Installation Results from an Administrator's Perspective
After installing Trusted Solaris software, the following security features are in place. Many features are configurable by the security administrator.
-
Auditing is enabled.
-
A SUN label_encodings file is configured and installed.
-
CDE creates four labeled workspaces.
-
Three administrative roles secadmin, admin, and root are defined.
-
A shell called the profile shell is assigned by default as the initial shell for the administrative roles. A profile shell recognizes security-relevant commands.
-
A trusted editor is available to administrators for modifying local administrative files. It is implemented as a CDE action named Admin Editor.
-
The Solstice AdminSuite GUIs are available to administrative roles to administer user, execution profile and other system databases.
-
Trusted Solaris-defined CDE actions to view and edit local administrative files in a trusted editor are available to users in administrative roles.
-
The Device Allocation Manager manages attached devices.
-
One non-administrative role, oper, is defined.
-
Several execution profiles are defined to delimit the actions that users and roles can execute. They are defined in the Trusted Solaris database, tsolprof.
-
A Trusted Solaris-defined database, tsoluser, handles users, roles, and their system and security information.
-
Three Trusted Solaris-defined databases, tnidb, tnrhtp, and tnrhdb, handle trusted networking.
- © 2010, Oracle Corporation and/or its affiliates