How to Determine If You Need Site-Specific Security Templates

Before You Begin

You must be in the Security Administrator role in the global zone.

1. Familiarize yourself with the Trusted Extensions templates.

   Read the tnrhtp file on a local host. The comments in the file are helpful. You can also view the security attribute values in the Security Templates tool in the Solaris Management Console.

   • The default templates match any installation. The label range for each template is ADMIN_LOW to ADMIN_HIGH.

   • The cipso template defines a CIPSO host type whose DOI is 1. The label range for the template is ADMIN_LOW to ADMIN_HIGH.

   • The admin_low template defines an unlabeled host whose DOI is 1. The template's default label is ADMIN_LOW. The label range for the template is ADMIN_LOW to ADMIN_HIGH. In the default configuration, the address 0.0.0.0 is assigned to this template. Therefore, all non-CIPSO hosts are treated as hosts that operate at the ADMIN_LOW security label.

2. Keep the default templates.

   For support purposes, do not delete or modify the default templates. You can change the host that is assigned these default templates. For an example, see How to Limit the Hosts That Can Be Contacted on the Trusted Network.

3. Create new templates if you want to do any of the following:

   • Limit the label range of a host or a group of hosts.

   • Create a single-label host.

   • Create a host that recognizes a few discrete labels.

   • Use a different DOI than 1.

   • Require a default label for unlabeled hosts that is not ADMIN_LOW.

   For details, see How to Construct a Remote Host Template.