This chapter describes the tools that are available in Solaris Trusted Extensions, the location of the tools, and the databases on which the tools operate.
Administration on a system that is configured with Trusted Extensions uses many of the same tools that are available in the Solaris OS. Trusted Extensions offers security-enhanced tools as well. Administration tools are available only to roles in a role workspace.
Within a role workspace, you can access commands, applications, and scripts that are trusted. The following table summarizes these administrative tools.
Table 8–1 Trusted Extensions Administrative Tools
Tool |
Description |
For More Information |
---|---|---|
Provides a menu-based wizard for creating, installing, initializing, and booting zones. The script also provides menu items for networking options, name services options, and for clienting the global zone to an existing LDAP server. txzonemgr uses the zenity command. |
See also the zenity(1) man page. |
|
Used to administer the label ranges of devices, and to allocate or deallocate devices. |
See Device Manager and Handling Devices in Trusted Extensions (Task Map). |
|
Solaris Management Console |
Used to configure users, roles, rights, hosts, zones, and networks. This tool can update local files or LDAP databases. This tool can also launch the dtappsession legacy application. |
For basic functionality, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. For information that is specific to Trusted Extensions, see Solaris Management Console Tools. |
Solaris Management Console commands, such as smuser and smtnzonecfg |
Is the command-line interface for the Solaris Management Console. |
For a list, see Table 8–2. |
Label Builder |
Is also a user tool. Appears when a program requires you to choose a label. |
For an example, see How to Modify a User's Label Range in the Solaris Management Console. |
Trusted Extensions commands |
Used to perform tasks that are not covered by Solaris Management Console tools. |
For the list of administrative commands, see Table 8–3. |
In the Solaris Express Community Edition, the txzonemgr script is used to configure labeled zones. This zenity(1) script displays a dialog box with the title Labeled Zone Manager. This GUI presents a dynamically-determined menu that displays only valid choices for the current configuration status of a labeled zone. For instance, if a zone is already labeled, the Label menu item is not displayed.
A device is either a physical peripheral that is connected to a computer or a software-simulated device called a pseudo-device. Because devices provide a means for the import and export of data to and from a system, devices must be controlled to properly protect the data. Trusted Extensions uses device allocation and device label ranges to control data flowing through devices.
Examples of devices that have label ranges are frame buffers, tape drives, diskette and CD-ROM drives, printers, and USB devices.
Users allocate devices through the Device Manager. The Device Manager mounts the device, runs a clean script to prepare the device, and performs the allocation. When finished, the user deallocates the device through the Device Manager, which runs another clean script, and unmounts and deallocates the device.
You can manage devices by using the Device Administration tool from the Device Manager. Regular users cannot access the Device Administration tool.
For more information about device protection in Trusted Extensions, see Chapter 23, Managing Devices for Trusted Extensions (Tasks).
The Solaris Management Console provides access to toolboxes of GUI-based administration tools. These tools enable you to edit items in various configuration databases. In Trusted Extensions, the Solaris Management Console is the administrative interface for users, roles, and the trusted network databases.
Trusted Extensions extends the Solaris Management Console:
Trusted Extensions modifies the Solaris Management Console Users tool set. For an introduction to the tool set, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Trusted Extensions adds the Security Templates tool and the Trusted Network Zones tool to the Computers and Networks tool set.
Solaris Management Console tools are collected into toolboxes according to scope and security policy. To administer Trusted Extensions, Trusted Extensions provides toolboxes whose Policy=TSOL. You can access tools according to scope, that is, according to naming service. The available scopes are local host and LDAP.
The Solaris Management Console is shown in the following figure. A Scope=Files Trusted Extensions toolbox is loaded, and the Users tool set is open.
Trusted Extensions adds configurable security attributes to three tools:
User Accounts tool – Is the administrative interface to change a user's label, change a user's view of labels, and to control account usage.
