JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Trusted Extensions Configuration and Administration     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information


Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

7.  Trusted Extensions Administration Concepts

8.  Trusted Extensions Administration Tools

9.  Getting Started as a Trusted Extensions Administrator (Tasks)

10.  Security Requirements on a Trusted Extensions System (Overview)

11.  Administering Security Requirements in Trusted Extensions (Tasks)

12.  Users, Rights, and Roles in Trusted Extensions (Overview)

13.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

14.  Remote Administration in Trusted Extensions (Tasks)

15.  Trusted Extensions and LDAP (Overview)

16.  Managing Zones in Trusted Extensions (Tasks)

17.  Managing and Mounting Files in Trusted Extensions (Tasks)

18.  Trusted Networking (Overview)

19.  Managing Networks in Trusted Extensions (Tasks)

20.  Multilevel Mail in Trusted Extensions (Overview)

21.  Managing Labeled Printing (Tasks)

22.  Devices in Trusted Extensions (Overview)

23.  Managing Devices for Trusted Extensions (Tasks)

24.  Trusted Extensions Auditing (Overview)

25.  Software Management in Trusted Extensions (Reference)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

C.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Oracle Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

D.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Oracle Solaris Man Pages That Are Modified by Trusted Extensions



Checklist for Configuring Trusted Extensions

The following list summarizes what is required to enable and configure Trusted Extensions at your site. Tasks that are covered elsewhere are cross-referenced.

  1. Read.

  2. Prepare.

    • Decide the root password.

    • Decide the PROM or BIOS security level.

    • Decide the PROM or BIOS password.

    • Decide if attached peripherals are permitted.

    • Decide if access to remote printers is permitted.

    • Decide if access to unlabeled networks is permitted.

    • Decide the zone creation method.

  3. Enable Trusted Extensions.

    1. Install the Oracle Solaris OS.

    2. Enable svc:/system/labeld, the Trusted Extensions service.

  4. Configure two labeled zones automatically

  5. Or, customize your Trusted Extensions configuration.

    1. Verify and install your site's label_encodings file.

    2. If using IPv6, enable IPv6 for Trusted Extensions.

    3. If using a DOI different from 1, set the DOI in the /etc/system and the /etc/security/tsol/tnrhtp files.

    4. Reboot.

    5. Create labeled zones by using the txzonemgr script.

    6. Configure interfaces for the global zone and for labeled zones.

  6. Perform further configurations

    • Configure the naming service.

      • Use the files naming service, which requires no configuration.

      • Or, configure LDAP by creating either a Trusted Extensions proxy server or a Trusted Extensions LDAP server.

    • Configure network connections for LDAP.

      • Assign an LDAP server or proxy server to the cipso host type in a remote host template.

      • Assign the local system to the cipso host type in a remote host template.

      • Make the local system a client of the LDAP server.

    • Configure the network. See Configuring Trusted Network Databases (Task Map).

      • Identify single-label hosts and limited-range hosts.

      • Determine the labels to apply to incoming data from unlabeled hosts.

      • Customize the remote host templates.

      • Assign individual hosts to templates.

      • Assign subnets to templates.

    • Establish static routing. See Configuring Routes and Checking Network Information in Trusted Extensions (Task Map).

    • Configure local users and local administrative roles.

      • Create the Security Administrator role.

      • Create a local user who can assume the Security Administrator role.

      • Create other roles, and possibly other local users to assume these roles.

    • Create home directories on the NFS server.

      • Create home directories for each user at every label that the user can access.

      • (Optional) Prevent users from reading their lower-level home directories.

    • Configure printing. See Managing Printing in Trusted Extensions (Task Map).

    • Configure devices. See Handling Devices in Trusted Extensions (Task Map).

      1. Assign the Device Management profile or the System Administrator profile to a role.

      2. To make devices usable, do one of the following:

        • Per system, make devices allocatable.

        • Assign the Allocate Device authorization to selected users and roles.

    • Configure Oracle Solaris features.