If you are configuring a site that satisfies criteria for an evaluated configuration, read "Understanding Your Site's Security Policy". Users assume the roles that have been created -- security administrator and system administrator -- to complete system configuration.
The client's audit configuration must be identical to the name service master's. The domain should collect auditing records as if one machine were being audited.
To ensure that every system and user is audited identically, in the root role at label ADMIN_LOW
, copy the name service master's /etc/security/audit* configuration files to the system from the /diskette-mount-point/export/clientfiles directory.
In the secadmin role, customize the dir: entries for the local host in the audit_control file.
Follow the procedures in Trusted Solaris Audit Administration.
To set security attributes on an unlabeled file system, assume the role secadmin, and in an ADMIN_LOW
workspace, use the Admin Editor to enter the file system in the vfstab_adjunct file.
The vfstab_adjunct(4) file is saved and protected at the label ADMIN_HIGH
.
The admin role handles file system management, and user account creation and deletion.
In the admin role in an ADMIN_LOW
workspace, finish configuring the system.
To share a file system, see "(Optional) Share File Systems".
To mount a file system, see "(Optional) Mount File Systems".
Read "(Optional) Delete the User install" before deleting the install user.