test

Trusted Solaris Installation and Configuration

Running Administrative Actions

The Application Manager contains a folder that holds administrative applications for the local machine, System_Admin and an action, Solaris Management Console, for administering local and distributed databases. The Application Manager icon is shown below.Graphic

How To Use System_Admin Actions

The System_Admin folder contains CDE actions for administering the local system. See the following table for a list of actions used during installation and configuration. For a full list of System_Admin actions, read the CDE online help. The System_Admin folder icon is shown below.Graphic

Table 9-1 Trusted Solaris Actions in the System_Admin Folder

Action Name 

Action Behavior 

Add Allocatable Device 

Edit /etc/security/device_maps

Add to NIS+ Administrative Group 

Run the nisgrpadm -a command

Admin Editor 

Create or edit any file 

Audit Classes 

Edit /etc/security/audit_class

Audit Control 

Edit /etc/security/audit_control

Audit Events 

Edit /etc/security/audit_event

Audit Startup 

Edit /etc/security/audit_startup

Audit Users 

Edit /etc/security/audit_user

Check Encodings 

Check syntax (and install) a label encodings file 

Check TN Files 

Check local tnrhdb and tnrhtp files

Check TN NIS+ Tables 

Check NIS+ tnrhdb and tnrhtp databases

Configure Selection Confirmation 

Edit /usr/dt/config/sel_config

Create NIS Client 

Make this host a NIS client 

Create NIS Server 

Establish a NIS server with NIS maps 

Create NIS+ Administrative Group 

Run the nisgrpadm -c command

Create NIS+ Client 

Make this host a NIS+ client 

Create NIS+ Server 

Establish a NIS+ domain 

Delete from NIS+ Administrative Group 

Run the nisgrpadm -r command

Delete NIS+ Administrative Group 

Run the nisgrpadm -d command

Edit Encodings 

Edit a label encodings file 

List Administrative Group 

Run the nisgrpadm -l command

Name Service Switch 

Edit /etc/nsswitch.conf

Populate NIS+ Tables 

Populate NIS+ tables from a files directory 

Printer Administrator 

Set up printers 

Set Default Routes 

Edit /etc/defaultrouter

Set DNS Servers 

Edit /etc/resolv.conf

Set Mail Options 

Edit the TSOL option in the sendmail.cf file

Set Mount Attributes 

Edit /etc/security/tsol/vfstab_adjunct

Set Mount Points 

Edit /etc/vfstab

Set TSOL Gateways 

Edit /etc/tsolgateways

Share Filesystems 

Edit /etc/dfs/dfstab

View NIS Map 

View NIS map 

View Table Attributes 

View NIS+ table attributes 

View Table Contents 

View NIS+ table contents 

To Run a System_Admin Action

  1. In an administrative role, open the Application Manager by right-clicking the background to bring up the Workspace menu. Choose Applications -> Application Manager from the top of the menu.

  2. Double-click the System_Admin folder icon --

  3. Double-click the appropriate action. For more details, see "To Create or Open a File from the Trusted Editor", "To Open a File that has a Defined Action" and "To Run a Script from the System_Admin Folder".

To Create or Open a File from the Trusted Editor

Actions that open files in an editor use the Admin Editor icon shown below.Graphic

  1. To create or open a file that does not have its own action, double-click the Admin Editor action.

    A prompt appears for you to specify the file to be opened.

  2. Enter the name of the file to be opened.

    If the file exists, it is opened. If the file does not exist, it is created. You can create an empty file (touch) by exiting the editor.

    Note -

    You cannot save a file to a different name from the trusted editor.

To Open a File that has a Defined Action

  1. To open a file that has its own action, double-click its action in the System_Admin folder.

    The file associated with the action appears in the trusted editor.

  2. Enter the required information, write the file, and exit the editor.

To Run a Script from the System_Admin Folder

  1. To run a script that has its own action, double-click the action in the System_Admin folder.

    When the script requires input, the prompts are displayed.

  2. Follow the instructions.

    The script is finished when all prompt windows have been dismissed.

Using the Solaris Management Console

The Solaris Management Console action in the Application Manager folder invokes a Java-based administrative GUI for configuring and maintaining a Trusted Solaris environment. The GUI lists toolboxes in a Navigation pane, as shown in the following figure.

Figure 9-1 Solaris Management Console Tools in the Navigation Pane

Graphic

The following can be configured through the Solaris Management Console, using the Trusted Solaris Management Console > Trusted Solaris Configuration toolboxes in the Navigation pane:

User Accounts--Part of the Users tool, for administering users.

Administrative Roles--Part of the Users tool, for administering roles.

Rights--Part of the Users tool, for constructing rights profiles. A user account is not usable until the user's Rights have been assigned.

Mailing Lists--Part of the Users tool, for administering mail aliases.

Computers and Networks--For setting up networks.

Computers--Part of the Computers and Networks tool, for setting up hosts (the hosts database).

Security Families--Part of the Computers and Networks tool, for creating and assigning remote host templates (the tnrhtp(4) and tnrhdb(4) databases)

Interface Manager--For securing network interfaces (the tnidb(4) database). Accessible only when Scope=Files.

--

The following are configured through the Solaris Management Console, using Trusted Solaris Management Console toolboxes:

Mounts--Part of the Storage tool, for mounting file systems. Accessible only when Scope=Files.

Shares--Part of the Storage tool, for sharing file systems. Accessible only when Scope=Files.

To Locate a Solaris Management Console Tool

Scope=Files and Scope=name-service contain different tools. Read the online help for what the tool does and how to use it.

  1. To find and use a tool in this-host: Scope=Files, Policy=TSOL in the Navigation pane:

    • Click the System Status key to view the Processes and Log Viewer tools.

    • Click the Trusted Solaris Configuration key to view the Users, Computers and Networks, and Interface Manager tools.

    • Click the Services key to view the SMC Server and the Scheduled Jobs tools.

    • Click the Storage key to view the Mounts and Shares and Disks tools.

    • Click the Devices and Hardware key to view the Serial Ports tool.

  2. To find and use a tool in the name-server: Scope=name-service, Policy=TSOL toolbox in the Navigation pane, click the Trusted Solaris Configuration key.

    The Users and the Computers and Networks tools are available in the name-server: Scope=name-service, Policy=TSOL scope.

  3. In the Navigation pane, click a toolset icon, such as Users.

  4. When prompted, enter the role password in the Role Login prompt.

  5. Double-click the tool, such as User Accounts.

  6. Read and follow the online help for assistance with each tool.