Administrative Roles tool – Is the administrative interface to change a role's label range and screen-locking behavior when idle.
Trusted Extensions adds two tools to the Computers and Networks tool set:
Security Templates tool – Is the administrative interface for managing the label aspects of hosts and networks. This tool modifies the tnrhtp and tnrhdb databases, enforces syntactic accuracy, and updates the kernel with the changes.
Trusted Network Zones tool – Is the administrative interface for managing the label aspects of zones. This tool modifies the tnzonecfg database, enforces syntactic accuracy, and updates the kernel with the changes.
Figure 8–2 shows the Files toolbox with the Users tool set highlighted. The Trusted Extensions tools appear below the Computers and Networks tool set.
A security template describes a set of security attributes that can be assigned to a group of hosts. The Security Templates tool enables you to conveniently assign a specific combination of security attributes to a group of hosts. These attributes control how data is packaged, transmitted, and interpreted. Hosts that are assigned to a template have identical security settings.
The hosts are defined in the Computers tool. The security attributes of the hosts are assigned in the Security Templates tool. The Modify Template dialog box contains two tabs:
General tab – Describes the template. Includes its name, host type, default label, domain of interpretation (DOI), accreditation range, and set of discrete sensitivity labels.
Hosts Assigned to Template tab – Lists all the hosts on the network that you have assigned to this template.
Trusted networking and security templates are explained in more detail in Chapter 18, Trusted Networking (Overview).
The Trusted Network Zones tool identifies the zones on your system. Initially, the global zone is listed. When you add zones and their labels, the zone names display in the pane. Zone creation usually occurs during system configuration. Label assignment, multilevel port configuration, and label policy is configured in this tool. For details, see Chapter 16, Managing Zones in Trusted Extensions (Tasks).
Typically, a Solaris Management Console client administers systems remotely. On a network that uses LDAP as a naming service, a Solaris Management Console client connects to the Solaris Management Console server that runs on the LDAP server. The following figure shows this configuration.
Figure 8–4 shows a network that is not configured with an LDAP server. The administrator configured each remote system with a Solaris Management Console server.
The main source of documentation for the Solaris Management Console is its online help. Context-sensitive help is tied to the currently selected feature and is displayed in the information pane. Expanded help topics are available from the Help menu or by clicking links in the context-sensitive help. Further information is provided in Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Also see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
The label builder GUI enforces your choice of a valid label or clearance when a program requires you to assign a label. For example, a label builder appears during login (see Chapter 3, Logging In to Trusted Extensions (Tasks), in Solaris Trusted Extensions User’s Guide). The label builder also appears when you change the label of a workspace, or when you assign a label to a user, zone, or network interface in the Solaris Management Console. The following label builder appears when you assign a label range to a new device.
In the label builder, component names in the Classification column correspond to the CLASSIFICATIONS section in the label_encodings file. The component names in the Sensitivity column correspond to the WORDS section in the label_encodings file.
Commands that are unique to Trusted Extensions are contained in the Solaris Trusted Extensions Reference Manual. The Solaris commands that Trusted Extensions modifies are contained in the Solaris Reference Manual. The man command finds all the commands.
The following table lists commands that are unique to Trusted Extensions. The commands are listed in man page format.
