Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Trusted Extensions Configuration and Administration Oracle Solaris 11 Express 11/10 |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
Configurable Oracle Solaris Security Features
Trusted Extensions Interfaces for Configuring Security Features
Extension of Oracle Solaris Security Mechanisms by Trusted Extensions
Security Requirements Enforcement
Users and Security Requirements
Rules When Changing the Level of Security for Data
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Reference)
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
Trusted Extensions uses the same security features that the Oracle Solaris OS provides, and adds some features. For example, the Oracle Solaris OS provides eeprom protection, password requirements and strong password algorithms, system protection by locking out a user, and protection from keyboard shutdown.
Trusted Extensions differs from the Oracle Solaris OS in the actual procedures that are used to modify these security defaults. In Trusted Extensions, you typically administer systems by assuming a role. Settings are modified by editing local files.
Procedures are provided in this book where Trusted Extensions requires a particular interface to modify security settings, and that interface is optional in the Oracle Solaris OS.
The following Oracle Solaris security mechanisms are extensible in Trusted Extensions as they are in the Oracle Solaris OS:
Audit events and classes – Adding audit events and audit classes is described in Chapter 30, Managing Oracle Solaris Auditing (Tasks), in System Administration Guide: Security Services.
Rights profiles – Adding rights profiles is described in Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.
Roles – Adding roles is described in Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.
Authorizations – For an example of adding a new authorization, see Customizing Device Authorizations in Trusted Extensions (Task Map).
As in the Oracle Solaris OS, privileges cannot be extended.
Trusted Extensions provides the following unique security features:
Labels – Subjects and objects are labeled. Processes are labeled. Zones and the network are labeled.
Device Manager – By default, devices are protected by allocation requirements. The Device Manager GUI is the interface for administrators and for regular users.
Change Password menu item – The Trusted Path menu enables you to change your user password, and the password of the role that you have assumed.
Change Workspace Label menu item – Workspaces are labeled,and users in multilevel sessions can change the workspace label. By default, users must provide a password when entering a workspace of a different label.