tnrhtp(4)

NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | EXAMPLES | FILES | NOTES | SEE ALSO | WARNINGS

NAME

tnrhtp- Trusted network remote-host templates

SYNOPSIS

/etc/security/tsol/tnrhtp

DESCRIPTION

The tnrhtp database of templates is specified by the administrator for convenience when assigning accreditation and security attributes for each host in the distributed system, including the local host and network. tnrhtp works together with tnrhdb(4); IP addresses in tnrhdb can be assigned only to templates defined in the tnrhtp database. The administrator should run tnchkdb(1M) to check the syntax after each modification to the tnrhtp database.

Each entry in the interface database must be formed as one long line, with fields of the entry separated by semicolons (;):

template_name:field1;field2;field3;fieldn;

A pound sign (#) as the first character of a line indicates a comment line, which is ignored.

Each entry consists of a line of this form:

template_name: field_name=value;[field_name= value; ...] 

Six types of hosts are currently supported: unlabeled, sun_tsol, ripso, cipso, tsix, and msix.

All fields of a particular host_type are mandatory even if no value is set other than none. If this database is modified while the network is up, the changes do not take effect immediately unless tnctl(1M) is used to update the template entries; otherwise, the changes take effect when next polled by the trusted network daemon, tnd(1M). Administrators are allowed to add new templates and modify attributes of existing templates while the network is up.

/etc/security/tsol/tnrhtp should be at a sensitivity label of ADMIN_LOW with permission bits 444, owner sys, and group sys.

When specifying a name for a template, note that only the first 31 characters of the template name are read and interpreted. These characters must be unique. You can use any printable character in a template name except for field delimiters, new-line, or the comment character.

Template for unlabeled Hosts

The template for the unlabeled host type has these fields:

template_name

Specify a name for the template.

host_type

unlabeled

def_label, def_cl
def_uid, def_gid

Define the default attributes to be applied to incoming data from the remote hosts that do not support these attributes. These defaults override the defaults specified for an interface in the tnidb(4) database.d

To take defaults from tnidb(4), these def_* fields must be set equal to empty; for example, def_uid=empty.

The information label is assumed to be ADMIN_LOW if the information label for def_label is not specified. Obsolete. See NOTES.

min_sl, max_sl

Specify the accreditation range for remote host gateways using this template. The format is the same as that in the tnidb(4) database. All labels are specified in their hex format.

forced_privs

Define the effective privileges to be applied to the incoming packet received from a host that does not support privileges. The format of the privilege set is:

forced_privs=priv[,priv][...]|none|empty|all 

where

priv

The text string (such as net_mac_read) for privilege. (forced_privs=net_mac_read)

none

Apply no privileges. (forced_privs=none)

empty

Take the default from tnidb(4). (forced_privs=empty)

all

Apply all privileges. (forced_privs=all)

def_audit_auid, def_audit_mask, def_audit_termid,
def_audit_asid

Define the default audit attributes to be applied to incoming data from remote hosts that do not support these attributes.

def_audit_auid represents the user's audit ID and can be a positive or negative decimal number.

def_audit_mask consists of two 32-bit success and failure masks, specified by an 8-byte hexadecimal number. The bits correspond to audit classes defined in /etc/security/audit_class.

def_audit_termid consists of a 4-byte port number followed by a 4-byte machine number. These are specified by an 8-byte hexadecimal number.

def_audit_asid represents the audit session ID and can be a positive or negative decimal number.

Template for sun_tsol Hosts

Host type sun_tsol has these fields:

template_name

Specify a name for the template.

host_type

sun_tsol

min_sl, max_sl

Specify the accreditation range for the remote hosts using this template. The format is the same as that in the tnidb(4) database: in hex format.

allowed_privs

Limit the effective privilege set for an incoming packet. If a source host associated with this template sends a packet to a destination host, the destination will limit the privilege set of the arrival packet to that specified in this field. The format of the privilege set is:

allowed_privs=priv[,priv][...]|none|empty|all 

where

priv

The text string (such as net_mac_read) for privilege. (allowed_privs=net_mac_read)

none

Apply no privileges. (allowed_privs=none)

empty

Take the default from tnidb(4). (allowed_privs=empty)

all

Apply all privileges. (allowed_privs=all)

ip_label

Provide for IP labeling. These are valid types for ip_label:

none

ripso and cipso options are not used to label data sent to the host. However, ripso and cipso security options may be sent to the host if the host is acting as a gateway.