Table 8–2 User and Administrative Trusted Extensions Commands
Man Page |
Trusted Extensions Modification |
For More Information |
---|---|---|
Enables a device to be allocated by adding the device to device allocation databases. By default, removable devices are allocatable. | ||
Translates a label into hexadecimal format. | ||
Checks the integrity of the label_encodings file. |
How to Debug a label_encodings File in Solaris Trusted Extensions Label Administration |
|
Displays the label of the selected files or directories. | ||
Displays the full pathname of a specific zone. |
Acquiring a Sensitivity Label in Solaris Trusted Extensions Developer’s Guide |
|
Translates a hexadecimal label into its readable equivalent. | ||
Displays the label of the current process. |
See the man page. |
|
Prevents allocation of a device by removing its entry from device allocation databases. | ||
Relabels the selected item. Requires the solaris.label.file.downgrade or solaris.label.file.upgrade authorization. These authorizations are in the Object Label Management rights profile. | ||
Manages entries in the tnrhdb database locally or in a naming service database. |
For equivalent procedures that use the Solaris Management Console, see Configuring Trusted Network Databases (Task Map). |
|
Manages entries in the tnrhtp database locally or in a naming service database. |
See the man page. |
|
Manages entries in the local tnzonecfg database. |
For an equivalent procedure that uses the Solaris Management Console, see How to Create a Multilevel Port for a Zone. |
|
Checks the integrity of the tnrhdb and tnrhtp databases. | ||
Caches network information in the kernel. |
How to Synchronize the Kernel Cache With Trusted Network Databases |
|
Executes the trusted network daemon. |
How to Synchronize the Kernel Cache With Trusted Network Databases |
|
Displays kernel-level network information and statistics. |
How to Compare Trusted Network Database Information With the Kernel Cache. |
|
How to Configure Startup Files for Users in Trusted Extensions |
The following table lists Solaris commands that are modified or extended by Trusted Extensions. The commands are listed in man page format.
Table 8–3 User and Administrative Commands That Trusted Extensions Modifies
Man Page |
Purpose of Command |
For More Information |
---|---|---|
Adds options to clean the allocated device, and to allocate a device to a specific zone. In Trusted Extensions, regular users do not use this command. |
How to Allocate a Device in Trusted Extensions in Solaris Trusted Extensions User’s Guide |
|
Adds options to clean the device, and to deallocate a device from a specific zone. In Trusted Extensions, regular users do not use this command. |
How to Allocate a Device in Trusted Extensions in Solaris Trusted Extensions User’s Guide |
|
Adds the -a option to display device attributes, such as authorizations and labels. Adds the -d option to display the default attributes of an allocated device type. Adds the -z option to display available devices that can be allocated to a labeled zone. |
See the man page. |
|
Adds the -T option to archive and extract files and directories that are labeled. |
How to Back Up Files in Trusted Extensions and How to Restore Files in Trusted Extensions |
|
Adds the windata_down and windata_up audit policy options. |
How to Configure Audit Policy in System Administration Guide: Security Services |
|
Adds the -l option to select audit records by label. |
How to Select Audit Events From the Audit Trail in System Administration Guide: Security Services |
|
Modifies the names and contents of auto_home maps to account for zone names and zone visibility from higher labels. | ||
Adds the all-zones option to make an interface available to every zone on the system. | ||
Adds the -R option to display extended security attributes for sockets and routing table entries. | ||
Adds the -secattr option to display the security attributes of the route: cipso, doi, max_sl, and min_sl. | ||
Adds a debug flag, 0x0400, for label processing. |
See the man page. |
|
In the global zone, uses two multilevel ports, UDP ports 500 and 4500, to negotiate labeled security associations. |
See the ike.config(4) man page. |
|
Adds the label, outer-label, and implicit-label extensions. These extensions associate Trusted Extensions labels with the traffic that is carried inside a security association. |
See the man page. |
The following Solaris configuration files are modified or extended by Trusted Extensions. The files are introduced in man page format.
ike.config(4) – Trusted Extensions adds the label_aware global parameter and three Phase 1 transform parameters, single_label and multi_label, and wire_label.
The IKE configuration file contains a keyword, label, that is used to make a Phase 1 IKE rule unique. The IKE keyword label is distinct from Trusted Extensions labels.
You can remotely administer a system that is configured with Trusted Extensions by using the ssh command, the dtappsession program, or the Solaris Management Console. If site security policy permits, you can configure a Trusted Extensions host to enable login from a non-Trusted Extensions host, although this configuration is less secure. For more information, see Chapter 14, Remote Administration in Trusted Extensions (Tasks).