The following list of guidelines provides some things to consider when developing a security policy for your site.
The maximum label of the Trusted Solaris operating environment (the highest label in the user accreditation range) should not be greater than the maximum security level of work being done at the site.
System reboots, power failures, and shutdowns should all be recorded manually in a site log.
File-system damage should be documented and all affected files should be analyzed for potential security-policy violations.
Operating manuals and administrator documentation should be restricted to individuals with a valid need for access to that information.
Unusual or unexpected behavior of any Trusted Solaris software should be reported and documented, and the cause should be determined.
If possible, at least two individuals should administer a Trusted Solaris system. One should be assigned security administrator authorization for security-related decisions, and the other should be assigned the system administrator authorization for computer management tasks.
A regular backup routine should be established.
Authorizations should be assigned only to users who need them and who can be trusted to use them properly.
Privileges should be assigned to programs only when the program needs the privileges to do its work, and only when the programs have been scrutinized and proven to be trustworthy in their use of privilege. Review the privileges on existing Trusted Solaris programs for a guide to setting privileges on new programs.
Audit information should be reviewed and analyzed regularly. Any irregular events should be noted and investigated to determine the cause of the event.
The number of administration IDs should be minimized. The install user account should be disabled after an authorized security administrator user is established.
The number of set user ID and set group ID programs should be minimized. Setuid/setgid programs should be employed only in protected subsystems.
An administrator should regularly verify that normal users have a valid login shell.
An administrator should regularly verify that normal users have valid user ID values and not system administration ID values.