managing Zones (Task Map) ( ) |
| | Reducing Printing Restrictions in Trusted Extensions (Task Map) ( ) |
| | Troubleshooting the Trusted Network (Task Map) ( ) |
| | Using Devices in Trusted Extensions (Tasks Map) ( ) |
|
| tcp_listen=true LDAP setting ( ) |
|
| text label equivalents, determining ( ) |
|
| Thunderbird, lengthening timeout when relabeling ( ) |
|
| tnchkdb command |
| | description ( ) |
| | summary ( ) |
|
| tnctl command |
| | description ( ) |
| | summary ( ) |
| | updating kernel cache ( ) |
| | using ( ) |
|
| tnd command |
| | description ( ) |
| | summary ( ) |
|
| tninfo command |
| | description ( ) |
| | summary ( ) |
| | using ( ) ( ) |
|
| tnrhdb database |
| | 0.0.0.0 host address ( ) ( ) |
| | 0.0.0.0 wildcard address ( ) |
| | adding to ( ) |
| | configuring ( ) |
| | entry for Sun Ray servers ( ) |
| | fallback mechanism ( ) ( ) |
| | tool for administering ( ) |
| | wildcard address ( ) |
|
| tnrhtp database |
| | adding to ( ) |
| | tool for administering ( ) |
|
| toolboxes |
| | adding LDAP server to tsol_ldap.tbx ( ) |
| | defined ( ) |
| | loading in Trusted Extensions ( ) |
| | Scope=LDAP ( ) |
|
| tools, See administrative tools |
|
| trailer pages, See banner pages |
|
| translation, See localizing |
|
| troubleshooting |
| | accessing X server ( ) |
| | failed login ( ) |
| | IPv6 configuration ( ) |
| | LDAP ( ) |
| | mounted file systems ( ) |
| | network ( ) |
| | reclaiming a device ( ) |
| | repairing labels in internal databases ( ) |
| | Solaris Management Console ( ) ( ) |
| | Trusted Extensions configuration ( ) |
| | trusted network ( ) |
| | verifying interface is up ( ) |
| | viewing ZFS dataset mounted in lower-level zone ( ) |
|
| Troubleshooting the Trusted Network (Task Map) ( ) |
|
| trusted applications, in a role workspace ( ) |
|
| trusted_edit trusted editor ( ) |
|
| trusted editor |
| | assigning your favorite editor ( ) |
| | starting ( ) |
|
| Trusted Extensions |
| | See also Trusted Extensions planning | |
| | collecting information before enabling ( ) |
| | decisions to make before enabling ( ) |
| | differences from Solaris administrator's perspective ( ) |
| | differences from Solaris auditing ( ) |
| | differences from Solaris OS ( ) |
| | disabling ( ) |
| | enabling ( ) |
| | man pages quick reference ( ) |
| | memory requirements ( ) |
| | planning configuration strategy ( ) |
| | planning for ( ) |
| | planning hardware ( ) |
| | planning network ( ) |
| | preparing for ( ) ( ) |
| | quick reference to administration ( ) |
| | results before configuration ( ) |
| | separation of duty ( ) |
| | similarities with Solaris auditing ( ) |
| | similarities with Solaris OS ( ) |
| | two-role configuration strategy ( ) |
|
| Trusted Extensions configuration |
| | adding network databases to LDAP server ( ) |
| | changing default DOI value ( ) |
| | databases for LDAP ( ) |
| | division of tasks ( ) |
| | evaluated configuration ( ) |
| | headless systems ( ) |
| | initial procedures ( ) |
| | initial setup team responsibilities ( ) |
| | labeled zones ( ) |
| | LDAP ( ) |
| | reboot to activate labels ( ) |
| | task maps ( ) |
| | troubleshooting ( ) |
|
| Trusted Extensions network |
| | adding zone-specific interface ( ) |
| | adding zone-specific nscd daemon ( ) |
| | enabling IPv6 ( ) |
| | planning ( ) |
| | removing zone-specific nscd daemon ( ) |
| | specifying default routes for labeled zones ( ) |