ripso

For hosts that label their packets with the Revised IP Security Option per RFC 1108. If ripso is selected for a host, the ripso_label field is required.

cipso

For hosts that label their packets according to the Common IP Security Options (Tag Type 1 only) as detailed by the Trusted Systems Interoperability Group (TSIG). If cipso is selected for a host, the cipso_doi field is required.

ripso_label

If ip_label is set to RIPSO, then packets for which the host is the final destination will be labeled with the specified RIPSO label. If the host is configured as a gateway, then the host will be able to route packets with the specified RIPSO label.

If ip_label is set to none and ripso_label is set, then the host will be able to forward packets labeled with the specified RIPSO label even though packets addressed to the host will not contain a RIPSO label.

Set this field explicitly to empty if no value is to be assigned.

These are supported classification level encodings: TOP_SECRET, SECRET, CONFIDENTIAL, UNCLASSIFIED or a hexadecimal representation. These are supported protection authority flags: GENSER, SIOP-ESI, SCI, NSA, DOE, or a hexadecimal representation.

ripso_error

These are the protection authority flags that are used to label ICMP messages generated in response to incoming RIPSO-labeled packets: GENSER, SIOP-ESI, SCI, NSA, DOE, or a hexadecimal representation. The classification level is taken from the ripso_label field. The sender's template is always used when labeling ICMP error messages with RIPSO labels.

This field can take multiple values; these must be separated by commas.

Set this field explicitly to empty if no value is to be assigned.

cipso_doi

This number is the host's domain of interpretation for CIPSO-labeled packets. The domain of interpretation is a field within the CIPSO security option. If ip_label is set to CIPSO, then packets for which the host is the final destination will be labeled with a CIPSO label containing the specified cipso_doi. If the host is configured as a gateway, then the host will be able to route CIPSO-labeled packets containing the specified cipso_doi. To prevent a gateway from routing CIPSO--labeled packets, set this field to none; to allow a non-gateway machine to send and receive CIPSO-labeled packets, set this field to the appropriate DOI.

If ip_label is set to none and cipso_doi is set, then the host will be able to forward CIPSO-labeled packets containing the specified cipso_doi even though packets addressed to the host will not contain a CIPSO label.

Set this field explicitly to empty if no value is to be assigned.

def_audit_auid, def_audit_mask, def_audit_termid,
def_audit_asid

Define the default audit attributes to be applied to incoming data from remote hosts that do not support these attributes.

def_audit_auid represents the user's audit ID and can be a positive or negative decimal number.

def_audit_mask consists of two 32-bit success and failure masks, specified by an 8-byte hexadecimal number. The bits correspond to audit classes defined in /etc/security/audit_class.

def_audit_termid consists of a 4-byte port number followed by a 4-byte machine number. These are specified by an 8-byte hexadecimal number.

def_audit_asid represents the audit session ID and can be a positive or negative decimal number.

Template for ripso Hosts

The template for ripso host type is for non-TSOL hosts that label packets with the RIPSO basic security option. This template has these fields:

template_name

Specify a name for the template.

host_type

ripso

ripso_label

These are supported classification level encodings: TOP_SECRET, SECRET, CONFIDENTIAL, UNCLASSIFIED, or a hexadecimal representation. These are supported protection authority flags: GENSER, SIOP-ESI, SCI, NSA, DOE, or a hexadecimal representation.

ripso_error

These are the protection authority flags that are used to label ICMP messages generated in response to incoming RIPSO-labeled packets.

This field can take multiple values; these must be separated by commas.

def_label, def_cl, def_uid, def_gid

Define the default attributes to be applied to incoming data from the remote hosts that do not support these attributes. These defaults override the defaults specified for an interface in the tnidb(4) database.

Set this field explicitly to empty if no value is to be assigned.

