test

Trusted Solaris Installation and Configuration

How to Use the Solaris Management Console

The Solaris Management Console action in the Application Manager folder invokes a Java-based administrative GUI for configuring and maintaining a Trusted Solaris environment. The GUI lists toolboxes in a Navigation pane.

The following can be configured through the Solaris Management Console, using the Trusted Solaris Management Console > Trusted Solaris Configuration toolboxes in the Navigation pane:

User Accounts

Part of the Users tool, for administering users.

Administrative Roles

Part of the Users tool, for administering roles.

Rights

Part of the Users tool, for constructing rights profiles. A user account is not usable until the user's Rights have been assigned.

Mailing Lists

Part of the Users tool, for administering mail aliases.

Computers and Networks

For setting up networks.

Computers

Part of the Computers and Networks tool, for setting up hosts (the hosts database).

Security Families

Part of the Computers and Networks tool, for creating and assigning remote host templates (the tnrhtp(4) and tnrhdb(4) databases).

Interface Manager

For securing network interfaces (the tnidb(4) database). Accessible only when Scope=Files.

The following are configured through the Solaris Management Console, using Trusted Solaris Management Console toolboxes:

Mounts

Part of the Storage tool, for mounting file systems. Accessible only when Scope=Files.

Shares

Part of the Storage tool, for sharing file systems. Accessible only when Scope=Files.

To Initialize the SMC Server

  1. In the root role, open the Application Manager by right-clicking the background to bring up the Workspace menu. Choose Applications > Application Manager from the top of the menu.

  2. Double-click the Solaris Management Console action.

    Note -

    The Solaris Management Console action initiates the SMC server. The first time the server is launched, it performs several registration tasks, which can take from 5 to 10 minutes. The following message may appear briefly: "There is no Solaris Management Console server ...". The message goes away, and can be ignored.

  3. If the Navigation Pane is not visible and no toolboxes are displayed, do the following:

    1. In the Open Toolbox dialog that is displayed, click Load next to where this machine's name is listed under Server.

      If this machine does not have the recommended amount of memory and swap, it may take a few minutes for the toolboxes to display. See "Recommendations for the Trusted Solaris Environment".

    2. From the list of toolboxes, select Trusted Solaris Management Console, then click the Open button.

    3. Before continuing, save the current setting as described in "To Save the Current Toolbox".

  4. If the Navigation pane is visible, but the toolbox icons are stop signs, do the following:

    1. Select the Trusted Solaris Management Console toolbox.

    2. Click the Open Toolbox button.

    3. Click Load next to Server: this_machine_name.

    4. From the list of toolboxes, select Trusted Solaris Management Console, then click the Open button.

    5. Before continuing, save the current setting as described in "To Save the Current Toolbox".

To Save the Current Toolbox

Save the toolbox preference to provide the Trusted Solaris Management Console toolboxes by default. The preferences are saved per role, per host (SMC server).

  1. From the Console menu, choose Preferences.

  2. Click the Use Current Toolbox button, then OK.

  3. Return to the procedure and chapter you are working from.

To Select a Toolbox of the Appropriate Scope

Prerequisite: The Solaris Management Console (SMC) server has been initialized on this computer, the Trusted Solaris Management Console toolboxes have been saved as the current toolbox, and they are displayed in the Navigation pane.

    Select the toolbox of the appropriate scope:

    • OPTION 1: Select this_host: Scope=Files, Policy=TSOL if you plan to administer each machine locally, or are administering files that can only be administered locally, such as local users (like root or install), the tnidb(4) database, or the local tnrhdb(4) database before the name service has been established.

    • OPTION 2: Select name_server: Scope=name_service, Policy=TSOL if you are administering name service maps or tables, and have established the name service domain and have edited the toolbox with the name of the server and the domain on this client machine (see "To Edit Name Service Toolbox Definitions").

To Locate a Solaris Management Console Tool

Scope=Files and Scope=name_service contain different tools.

