-
Files that are unique to and originate in the Trusted Solaris environment, such as device_allocate(4).
-
SunOS5.7 configuration files that have been modified to work within Trusted Solaris security policy, such as proc(4). Man pages for modified files have been rewritten to remove information that is not accurate for how the file is used within the Trusted Solaris environment. Modified man pages also add descriptions for new fields or entities. -
SunOS5.7 files that remain unchanged from the Solaris 7 release, such as timezone. - Name
-
Description
- audit.log(4)
-
Audit trail file
- audit_class(4)
-
Audit class definitions
- audit_control(4)
-
Control information for system audit daemon
- audit_data(4)
-
Current information on audit daemon
- audit_event(4)
-
Audit event definition and class mapping file
- audit_user(4)
-
Per-user auditing data file
- auth_desc(4)
-
Descriptions of defined authorizations
- auth_name(4)
-
Authorization description database
- config.privs(4)
-
List of window privileges that override system checks
- device_allocate(4)
-
Device allocate in permissions
- device_deallocate(4)
-
Device deallocate file
- device_maps(4)
-
Maps device names to physical devices
- device_policy(4)
-
Device policy file
- inetd.conf(4)
-
Internet servers database
- inittab(4)
-
Script for init
- label_encodings(4)
-
Label encodings file
- mnttab(4)
-
Mounted file system table
- nsswitch.conf(4)
-
Configuration file for the name service switch
- priv_desc(4)
-
Descriptions of defined privileges
- priv_name(4)
-
Privilege description database
- proc(4)
-
/proc, the process file system
- resolv.conf(4)
-
Configuration file for name server routines
- rmtab(4)
-
Remote mounted file system table
- sel_config(4)
-
Selection rules for copy, cut, paste, drag and drop operations
- sharetab(4)
-
Shared file system table
- tndlog(4)
-
Log of tnd debugging information
- tnidb(4)
-
Trusted network interface-control database
- tnrhdb(4)
-
Trusted network remote-host database
- tnrhtp(4)
-
Trusted network remote-host templates
- tsolgateways(4)
-
Static routing configuration file
- tsolinfo(4)
-
Package security-attribute description file
- tsolprof(4)
-
Trusted Solaris User Profiles Database
- tsoluser(4)
-
Trusted Solaris User Security Attributes Database
- vfstab(4)
-
Table of file system defaults
- vfstab_adjunct(4)
-
Attribute data file for mounting a file system
-
A -
audit_class(4)- Audit class definitions -
audit_control(4)- Control information for system audit daemon -
audit_data(4)- Current information on audit daemon -
audit_event(4)- Audit event definition and class mapping file -
audit.log(4)- Audit trail file -
audit_user(4)- Per-user auditing data file -
auth_desc(4)- Descriptions of defined authorizations -
auth_name(4)- Authorization description database
-
-
B -
C -
config.privs(4)- List of window privileges that override system checks
-
-
D -
device_allocate(4)- Device allocate in permissions -
device_deallocate(4)- Device deallocate file -
device_maps(4)- Maps device names to physical devices -
device_policy(4)- Device policy file
-
-
E -
F -
G -
H -
I -
inetd.conf(4)- Internet servers database -
inittab(4)- Script for init
-
-
J -
K -
L -
label_encodings(4)- Label encodings file
-
-
M -
mnttab(4)- Mounted file system table
-
-
N -
nsswitch.conf(4)- Configuration file for the name service switch
-
-
O -
P -
priv_desc(4)- Descriptions of defined privileges -
priv_name(4)- Privilege description database -
proc(4)- /proc, the process file system
-
-
Q -
R -
resolv.conf(4)- Configuration file for name server routines -
rmtab(4)- Remote mounted file system table
-
-
S -
sel_config(4)- Selection rules for copy, cut, paste, drag and drop operations -
sharetab(4)- Shared file system table
-
-
T -
tndlog(4)- Log of tnd debugging information -
tnidb(4)- Trusted network interface-control database -
tnrhdb(4)- Trusted network remote-host database -
tnrhtp(4)- Trusted network remote-host templates -
tsolgateways(4)- Static routing configuration file -
tsolinfo(4)- Package security-attribute description file -
tsolprof(4)- Trusted Solaris User Profiles Database -
tsoluser(4)- Trusted Solaris User Security Attributes Database
-
-
U -
V -
vfstab(4)- Table of file system defaults -
vfstab_adjunct(4)- Attribute data file for mounting a file system
-
-
W -
X -
Y -
Z
Intro(4)
NAME | DESCRIPTION | INTERFACES | TRUSTED SOLARIS DIFFERENCES | RULES FOR INCLUDING LABELS IN A CONFIGURATION FILE | POLICY FOR SECURITY ATTRIBUTES ON CONFIGURATION FILES | SEE ALSO |
NAME
- Intro- Introduction to file formats
DESCRIPTION
This section outlines the formats of various files. The C structure declarations for the file formats are given where applicable. Usually, the headers containing these structure declarations can be found in the directories /usr/include or /usr/include/sys. For inclusion in C language programs, however, the syntax #include <filename.h> or #include <sys/filename.h> should be used.