Default labels are not required for the remote-host entry if there are interface defaults that would be the same for the remote host.

min_sl, max_sl

Specify the accreditation range for the remote host gateway using this template. The format is the same as that in the tnidb(4) database: in hex format.

forced_privs

Define the effective privileges to be applied to the incoming packet received from a host that does not support privileges. Having no privileges specified is not the same as specifying the word none. The format of the privilege set is:

forced_privs=priv[,priv][...]|none|empty|all 

where

priv

The text string (such as net_mac_read) for privilege. (forced_privs=net_mac_read)

none

Apply no privileges. (forced_privs=none)

empty

Take the default from tnidb(4). (forced_privs=empty)

all

Apply all privileges. (forced_privs=all)

def_audit_auid, def_audit_mask, def_audit_termid, def_audit_asid

Define the default audit attributes to be applied to incoming data from remote hosts that do not support these attributes.

def_audit_auid represents the user's audit ID and can be a positive or negative decimal number.

def_audit_mask consists of two 32-bit success and failure masks, specified by an 8-byte hexadecimal number. The bits correspond to audit classes defined in /etc/security/audit_class.

def_audit_termid consists of a 4-byte port number followed by a 4-byte machine number. These are specified by an 8-byte hexadecimal number.

def_audit_asid represents the audit session ID and can be a positive or negative decimal number.

Template for cipso Hosts

The template for cipso host type is for hosts that use CIPSO Tag Type 1 to label packets. This template has these fields:

template_name

Specify a name for the template.

host_type

cipso

cipso_doi

This number is the host's domain of interpretation for CIPSO-labeled packets.

def_il

Specify the default information label to be applied to incoming data from remote hosts using this template. Obsolete. See NOTES.

min_sl, max_sl

Specify the accreditation range for the remote hosts using this template. The format is the same as that in the tnidb(4) database: in hex format..

def_cl, def_uid, def_gid

Define the default attributes to be applied to incoming data from the remote hosts that do not support these attributes. These defaults override the defaults specified for an interface in the tnidb(4) database.

To take defaults from tnidb(4), these def_* fields must be set equal to empty, for example, def_uid=empty.

forced_privs

Defines the effective privileges to be applied to the incoming packet received from a host that does not support privileges. Having no privileges specified is not the same as specifying the word none. The format of the privilege set is:

forced_privs=priv[,priv][...]|none|empty|all 

where

priv

The text string (such as net_mac_read) for privilege. (forced_privs=net_mac_read)

none

Apply no privileges. (forced_privs=none)

empty

Take the default from tnidb(4). (forced_privs=empty)

all

Apply all privileges. (forced_privs=all)

def_audit_auid, def_audit_mask, def_audit_termid, def_audit_asid

Define the default audit attributes to be applied to incoming data from remote hosts that do not support these attributes.

def_audit_auid represents the user's audit ID and can be a positive or negative decimal number.

def_audit_mask consists of two 32-bit success and failure masks, specified by an 8-byte hexadecimal number. The bits correspond to audit classes defined in /etc/security/audit_class.

def_audit_termid consists of a 4-byte port number followed by a 4-byte machine number. These are specified by an 8-byte hexadecimal number.

def_audit_asid represents the audit session ID and can be a positive or negative decimal number.

Template for tsix Hosts

The template for tsix host type is for hosts that use TSIX(RE) 1.1 protocols with token mapping to label packets. This template has these fields:

template_name

Specify a name for the template.

host_type

tsix

min_sl, max_sl

Specify the accreditation range for the remote hosts using this template. host_type .

All labels are specified in their hex format.

allowed_privs

Limit the effective privilege set for an incoming packet. If a source host associated with this template sends a packet to a destination host, the destination will limit the privilege set of the arrival packet to that specified in this field. The format of the privilege set is:

---

allowed_privs=priv[,priv][...]|none|empty|all

---

where

priv

The text string (such as net_mac_read) for privilege. (allowed_privs=net_mac_read)

none

Apply no privileges. (allowed_privs=none)

empty

Take the default from tnidb(4). (allowed_privs=empty)

all

Apply all privileges. (allowed_privs=all)

forced_privs

Define the effective privileges to be applied to the incoming packet received from a host that is not supplying privileges. Having no privileges specified is not the same as specifying the word none. The format of the privilege set is:

forced_privs=priv[,priv][...]|none|empty|all 

where

priv

The text string (such as net_mac_read) for privilege. (forced_privs=net_mac_read)

none

Apply no privileges. (forced_privs=none)

empty

Take the default from tnidb(4). (forced_privs=empty)

all

Apply all privileges. (forced_privs=all)

def_label, def_cl, def_uid, def_gid

Define the default attributes to be applied to incoming data from the remote hosts that are not supplying these attributes. These defaults override the defaults specified for an interface in the tnidb(4) database.

