Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases

Preface

The Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases guide provides procedures for configuring SolarisTM Trusted Extensions on the Solaris Operating System. This guide also describes preparing the Solaris system to support a secure installation of Solaris Trusted Extensions.


Caution – Caution –

This book is used to install Trusted Extensions for the Solaris 10 11/06 and Solaris 10 8/07 releases only. This book can also be used for the Solaris Express Developer Edition 5/07 release.

For later releases, do not use this book. Use the Solaris Trusted Extensions Configuration Guide.



Note –

This Solaris release supports systems that use the SPARC® and x86 families of processor architectures: UltraSPARC®, SPARC64, AMD64, Pentium, and Xeon EM64T. The supported systems appear in the Solaris OS: Hardware Compatibility Lists at http://www.sun.com/bigadmin/hcl. This document cites any implementation differences between the platform types.

In this document these x86 related terms mean the following:

For supported systems, see the Solaris OS: Hardware Compatibility Lists.


Who Should Use This Book

This book is for knowledgeable system administrators and security administrators who are installing Trusted Extensions software. The level of trust that is required by your site security policy, and your level of expertise, determines who can perform the configuration tasks.

Implementing Site Security

Successfully configuring Trusted Extensions on a system in a way that is consistent with site security requires understanding the security features of Trusted Extensions and your site security policy. Before you install the Solaris Trusted Extensions packages, read Chapter 1, Security Planning for Trusted Extensions for information about how to ensure site security when configuring the software.

Trusted Extensions and the Solaris Operating System

Trusted Extensions installs on top of the Solaris Operating System (Solaris OS). Because Trusted Extensions software can modify the Solaris OS, Trusted Extensions can require specific settings for Solaris installation options. For details, see Chapter 3, Installing Solaris Trusted Extensions Software (Tasks). Also, Trusted Extensions books supplement Solaris books. As administrators, you need access to Solaris books and Trusted Extensions books.

How This Book Is Organized

Chapter 1, Security Planning for Trusted Extensions describes the security issues that you need to consider when configuring Trusted Extensions software on one or more Solaris systems.

Chapter 2, Installation and Configuration Roadmap for Trusted Extensions contains task maps for adding Trusted Extensions software to Solaris systems.

Chapter 3, Installing Solaris Trusted Extensions Software (Tasks) provides instructions on preparing a Solaris system for Trusted Extensions software. It also includes instructions on adding the packages.

Chapter 4, Configuring Trusted Extensions (Tasks) provides instructions on configuring Trusted Extensions software on a system with a monitor.

Chapter 5, Configuring LDAP for Trusted Extensions (Tasks) provides instructions on configuring LDAP for Trusted Extensions.

Chapter 6, Configuring a Headless System With Trusted Extensions (Tasks) describes how to configure and administer Trusted Extensions software on a headless system.

Appendix A, Site Security Policy addresses site security policy and places Trusted Extensions in the context of wider organizational and site security.

Appendix B, Using CDE Actions to Install Zones in Trusted Extensions describes how to configure labeled zones by using Trusted CDE actions.

Appendix C, Configuration Checklist for Trusted Extensions provides a configuration checklist for the install team.

Glossary defines selected terms and phrases that are used in this book.

How the Solaris Trusted Extensions Books Are Organized

The Solaris Trusted Extensions documentation set supplements the documentation for the Solaris 10 8/07 release. Review both sets of documentation to get a more complete understanding of Solaris Trusted Extensions. The Solaris Trusted Extensions documentation set consists of the following books.

Book Title 

Topics 

Audience 

Solaris Trusted Extensions Transition Guide

Provides an overview of the differences between Trusted Solaris 8 software, Solaris 10 8/07 software, and Solaris Trusted Extensions software. 

All 

Solaris Trusted Extensions Reference Manual

Provides Solaris Trusted Extensions man pages. 

All 

Solaris Trusted Extensions User’s Guide

Describes the basic features of Solaris Trusted Extensions. This book contains a glossary. 

End users, administrators, developers 

Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases

Describes how to plan for, install, and configure Solaris Trusted Extensions. 

Administrators, developers 

Solaris Trusted Extensions Administrator’s Procedures

Shows how to perform specific administration tasks. 

Administrators, developers 

Solaris Trusted Extensions Developer’s Guide

Describes how to develop applications with Solaris Trusted Extensions. 

Developers, administrators 

Solaris Trusted Extensions Label Administration

Provides information about how to specify label components in the label encodings file. 

Administrators 

Compartmented Mode Workstation Labeling: Encodings Format

Describes the syntax used in the label encodings file. The syntax enforces the various rules for well-formed labels for a system. 

Administrators 

Related Books from Sun Microsystems

The following books contain information that is useful when you install Solaris Trusted Extensions software.

Solaris Books

Solaris 10 11/06 Installation Guide: Basic Installations – Provides guidance on the installation options for the Solaris OS

Solaris 10 11/06 Installation Guide: Custom JumpStart and Advanced Installations – Provides guidance on disk space requirements, installation methods, and configuration options

System Administration Guide: Basic Administration – Describes basic administrative tasks in the Solaris OS, such as using the Solaris Management Console

System Administration Guide: Advanced Administration – Describes more advanced administrative tasks in the Solaris OS, such as print management

System Administration Guide: IP Services – Describes network configuration tasks in the Solaris OS

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) – Describes the naming services in the Solaris OS

System Administration Guide: Security Services – Describes the security features in the Solaris OS

System Administration Guide: Solaris Containers-Resource Management and Solaris Zones – Describes the containment features in the Solaris OS

Books From Elsewhere

Your site security policy document – Describes the security policy and security procedures at your site

Solaris Common Desktop Environment: Advanced User's and System Administrator's Guide – Describes the Common Desktop Environment (CDE)

The administrator guide for your currently installed operating system – Describes how to back up system files

Related Third-Party Web Site References

Third-party URLs are referenced in this document and provide additional, related information.


Note –

Sun is not responsible for the availability of third-party web sites that are mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services that are available on or through such sites or resources.


Documentation, Support, and Training

The Sun web site provides information about the following additional resources:

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. To share your comments, go to http://docs.sun.com and click Feedback.

Typographic Conventions

The following table describes the typographic conventions that are used in this book.

Table P–1 Typographic Conventions

Typeface 

Meaning 

Example 

AaBbCc123

The names of commands, files, and directories, and onscreen computer output 

Edit your .login file.

Use ls -a to list all files.

machine_name% you have mail.

AaBbCc123

What you type, contrasted with onscreen computer output 

machine_name% su

Password:

aabbcc123

Placeholder: replace with a real name or value 

The command to remove a file is rm filename.

AaBbCc123

Book titles, new terms, and terms to be emphasized 

Read Chapter 6 in the User's Guide.

A cache is a copy that is stored locally.

Do not save the file.

Note: Some emphasized items appear bold online.

Shell Prompts in Command Examples

The following table shows the default UNIX® system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.

Table P–2 Shell Prompts

Shell 

Prompt 

C shell 

machine_name%

C shell for superuser 

machine_name#

Bourne shell and Korn shell 

$

Bourne shell and Korn shell for superuser 

#