Because the operating system now allows the existence of multiple file system types, there are several instances of multiple manual pages with the same name. These pages all display the name of the FSType to which they pertain, in the form name_fstype at the top of the page. For example, fs_ufs(4).
INTERFACES
Descriptions of shared objects may include a definition of the global symbols that define the shared objects' public interface, for example SUNW_1.1. Other interfaces may exist within the shared object, for example SUNW_private.1.1. The public interface provides a stable, committed set of symbols for application development. The private interfaces are for internal use only, and may change at any time.
For many shared objects, an archive library is provided for backward compatibility. Use of these libraries may restrict an applications ability to migrate between different Solaris releases. As dynamic linking is the preferred compilation method on Solaris, the use of these libraries is discouraged.
TRUSTED SOLARIS DIFFERENCES
In the Trusted Solaris environment, these configuration files can be:
Note -
The printed Trusted Solaris 7 Reference Manual includes only those files that have been modified or originate in the Trusted Solaris environment.
Printed versions of unchanged SunOS 5.7 man pages are found in the SunOS 5.7 Reference Manual.
For more information on displaying manual pages, see Trusted Solaris Manual Page Display in
Intro(1).
The Trusted Solaris operating environment is a security-enhanced version of the Solaris operating environment, the Common Desktop Environment (CDE), the X window system, and the Solstice AdminSuite set of system administration tools. To preserve security attributes, configuration files are usually not edited using vi or another common editor. Rather, administrative roles edit the files using the SolsticeTM AdminSuiteTM tools in the Solstice_Apps folder and the actions in the System_Admin folder in the Application Manager. These tools audit all changes and preserve the required owner, group, permissions and sensitivity labels of the files.
RULES FOR INCLUDING LABELS IN A CONFIGURATION FILE
Follow the rules described here when entering labels in configuration files. When entering labels in graphical user interfaces, see Rules for the Display and Entering of Labels in Intro(1). When entering labels on the command line in a UNIX shell, follow the rules in Rules for the Display and Entering of Labels in Intro(1M).
Make sure that a program reading a configuration file can tell where the label starts and ends. Where the label is imbedded, as it is in the device_allocate(4) file, the only valid character to begin the label and terminate it is a semicolon (;). Most configuration files do not support label incrementations using plus or minus signs.
Configuration files are generally maintained at a sensitivity label of ADMIN_LOW. However, each site can choose whether to store labels in configuration files as text or as hexadecimal numbers, depending on the site's security policy, and the form used affects
the sensitivity label at which the file should be stored. When labels are stored in human-readable form, the files that contain them must be protected at ADMIN_HIGH, so only administrative roles that have the ADMIN_HIGH
label in their clearance can view the files. Also, if a file contains a collection of data written by all processes in the system (like the system log, /dev/kmem, and /dev/mem files) that file should be protected at the ADMIN_HIGH sensitivity label.
Note -
Labels entered in text form must be quoted.
POLICY FOR SECURITY ATTRIBUTES ON CONFIGURATION FILES
The default user and group for configuration files are root and sys and default permissions are 00644. However, the security administrator should ensure that files that contain sensitivity information other than labels, such as those files that specify which activities are being audited, are not generally readable. These files should have more restrictive permissions, owner and group IDs, and possibly a protective label.
SEE ALSO
In Trusted Solaris, Trusted Solaris Administrator's Procedures Trusted Solaris Developer's Guide
NAME | DESCRIPTION | INTERFACES | TRUSTED SOLARIS DIFFERENCES | RULES FOR INCLUDING LABELS IN A CONFIGURATION FILE | POLICY FOR SECURITY ATTRIBUTES ON CONFIGURATION FILES | SEE ALSO |
- © 2010, Oracle Corporation and/or its affiliates