Preface

Labels, clearances, and handling caveats are used to protect information in the Trusted Solaris environment. The components of labels, clearances, and handling caveats are specified in a file called label_encodings(4). This manual provides needed background and describes how to edit, check, and install the label_encodings file.

Who Should Use This Book

This book is for security administrators, who are responsible for defining the organization's labels, and for those who assume the security administrator role to create the label_encodings file.

---

Note -

Even though the Trusted Solaris environment can be configured with no visible labels, labels are always being used, and mandatory access control checks are always being made. Therefore, the security administrator role must always configure a label_encodings file as described in this manual.

---

Related Books

Prerequisite knowledge is contained in the following books in the Trusted Solaris documentation set:

• Trusted Solaris User's Guide

• Trusted Solaris Administration Overview

• Trusted Solaris Installation and Configuration

• Trusted Solaris Administrator's Procedures

• Trusted Solaris Audit Administration

• Trusted Solaris 7 Transition Guide

• Compartmented Mode Workstation Labeling: Encodings Format

Before You Read This Book

The person who works in the security administrator role to configure labels should:

• Understand how to administer the Solaris or compatible operating environment, the Common Desktop Environment (CDE) window system, Solstice AdminSuite system administration tools, and the NIS+ system for central administration of configuration files

• Know how to work in the Trusted Solaris environment as a normal (non-administrative) user (as described in the Trusted Solaris User's Guide)

• Understand the administrative concepts and know how to use the administrator's tools described in the Trusted Solaris Administration Overview and Trusted Solaris Administrator's Procedures manuals

  Administrative tasks are divided among several administrative roles. The administrator's procedures manual describes how a user assumes the secadmin role and uses administrative actions to perform the work described in this manual.

• Understand how administrative tasks are divided among roles at your site

  Some sites may assign the label encodings tasks to a locally-created administrative role.

• Understand the security requirements of your agency or organization.

The necessary level of knowledge may be acquired through:

• Training

  For information about the Trusted Solaris training class, see the course description from the Sun Education catalog.

• Documentation

  The Trusted Solaris manuals are available in the following formats:

  • At Sun's documentation website at http://docs.sun.com

  • On the AnswerBook CD shipped with the product

    AnswerBooks are document collections viewable onscreen. AnswerBooks for the Trusted Solaris operating environment; for the bundled products, CDE and Solstice AdminSuite; and for the base Solaris operating environment are on the Trusted Solaris AnswerBook CD.

  • Printed versions

    If not obtained when the product was purchased, the documentation set can be ordered through SunStore.

Ordering Sun Documents

Fatbrain.com stocks documentation from Sun Microsystems, Inc.

For a list of available documents and how to order them, visit http://www1.fatbrain.com/documentation/sun.

Accessing Sun Documentation Online

The docs.sun.com^SM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.

How This Book Is Organized

• Chapter 1, Introduction to Trusted Solaris Label Encodings

  Provides labels-related concepts and planning steps for the security administrator who prepares the site's label_encodings file.

• Chapter 2, Creating or Editing the Encodings File

  Describes how to create and check the label_encodings file.

• Chapter 3, Specifying Labels and Handling Guidelines for Printer Output

  Describes the labels and handling caveats printed on printer output and gives procedures for modifying what is printed.

• Chapter 4, Modifying Sun's Extensions in the Local Definitions Section

  Describes the options in the LOCAL DEFINITIONS section, including changing the names of administrative labels, specifying whether administrative labels display, changing the names of labels' components on label builders, and specifying colors for labels.

• Chapter 5, Example: Planning an Organization's Labels

  Models how a site analyzes its label requirements and creates a simple label_encodings file, with the resulting file in Appendix A, Example: Label Encodings File.

• Appendix A, Example: Label Encodings File

  Contains an example of a simple label_encodings file that goes along with the chapter on planning.

Type Styles Usage in Text and Examples

The following table shows and explains the type styles used in this manual.

Table P-1 Typographic Conventions

Type Face	Meaning	Example
Literal	The names of commands, files, and directories, on-screen computer output	Edit your .login file. Use ls -a to list all files. hostname% You have mail.
UserType	What you type, contrasted with on-screen computer output	hostname% su Password:
Variable	Argument name in a command-line.	To delete a file, enter rm filename.
	You replace the argument with a real name or value.	hostname% rm myfile
Title or Emphasis	Book titles, new words or terms, or words to be emphasized	Read Chapter 6 in User's Guide. These are called class options.
		You must be root to do this.

Trusted Solaris Prompts

The following table shows the Trusted Solaris prompts.

Shell	Prompt
C shell prompt	hostname%
Bourne shell and Korn shell prompt	$
Profile Shell prompt	$
root prompt (with any shell)	#
PROM mode prompt (SPARC only)	>