Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Trusted Extensions Configuration and Administration Oracle Solaris 11 Express 11/10 |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Headless System Configuration in Trusted Extensions (Task Map)
Enable Remote Login by root User in Trusted Extensions
Enable Remote Login by a Role in Trusted Extensions
Enable Remote Login From an Unlabeled System
Enable the Remote Display of Administrative GUIs
Use the rlogin or ssh Command to Log In and Administer a Headless System in Trusted Extensions
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Reference)
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
On headless systems, a console is connected by means of a serial line to a terminal emulator window. The line is typically secured by the tip command. Depending on what type of second system is available, you can use one of the following methods to configure a headless system. The methods are listed from more secure to less secure in the following table. These instructions also apply to remote systems.
|
Note - Consult your security policy to determine which methods of remote administration are permissible at your site.
As in the Oracle Solaris OS, root can log in remotely from a labeled system when the CONSOLE entry is disabled.
If you plan to administer a remote system by editing local files, use this procedure.
# vi /etc/default/login
The edited line appears similar to the following:
#CONSOLE=/dev/console
Modify the /etc/ssh/sshd_config file. By default, ssh is enabled on an Oracle Solaris system.
# vi /etc/ssh/sshd_config
The edited line appears similar to the following:
PermitRootLogin yes
To log in as the root user from an unlabeled system, you must also complete Enable Remote Login From an Unlabeled System.
To enable remote login by a role, continue with Enable Remote Login by a Role in Trusted Extensions.
Follow this procedure only if you must administer a headless system by using the rlogin or ssh command.
Configuration errors can be debugged remotely.
If you are using local files to administer the remote system, you have completed Enable Remote Login by root User in Trusted Extensions. Then, as the root user, perform this task on both systems.
The desktop system and the headless system must identify each other as using the identical security template. For the procedure, see How to Assign a Security Template to a Host or a Group of Hosts.
To assign a temporary label, see Example 6-1.
The names and IDs must be identical, and the role must be assigned to the user on both systems. To create users and roles, see Creating Roles and Users in Trusted Extensions.
# cp /etc/pam.conf /etc/pam.conf.orig
# vi /etc/pam.conf
Use the Tab key between fields. This section now appears similar to the following:
# Default definition for Account management # Used when service name is not explicitly mentioned for account management # # other account requisite pam_roles.so.1 # Enable remote role assumption other account requisite pam_roles.so.1 allow_remote # other account required pam_unix_account.so.1 other account required pam_tsol_account.so.1
# cp /etc/pam.conf /etc/pam.conf.site
If you upgrade the system to a later release, you must then evaluate if you should copy the changes from /etc/pam.conf.site into the pam.conf file.
Example 6-1 Creating a Temporary Definition of a Trusted Extensions Host Type
In this example, the administrator wants to start configuring a remote Trusted Extensions system before the host type definitions are set up. To do so, the administrator uses the tnctl command on the remote system to temporarily define the host type of the desktop system:
remote-TX# tnctl -h desktop-TX:cipso
Later, the administrator wants to reach the remote Trusted Extensions system from a desktop system that is not configured with Trusted Extensions. In this case, the administrator uses the tnctl command on the remote system to temporarily define the host type of the desktop system as an unlabeled system that runs at the ADMIN_LOW label:
remote-TX# tnctl -h desktop-TX:admin_low
This procedure is not secure.
You have relaxed PAM policy to allow remote role assumption, as described in Enable Remote Login by a Role in Trusted Extensions.
Caution - With the default settings, another unlabeled system could log in and administer the remote system. Therefore, you must change the 0.0.0.0 network default from ADMIN_LOW to a different label. For the procedure, see How to Limit the Hosts That Can Be Contacted on the Trusted Network. |
The procedure for remote display on a desktop is identical to the procedure on an Oracle Solaris system that is not configured with Trusted Extensions. This procedure is placed here for convenience.
desktop $ xhost + headless-host
desktop $ echo $DISPLAY :n.n
headless $ DISPLAY=desktop:n.n headless $ export DISPLAY=n:n
This procedure enables you to use the command line and the txzonemgr GUI to administer a headless system as superuser or as a role.
Note - Remote login by using the rlogin command is less secure than remote login by using the ssh command.
You have completed Enable Remote Login by a Role in Trusted Extensions.
You are a user who is enabled to log in to the headless system with that same user name and user ID, and you can assume the same role on the headless system that you can assume on the desktop system.
desktop $ xhost + headless-host desktop $ echo $DISPLAY :n.n
desktop $ ssh -l identical-username headless Password: Type the user's password headless $
desktop # rlogin headless Password: Type the user's password headless $
Use the same terminal window. For example, assume the root role.
headless $ su - root Password: Type the root password
You are now in the global zone. You can now use this terminal to administer the headless system from the command line.
Note - You can also display remote GUIs by logging in with the ssh -X command. For more information, see the ssh(1) man page. For an example, see Example 6-2.
headless $ DISPLAY desktop:n.n headless $ export DISPLAY=n:n
You can now administer the headless system by using Trusted Extensions GUIs. For example, start the txzonemgr GUI:
headless $ /usr/sbin/txzonemgr
The Labeled Zone Manager runs on the remote system and displays on the desktop system.
Example 6-2 Configuring Labeled Zones on a Headless System
In this example, the administrator uses the txzonemgr GUI to configure labeled zones on a labeled headless system from a labeled desktop system. As in the Oracle Solaris OS, the administrator enables X server access to the desktop system by using the -X option to the ssh command. The user install1 is defined identically on both systems, and can assume the role remoterole.
TXdesk1 $ xhost + TXnohead4 TXdesk1 $ whoami install1
TXdesk1 $ ssh -X -l install1 TXnohead4 Password: Ins1PwD1 TXnohead4 $
To reach the global zone, the administrator assumes the role remoterole. This role is defined identically on both systems.
TXnohead4 # su - remoterole Password: abcd1EFG
Then, the administrator starts the txzonemgr GUI.
TXnohead4 $ /usr/sbin/txzonemgr &
The Labeled Zone Manager runs on the headless system and displays on the desktop system.