Preface
The SolarisTM SHIELDTM Basic Security Module (BSM) provides additional security features, defined as C2 in the Trusted Computer System Evaluation Criteria (TCSEC), that are not supplied in standard UNIX®. The features provided by the BSM are the security auditing subsystem and a device-allocation mechanism that provides the required object-reuse characteristics for removable or assignable devices. C2 discretionary-access control, as well as C2 identification and authentication features, are provided by the standard Solaris system.
Who Should Use This Book
The SunSHIELD Basic Security Module Guide is intended for the system administrator whose duties include setting up and maintaining BSM. Familiarity with basic system administration concepts and with a text editor are helpful.
How This Book Is Organized
Chapter 1, Installation describes enabling and disabling the BSM. Topics include how to enable the Solaris system to use these additional security features, and how clients and servers interact in an enabled environment.
Chapter 2, Administering Auditing explains the system management and configuration of the auditing subsystem. Topics include managing audit trail storage, determining global and per-user preselection, and setting site-specific configuration options.
Chapter 3, Audit Trail Analysis explains processes for audit trail analysis and postprocessing. Topics discussed include overall audit record structure and formats, the audit trail printing utility, and the audit record selection and merging utility.
Chapter 4, Device Allocation describes the allocation mechanism for removable or assignable devices. Topics discussed include setting up and administering allocatable device files and using the allocation mechanism by nonprivileged users.
Appendix A, Audit Record Descriptions describes in detail the content of the audit records generated.
Appendix B, BSM Reference lists and describes the man pages added for the Solaris SunSHIELDTM Basic Security Module.
Ordering Sun Documents
Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
Accessing Sun Documentation Online
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
What Typographic Conventions Mean
The following table describes the typographic changes used in this book.
Table P-1 Typographic Conventions|
Typeface or Symbol |
Meaning |
Example |
|---|---|---|
|
AaBbCc123 | The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
|
AaBbCc123 | What you type, contrasted with on-screen computer output | machine_name% su Password: |
|
AaBbCc123 | Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
|
AaBbCc123 |
Book titles, new words, or terms, or words to be emphasized. |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
Shell Prompts in Command Examples
The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P-2 Shell Prompts|
Shell |
Prompt |
|---|---|
| C shell prompt | machine_name% |
| C shell superuser prompt | machine_name# |
| Bourne shell and Korn shell prompt | $ |
| Bourne shell and Korn shell superuser prompt | # |
- © 2010, Oracle Corporation and/or its affiliates