Labels, clearances, and handling caveats are used to protect information in the Trusted Solaris environment. The components of labels, clearances, and handling caveats are specified in the label_encodings(4)file. This manual provides needed background and describes how to edit, check, and install the label_encodings file.
This book is for security administrators, who are responsible for defining the organization's labels, and for those who assume the security administrator role to implement the labels in the site's label_encodings file on the Trusted Solaris system.
Even though the Trusted Solaris environment can be configured with no visible labels, labels are always being used, and mandatory access control checks are always being made. Therefore, the security administrator role must always configure a label_encodings file as described in this manual.
Prerequisite knowledge is contained in the following books in the Trusted Solaris documentation set:
The person who works in the security administrator role to configure labels should:
Understand how to administer the Solaris or compatible operating environment, the Common Desktop Environment (CDE) window system, Solstice AdminSuite system administration tools, and the NIS+ (or NIS) system for central administration of configuration files
Know how to work in the Trusted Solaris environment as a normal (non-administrative) user (as described in the Trusted Solaris User's Guide)
Understand the administrative concepts and know how to use the administrator's tools described in the Trusted Solaris Administration Overview and Trusted Solaris Administrator's Procedures manuals
Administrative tasks are divided among several administrative roles. The administrator's procedures manual describes how a user assumes the security administrator role and uses administrative actions to perform the work described in this manual.
Understand how administrative tasks are divided among roles at your site
Some sites may assign the label encodings tasks to a locally-created administrative role.
Understand the security requirements of your agency or organization.
The necessary level of knowledge may be acquired through:
Training
For information about the Trusted Solaris training class, see the course description or visit the Sun Education catalog.
Documentation
The Trusted Solaris manuals are available in the following formats:
At Sun's documentation website at docs.sun.com
On the AnswerBook CD shipped with the product
AnswerBooks are document collections you can install on your local computer or on a document server and view onscreen. AnswerBooks for the Trusted Solaris operating environment, for the bundled CDE window system,; and for the base Solaris operating environment are on the Trusted Solaris AnswerBook CD.
Printed versions
If not obtained when the product was purchased, the documentation set can be ordered through SunStore.
Fatbrain.com stocks documentation from Sun Microsystems, Inc.
For a list of available documents and how to order them, visit http://www1.fatbrain.com/documentation/sun.
Chapter 1, Introduction to Trusted Solaris Label Encodings
Provides labels-related concepts and planning steps for the security administrator who prepares the site's label_encodings file.
Chapter 2, Creating or Modifying the Encodings File
Describes how to create and check the label_encodings file.
Chapter 3, Specifying Labels and Handling Guidelines for Printer Output
Describes the labels and handling caveats on printer output and gives procedures for modifying them.
Chapter 4, Modifying Sun's Extensions in the Local Definitions Section
Describes the optional LOCAL DEFINITIONS section. Describes how to use the keywords in this section to set a system-wide minimum label and clearance for users; change the names of administrative labels, specify whether administrative labels display, change the names of labels' components on label builders, and specify colors for labels.
Chapter 5, Example: Planning an Organization's Labels
Models how a site analyzes its label requirements and creates a simple label_encodings file, which is shown in Appendix A, Example: Label Encodings File.
Appendix A, Example: Label Encodings File
Contains an example of a simple label_encodings file that goes along with the chapter on planning.
The following table shows and explains the type styles used in this manual.
Table P-1 Typographic Conventions
Type Face |
Meaning |
Example |
---|---|---|
Literal |
The names of commands, files, and directories, on-screen computer output |
Edit your .login file. Use ls -a to list all files. hostname% You have mail. |
UserType |
What you type, contrasted with on-screen computer output |
hostname% su Password: |
Variable |
Argument name in a command-line. |
To delete a file, enter rm filename. |
|
You replace the argument with a real name or value. |
hostname% rm myfile |
Title or Emphasis |
Book titles, new words or terms, or words to be emphasized |
Read Chapter 6 in User's Guide. These are called class options. |
|
|
You must be root to do this. |
The following table shows the Trusted Solaris prompts.
Shell |
Prompt |
---|---|
C shell prompt |
hostname% |
Bourne shell and Korn shell prompt |
$ |
Profile Shell prompt |
$ |
root prompt (with any shell) |
# |
PROM mode prompt (SPARC only) |
> |