|
| Trusted Extensions requirements |
| | root password ( ) |
| | Solaris installation ( ) |
| | Solaris installed systems ( ) |
|
| trusted grab, key combination ( ) |
|
| trusted network |
| | 0.0.0.0 tnrhdb entry ( ) |
| | administering with Solaris Management Console ( ) |
| | checking syntax of files ( ) |
| | concepts ( ) |
| | default labeling ( ) |
| | editing local files ( ) |
| | example of routing ( ) |
| | host types ( ) |
| | labels and MAC enforcement ( ) |
| | using templates ( ) |
|
| Trusted Network tools |
| | description ( ) |
| | using ( ) |
|
| Trusted Network Zones tool |
| | configuring a multilevel port ( ) |
| | configuring a multilevel print server ( ) |
| | creating a multilevel port ( ) |
| | description ( ) ( ) |
|
| Trusted Path, Device Manager ( ) |
|
| trusted path attribute, when available ( ) |
|
| Trusted Path menu, Assume Role ( ) |
|
| trusted programs |
| | adding ( ) |
| | defined ( ) |
|
| trusted stripe |
| | on multiheaded system ( ) |
| | warping pointer to ( ) |
|
| trustworthy programs ( ) |
|
| tsol_ldap.tbx file ( ) |
|
| tsol_separator.ps file |
| | configurable values ( ) |
| | customizing labeled printing ( ) |
|
| tsoljdsselmgr application ( ) |
|
| txzonemgr script ( ) ( ) |
| | | |
U |
|
| unlabeled printing, configuring ( ) |
|
| updatehome command ( ) ( ) |
|
| Upgrade DragNDrop or CutPaste Info authorization ( ) |
|
| Upgrade File Label authorization ( ) |
|
| upgrading labels, configuring rules for selection confirmer ( ) |
|
| User Accounts tool ( ) |
|
| useradd command ( ) |
|
| users |
| | accessing devices ( ) ( ) |
| | accessing printers ( ) |
| | adding from NIS server ( ) |
| | adding local user with useradd ( ) |
| | assigning authorizations to ( ) |
| | assigning labels ( ) |
| | assigning passwords ( ) |
| | assigning rights ( ) |
| | assigning roles to ( ) |
| | authorizations for ( ) |
| | Change Password menu item ( ) |
| | changing default privileges ( ) |
| | creating ( ) |
| | creating initial users ( ) |
| | customizing environment ( ) |
| | deletion precautions ( ) |
| | labels of processes ( ) |
| | lengthening timeout when relabeling ( ) |
| | logging in remotely to the global zone ( ) |
| | logging in to a failsafe session ( ) |
| | modifying security defaults ( ) |
| | modifying security defaults for all users ( ) |
| | planning for ( ) |
| | preventing account locking ( ) |
| | preventing from seeing others' processes ( ) |
| | printing ( ) |
| | removing some privileges ( ) |
| | requiring two roles to create user ( ) |
| | requiring two roles to create users ( ) |
| | restoring control of desktop focus ( ) |
| | security precautions ( ) |
| | security training ( ) ( ) ( ) |
| | session range ( ) |
| | setting up skeleton directories ( ) |
| | startup files ( ) |
| | using .copy_files file ( ) |
| | using .link_files file ( ) |
| | using devices ( ) |
|
| Using Devices in Trusted Extensions (Task Map) ( ) |
|
| /usr/bin/tsoljdsselmgr application ( ) |
|
| /usr/dt/bin/trusted_edit trusted editor ( ) |
|
| /usr/lib/lp/postscript/tsol_separator.ps file, labeling printer output ( ) |
|
| /usr/local/scripts/getmounts script ( ) |
|
| /usr/local/scripts/getzonelabels script ( ) |
|
| /usr/sbin/txzonemgr script ( ) ( ) |
|
| /usr/sbin/txzonemgr script ( ) ( ) |
|
| /usr/share/gnome/sel_config file ( ) |
|
| utadm command, default Sun Ray server configuration ( ) |