This checklist provides an overall view of the major configuration tasks for Solaris Trusted Extensions. The smaller tasks are outlined within the major tasks. The checklist does not replace following the steps in this guide.
The following list summarizes what is required to install and configure Trusted Extensions at your site. Tasks that are covered in other books are cross-referenced.
Read.
Read the first five chapters of Solaris Trusted Extensions Administrator’s Procedures.
Understand site security requirements.
Prepare.
Decide the root password.
Decide the PROM or BIOS security level.
Decide the PROM or BIOS password.
Decide if attached peripherals are permitted.
Decide if access to remote printers is permitted.
Decide if access to unlabeled networks is permitted.
Decide the zone creation method.
Install Trusted Extensions.
If using IPv6, enable IPv6 for Trusted Extensions.
(Optional) Create ZFS pool for cloning zones.
Configure labels.
Finalize your site's label_encodings file.
Check and install the file.
Reboot.
Configure interfaces for the global zone and for labeled zones.
Configure the Solaris Management Console.
Configure the naming service.
Configure network connections for LDAP.
Assign an LDAP server or proxy server to the cipso host type in a remote host template.
Assign the local system to the cipso host type in a remote host template.
Make the local system a client of the LDAP server.
Create labeled zones.
OPTION 1: Use txzonemgr script.
OPTION 2: Use Trusted CDE actions.
Configure labeled zones
In the Solaris Management Console, associate zone names with particular labels.
Run the Configure Zone action.
Run the Install Zone action.
Run the Initialize for LDAP action.
Run the Start Zone action.
Customize the running zone.
Run the Shut Down Zone action.
Customize the zone while the zone is shut down.
(Optional) Create a ZFS snapshot.
Create the remaining zones from scratch, or by using the Copy Zone or the Clone Zone action.
Configure the network. See Configuring Trusted Network Databases (Task Map) in Solaris Trusted Extensions Administrator’s Procedures.
Identify single-label hosts and limited-range hosts.
Determine the labels to apply to incoming data from unlabeled hosts.
Customize the remote host templates.
Assign individual hosts to templates.
Assign subnets to templates.
Establish static routing. See Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) in Solaris Trusted Extensions Administrator’s Procedures.
Configure local users and local administrative roles.
Create the Security Administrator role.
Create a local user who can assume the Security Administrator role.
Create other roles, and possibly other local users to assume these roles.
Create home directories on the NFS server.
Create home directories for each user at every label that the user can access.
(Optional) Prevent users from reading their lower-level home directories.
Configure printing. See Managing Printing in Trusted Extensions (Task Map) in Solaris Trusted Extensions Administrator’s Procedures.
Configure devices. See Handling Devices in Trusted Extensions (Task Map) in Solaris Trusted Extensions Administrator’s Procedures.
Configure Solaris features.
Configure auditing.
Configure security settings.
Enable particular LDAP clients to be LDAP administration systems.
Configure users in LDAP.
Configure network roles in LDAP.
Mount and share file systems. See Chapter 11, Managing and Mounting Files in Trusted Extensions (Tasks), in Solaris Trusted Extensions Administrator’s Procedures