When copying to portable media, label the media with the sensitivity label of the information.
During Trusted Extensions configuration, superuser or an equivalent role copies administrative files to and from portable media. Label the media with Trusted Path.
To copy administrative files, you must be superuser or in a role in the global zone.
Allocate the appropriate device.
Use the Device Allocation Manager, and insert clean media. For details, see How to Allocate a Device in Trusted Extensions in Oracle Solaris Trusted Extensions User’s Guide.
In Solaris Trusted Extensions (CDE), a File Manager displays the contents of the portable media.
In Solaris Trusted Extensions (JDS), a File Browser displays the contents.
In this procedure, File Browser is used to refer to this GUI.
Open a second File Browser.
Navigate to the folder that contains the files to be copied
For example, you might have copied files to an /export/clientfiles folder.
For each file, do the following:
Deallocate the device.
On the File Browser for the portable media, choose Eject from the File menu.
Remember to physically affix a label to the media with the sensitivity label of the copied files.
The system administrator wants to ensure that every machine is configured with the same settings. So, on the first machine that is configured, she creates a directory that cannot be deleted between reboots. In that directory, the administrator places the files that should be identical or very similar on all systems.
For example, she copies the Trusted Extensions toolbox that the Solaris Management Console uses for the LDAP scope, /var/sadm/smc/toolboxes/tsol_ldap/tsol_ldap.tbx. She has customized remote host templates in the tnrhtp file, has a list of DNS servers, and audit configuration files. She also modified the policy.conf file for her site. So, she copies the files to the permanent directory.
# mkdir /export/commonfiles # cp /etc/security/policy.conf \ /etc/security/audit_control \ /etc/security/audit_startup \ /etc/security/tsol/tnrhtp \ /etc/resolv.conf \ /etc/nsswitch.conf \ /export/commonfiles
She uses the Device Allocation Manager to allocate a diskette in the global zone, and transfers the files to the diskette. On a separate diskette, labeled ADMIN_HIGH, she puts the label_encodings file for the site.
When she copies the files onto a system, she modifies the dir: entries in the /etc/security/audit_control file for that system.