If you want to take defaults from tnidb(4), you must set these def_* fields equal to empty; for example, def_uid=empty;.

Default labels are not required for the remote-host entry if there are interface defaults that would be the same for the remote host. The information label is assumed to be ADMIN_LOW if the information label is not specified in the def_label field. Obsolete. See NOTES.

ip_label

Provide for IP labeling. These are valid types for ip_label:

NONE

RIPSO and CIPSO options are not used to label data sent to the host. However, RIPSO and CIPSO security options may be sent to the host if the host is acting as a gateway.

RIPSO

For hosts that label their packets with the Revised IP Security Option per RFC 1108. If RIPSO is selected for a host, the ripso_label field is required.

CIPSO

For hosts that label their packets according to the Common IP Security Options (Tag Type 1 only) as detailed by the Trusted Systems Interoperability Group (TSIG). If CIPSO is selected for a host, the cipso_doi field is required.

ripso_label

If ip_label is set to RIPSO, then packets for which the host is the final destination will be labeled with the specified RIPSO label. If the host is configured as a gateway, then the host will be able to route packets with the specified RIPSO label.

ip_label

If set to NONE and ripso_label is set, then the host will be able to forward packets labeled with the specified RIPSO label even though packets addressed to the host will not contain a RIPSO label.

These are supported classification level encodings: TOP_SECRET, SECRET, CONFIDENTIAL, UNCLASSIFIED.These are supported protection authority flags: GENSER, SIOP-ESI, SCI, NSA, DOE.

ripso_error

These are the protection authority flags that are used to label ICMP messages generated in response to incoming RIPSO-labeled packets. These are supported protection authority flags: GENSER, SIOP-ESI, SCI, NSA, DOE. The classification level is taken from the ripso_label field. The sender's template is always used when labeling ICMP error messages with RIPSO labels.

This field can take multiple values; these must be separated by commas.

If you do not want to assign a value, you must set this field equal to empty.

cipso_doi

This number is the host's domain of interpretation for CIPSO-labeled packets. The domain of interpretation is a field within the CIPSO security option. If ip_label is set to CIPSO, then packets for which the host is the final destination will be labeled with a CIPSO label containing the specified cipso_doi. If the host is configured as a gateway, then the host will be able to route CIPSO-labeled packets containing the specified cipso_doi. To prevent a gateway from routing CIPSO- labeled packets, set this field to 0; to allow a nongateway machine to send and receive CIPSO-labeled packets, set this field to nonzero.

If ip_label is set to NONE and cipso_doi is set, then the host will be able to forward CIPSO-labeled packets containing the specified cipso_doi even though packets addressed to the host will not contain a CIPSO label.

If you do not want to assign a value, you must set this field equal to empty.

def_audit_auid, def_audit_mask, def_audit_termid, def_audit_asid

Define the default audit attributes to be applied to incoming data from remote hosts that do not support these attributes.

def_audit_auid represents the user's audit ID and can be a positive or negative decimal number.

def_audit_mask consists of two 32-bit success and failure masks, specified by an 8-byte hexadecimal number. The bits correspond to audit classes defined in /etc/security/audit_class.

def_audit_termid consists of a 4-byte port number followed by a 4-byte machine number. These are specified by an 8-byte hexadecimal number.

def_audit_asid represents the audit session ID and can be a positive or negative decimal number.

Template for msix Hosts

The template for msix host type is for hosts that use msix protocol to label packets. For example, the template can be used for interoperating with Trusted Solaris 1.2 hosts. The template has these fields:

template_name

Specify a name for the template.

host_type

msix

min_sl, max_sl

Specify the accreditation range for the remote hosts using this template. The format is the same as that in the tnidb(4) database: in hex format.

def_label, def_cl, def_uid, def_gid

Define the default attributes to be applied to incoming data from the remote hosts that do not support these attributes. These defaults override the defaults specified for an interface in the tnidb(4) database.

If you want to take defaults from tnidb(4), you must set these def_* fields equal to empty; for example, def_uid=empty;.