  1. To find aand use a tool in this_host: Scope=Files, Policy=TSOL in the Navigation pane:

    • Click the System Status key to view the Processes and Log Viewer tools.

      • To manage and monitor system processes, double-click Processes.

      • To see the logs monitored by WBEM, double-click Log Viewer.

    • Click the Trusted Solaris Configuration key to view the Users, Computers and Networks, and Interface Manager tools.

      • To add or modify a user, a role, a right, a group, or a mailing list on this machine, double-click Users.

      • To add or modify a remote host definition for this machine, double-click Computers and Networks.

        • To add or modify a host, double-click Computers, select a computer, then choose an item from the Action menu.

        • To add or modify a remote host template, double-click Security Families, then choose an item from the Action menu.

        • To add or modify a remote host template assignment, double-click Security Families, double-click a template name, then choose Add Host(s) from the Action menu.

      • To modify the security attributes of a network interface, double-click Interface Manager.

    • Click the Services key to view the SMC Server and the Scheduled Jobs tools.

      • The SMC Server tool is not fully implemented.

      • To see this machine's scheduled jobs, double-click Scheduled Jobs.

    • Click the Storage key to view the Mounts and Shares and Disks tools.

      • To mount a remote file system, double-click Mounts and Shares, then Mounts.

      • To share a file system, double-click Mounts and Shares, then Shares.

      • To view and format disks, double-click Disks.

    • Click the Devices and Hardware key to view the Serial Ports tool. Double-click Serial Ports to configure and manage existing serial ports.

  2. To find and use a tool in the name_server: Scope=name_service, Policy=TSOL toolbox in the Navigation pane, click the Trusted Solaris Configuration key to view the Users and the Computers and Networks tools:

    • To add or modify a user, a role, a right, a group, or a mailing list on the domain, double-click Users.

    • To add or modify a remote host definition on the domain, double-click Computers and Networks.

  3. When prompted, enter the role password in the Role Login prompt.

  4. Read and follow the online help for assistance with each tool.

  5. Return to the procedure and chapter you are working from.

To Edit Name Service Toolbox Definitions

If you are running a NIS or NIS+ name service, the tsol_nis.tbx or tsol_nisplus.tbx file must be edited on the name service master before it can be used on the domain.

If administrators plan to administer the name service's tables or maps from a client machine, this procedure must be done on the client.

Note -

Administrators who want to administer a name service using SMC must do this procedure on every machine that will be used to administer the name service.

  1. In the root role at the label ADMIN_LOW, change to the toolboxes directory and list the toolboxes.


    # cd /var/sadm/smc/toolboxes
# ls tsol*/*tbx
tsol_files/tsol_files.tbx        tsol_nis/tsol_nis.tbx
tsol_smc/tsol_smc.tbx            tsol_nisplus/tsol_nisplus.tbx

    • If you are running the NIS+ name service, your toolbox file is tsol_nisplus/tsol_nisplus.tbx

    • If you are running the NIS name service, your toolbox file is tsol_nis/tsol_nis.tbx

  2. Invoke the Admin Editor, as described in "To Create or Open a File from the Trusted Editor".

  3. Copy and paste the full pathname to the toolbox into the dialog, as in: /var/sadm/smc/toolboxes/tsol_nisplus/tsol_nisplus.tbx

  4. In the editor, replace each instance of <?server ?> with either the name of the master server or the name of the domain.

    1. In the line beginning with <Scope>, replace the first instance of <?server ?> with the name service master, and the second with the fully-qualified domain name, as in:


      <Scope>nisplus:/toucan/aviary.eco.org</Scope>

    2. Replace every other instance of <?server?> or <?server ?> with the name service master, as in:


      <Name>  toucan: Scope=NIS+, Policy=TSOL</Name>
services and configuration of toucan.</Description>
and configuring toucan.</Description>
<ServerName>toucan</ServerName>
<ServerName>toucan</ServerName

  5. Write (:wq!) and quit the editor.

  6. Return to the procedure and chapter you are working from.