Results of Enabling Trusted Extensions From an Administrator's Perspective

After the Trusted Extensions software is enabled and the system is rebooted, the following security features are in place. Many features are configurable by the security administrator.

• Auditing is enabled.

• A Sun label_encodings file is installed and configured.

• Two trusted desktops are added. Solaris Trusted Extensions (CDE) is the trusted version of CDE. Solaris Trusted Extensions (JDS) is the trusted version of the Sun Java Desktop System. Each windowing environment creates Trusted Path workspaces in the global zone.

• As in the Solaris OS, rights profiles for roles are defined. As in the Solaris OS, roles are not defined .

  To use roles to administer Trusted Extensions, you must create the roles. During configuration, you create the Security Administrator role.

• Three Trusted Extensions network databases, tnrhdb, tnrhtp, and tnzonecfg are added. The databases are administered by using the Security Templates tool and the Trusted Network Zones tool in the Solaris Management Console.

• Trusted Extensions provides GUIs to administer the system. Some GUIs are extensions to a Solaris OS GUI.

  • In Trusted CDE, administrative actions are provided in the Trusted_Extensions folder. Some of these actions are used when you initially configure Trusted Extensions. The tools are introduced in Chapter 2, Trusted Extensions Administration Tools, in Oracle Solaris Trusted Extensions Administrator’s Procedures.

  • A trusted editor enables administrators to modify local administrative files. In Trusted CDE, the Admin Editor action invokes a trusted editor.

  • The Device Allocation Manager manages attached devices.

  • The Solaris Management Console provides Java-based tools to manage local and network administrative databases. The use of these tools is required for managing the trusted network, zones, and users.