Default labels are not required for the remote-host entry if there are interface defaults that would be the same for the remote host. The information label is assumed to be ADMIN_LOW if the information label is not specified in the def_label field. Obsolete. See NOTES.

def_audit_auid, def_audit_mask, def_audit_termid, def_audit_asid

Define the default audit attributes to be applied to incoming data from remote hosts that do not support these attributes.

def_audit_auid represents the user's audit ID and can be a positive or negative decimal number.

def_audit_mask consists of two 32-bit success and failure masks, specified by an 8-byte hexadecimal number. The bits correspond to audit classes defined in /etc/security/audit_class.

def_audit_termid consists of a 4-byte port number followed by a 4-byte machine number. These are specified by an 8-byte hexadecimal number.

def_audit_asid represents the audit session ID and can be a positive or negative decimal number.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsr

EXAMPLES

---

Example 1 Unlabeled Hosts




For the sake of clarity on this man page, examples are shown using a continuation character (\). In the database file, however, the backslash is not permitted because each entry is made on a single line.

The information label is assumed to be ADMIN_LOW if the information label is not specified. Obsolete. See NOTES.

# # A sample tnrhtp template entry for unlabeled machines # or networks. In this example, def_gid is taken from tnidb default. # unlab:host_type=unlabeled;\ def_label=0x000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000 0000000000000000000000[0x0000000000000000000000000000000000000 0000000000000000000000000000000];\ def_cl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ def_uid=nobody;\ def_gid=empty;\ min_sl=0x000000000000000000000000000000000000000000 00000000000000000000000000;\ max_sl=0x7fffffffffffffffffffffffffffffffffffffffff ffffffffffffffffffffffffff;\ forced_privs=none; def_audit_auid=3; \ def_audit_mask=0x0000000000000000; \ def_audit_termid=0x0000000000000000; \ def_audit_asid=0;

---

---

Example 2 Sun TSOL Hosts




# # A sample tnrhtp template entry for sun_tsol hosts # or networks. # tsol:host_type=sun_tsol;\ min_sl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ max_sl=0x7fffffffffffffffffffffffffffffffffffffffffffffff ffffffffffffffffffff;\ allowed_privs=all;\ ip_label=none;\ ripso_label=empty;\ ripso_error=empty;\ cipso_doi=empty; def_audit_auid=3; \ def_audit_mask=0x0000000000000000; \ def_audit_termid=0x0000000000000000; \ def_audit_asid=0;

---

---

Example 3 Sun TSOL and RIPSO




# # A sample tnrhtp template entry for sun_tsol hosts # or networks that label packets with the RIPSO security option. # tsol_1:host_type=sun_tsol;\ min_sl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ max_sl=0x7fffffffffffffffffffffffffffffffffffffffffffffff ffffffffffffffffffff;\ allowed_privs=all;\ ip_label=ripso;\ ripso_label=top_secret sci;\ ripso_error=genser;\ cipso_doi=empty; def_audit_auid=3; \ def_audit_mask=0x0000000000000000; \ def_audit_termid=0x0000000000000000; \ def_audit_asid=0;

---

---

Example 4 Sun TSOL and CIPSO




# # A sample tnrhtp template entry for sun_tsol hosts # or networks that label packets with the CIPSO security option. # tsol_2:host_type=sun_tsol;\ min_sl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ max_sl=0x7fffffffffffffffffffffffffffffffffffffffffffffff ffffffffffffffffffff;\ allowed_privs=all;\ ip_label=cipso;\ ripso_label=empty;\ ripso_error=empty;\ cipso_doi=1; def_audit_auid=3; \ def_audit_mask=0x0000000000000000; \ def_audit_termid=0x0000000000000000; \ def_audit_asid=0;

---

---

Example 5 RIPSO Security Option




# # A sample tnrhtp template entry for ripso hosts # or networks that label packets with the RIPSO security option. # ripso:host_type=ripso;\ ripso_label=top_secret sci;\ ripso_error=genser;\ def_label=0x000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000[0x000000000000000000000000000000000 00000000000000000000000000000000000];\ def_cl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ def_uid=nobody;\ def_gid=nobody;\ min_sl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ max_sl=0x7fffffffffffffffffffffffffffffffffffffffffffffff ffffffffffffffffffff;\ forced_privs=empty; def_audit_auid=3; \ def_audit_mask=0x0000000000000000; \ def_audit_termid=0x0000000000000000; \ def_audit_asid=0;

