Solaris Trusted Extensions Administrator's Procedures

Installing or Upgrading the Solaris OS for Trusted Extensions

The choice of Solaris installation options can affect the use and security of Trusted Extensions:

To properly support Trusted Extensions, you must install the underlying Solaris OS securely. For Solaris installation choices that affect Trusted Extensions, see Install a Solaris System to Support Trusted Extensions.
If you have been using the Solaris OS, check your current configuration against the requirements for Trusted Extensions. For configuration choices that affect Trusted Extensions, see Prepare an Installed Solaris System for Trusted Extensions.

Install a Solaris System to Support Trusted Extensions

This task applies to fresh installations of the Solaris OS. If you are upgrading, see Prepare an Installed Solaris System for Trusted Extensions.

Install the Trusted Extensions Package After upgrading to the latest Dev release, and rebooting the system, open the Package Manager again to get the Trusted Extensions package. Enter trusted in the Search text area to get a list of Trusted Extensions packages. Select trusted-extensions . Then select Install/Update. There is also a new trusted-nonglobal package which enumerates the initial set of packages required in a labeled brand zone to run the Trusted Desktop. This will be retrieved from the repository when you install your first zone.

When installing the Solaris OS, create a user account and the root role account.

In Trusted Extensions, you use the root role to configure the system.

Assign a different password to each account.

After the default installation of OpenSolaris 2010.03 is completed, start the Package Manager.

Install the Trusted Extensions package.
1. For list of Trusted Extensions packages, type trusted in the Search text area.
2. Select trusted-extensions.
3. Select Install/Update.
The correct packages are installed on your system.

Prepare an Installed Solaris System for Trusted Extensions

This task applies to Solaris systems that have been in use, and on which you plan to run Trusted Extensions. Also, to run Trusted Extensions on an upgraded Solaris system, follow this procedure. Other tasks that might modify an installed Solaris system can be done during Trusted Extensions configuration.

Before You Begin

Trusted Extensions cannot be enabled in some Solaris environments:

If your system is part of a cluster, Trusted Extensions cannot be enabled on the system.
The enabling of Trusted Extensions in an alternate boot environment (BE) is not supported. Trusted Extensions can only be enabled in the current boot environment.

If non-global zones are installed on your system, remove them.

Trusted Extensions use branded zones.

If your system does not have a root password, create one.

Administration tools in Trusted Extensions require passwords. If the root user does not have a password, then root cannot configure the system.

Use the default crypt_unix password encryption method for the root user. For details, see Managing Password Information in System Administration Guide: Security Services.

Note –
Users must not disclose their passwords to another person, as that person might then have access to the data of the user and will not be uniquely identified or accountable. Note that disclosure can be direct, through the user deliberately disclosing her/his password to another person, or indirect, for example, through writing it down, or choosing an insecure password. The Solaris OS provides protection against insecure passwords, but cannot prevent a user from disclosing her or his password, or from writing it down.

If you have created an xorg.conf file, you need to modify it.

Add the following line to the end of the Module section in the /etc/X11/xorg.conf file.
load "xtsol"
Note –
By default, the xorg.conf file does not exist. Do nothing if this file does not exist.

(Optional) Dedicate a partition for audit files.

Trusted Extensions enables auditing by default. For audit files, best practice is to create a dedicated partition.