---

---

Example 6 CIPSO Security Option




# # A sample tnrhtp template entry for cipso hosts # or networks that label packets with the CIPSO security option. # cipso:host_type=cipso;\ cipso_doi=1;\ min_sl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ max_sl=0x7fffffffffffffffffffffffffffffffffffffffffffffff ffffffffffffffffffff;\ def_il=0x000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000 000000000000000000000000000;\ def_cl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ def_uid=nobody;\ def_gid=nobody;\ forced_privs=empty; def_audit_auid=3; \ def_audit_mask=0x0000000000000000; \ def_audit_termid=0x0000000000000000; \ def_audit_asid=0;

---

---

Example 7 TSIX Host




# # A sample tnrhtp template entry for tsix hosts # or networks that label packets with the RIPSO security option. # tsix:host_type=tsix;\ min_sl=0x000000000000000000000000000000000000000000000000 00000000000000000000;\ max_sl=0x7fffffffffffffffffffffffffffffffffffffffffffffff ffffffffffffffffffff;\ allowed_privs=all;\ forced_privs=none;\ def_label=0x000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000 0000000000000000000000[0x0000000000000000000000000000000000000 0000000000000000000000000000000];\ def_cl=0x7fffffffffffffffffffffffffffffffffffffffffffffff ffffffffffffffffffff;\ def_uid=nobody;\ def_gid=empty;\ ip_label=ripso;\ ripso_label=secret sci;\ ripso_error=doe;\ cipso_doi=empty; def_audit_auid=3; \ def_audit_mask=0x0000000000000000; \ def_audit_termid=0x0000000000000000; \ def_audit_asid=0;

---

---

Example 8 MSIX Hosts




# # A sample tnrhtp template entry for MSIX hosts or networks. # For example, it can be used for interoperating with # Trusted Solaris 1.2 hosts # msix:host_type=msix; \ min_sl=0x0000000000000000000000000000000000000000000000000000000 0000000000000; \ max_sl=0x7ffffffffffffffffffffffffffffffffffffffffffffffffffffff fffffffffffff;\ def_label=0x000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000 000000000000[0x000000000000000000000000000000000000000000000000000 00000000000000000]; \ def_cl=0x7ffffffffffffffffffffffffffffffffffffffffffffffffffffffff fffffffffff;\ def_uid=nobody; \ def_gid=nobody; \ def_audit_auid=3; \ def_audit_mask=0x0000000000000000; \ def_audit_termid=0x0000000000000000; \ def_audit_asid=0;

The information label is assumed to be ADMIN_LOW if the information label is not specified in the def_label field. Obsolete. See NOTES.

---

FILES

/etc/security/tsol/tnrhtp

Trusted network remote-host templates

NOTES

Information labels (ILs) are not supported in Trusted Solaris 7 and later releases. Trusted Solaris software interprets any ILs on communications and files from systems running earlier releases as ADMIN_LOW.

Objects still have CMW labels, and CMW labels still include the IL component: IL[SL]; however, the IL component is fixed at ADMIN_LOW.

As a result, Trusted Solaris 7 has the following characteristics:

• ILs do not display in window labels; SLs (Sensitivity Labels) display alone within brackets.

• ILs do not float.

• Setting an IL on an object has no effect.

• Getting an object's IL will always return ADMIN_LOW.

• Although certain utilities, library functions, and system calls can manipulate IL strings, the resulting ILs are always ADMIN_LOW, and cannot be set on any objects.

SEE ALSO

Trusted Solaris 7 Reference Manual

tnchkdb(1M), tnd(1M), tnctl(1M), tnidb(4)

SunOS 5.7 Reference Manual

attributes(5)

WARNINGS

Changing a template while the network is up can change the security view of an undetermined number of hosts.

Allowing unlabeled hosts onto a Trusted Solaris 7 network is a security risk. In order to avoid compromising the rest of your network, such hosts must be trusted in the sense that the administrator is certain that they will not be used to compromise the environment. These hosts should also be physically protected to restrict access to authorized individuals.

If you cannot guarantee the physical security of an unlabeled host, it and similar hosts should be isolated on a separate branch of the network. The gateway to the untrusted hosts must be a type sun_tsol host, and its database entries for these untrusted hosts and the interface connected to them must be set to reflect the accreditation of these hosts. This setting allows the gateway to label appropriately all packets received from these hosts and to filter packets bound for them.

Trusted Solaris 7  Last Revised 30 Sep 1999

NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | EXAMPLES | FILES | NOTES | SEE ALSO | WARNINGS