|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Trusted Extensions Administrator's Procedures Oracle Solaris 10 8/11 Information Library|
Trusted Extensions uses the same security features that the Oracle Solaris OS provides, and adds some features. For example, the Oracle Solaris OS provides eeprom protection, password requirements and strong password algorithms, system protection by locking out a user, and protection from keyboard shutdown.
Trusted Extensions differs from the Oracle Solaris OS in the actual procedures that are used to modify these security defaults. In Trusted Extensions, you typically administer systems by assuming a role. Local settings are modified by using the trusted editor. Changes that affect the network of users, roles, and hosts are made in the Solaris Management Console.
Procedures are provided in this book where Trusted Extensions requires a particular interface to modify security settings, and that interface is optional in the Oracle Solaris OS. Where Trusted Extensions requires the use of the trusted editor to edit local files, no separate procedures are provided in this book. For example, the procedure How to Prevent Account Locking for Users describes how to update a user's account by using the Solaris Management Console to prevent the account from being locked. However, the procedure for setting a system-wide password lock policy is not provided in this book. You follow the Oracle Solaris instructions, except that in Trusted Extensions, you use the trusted editor to modify the system file.
The following Oracle Solaris security mechanisms are extensible in Trusted Extensions as they are in the Oracle Solaris OS:
Audit events and classes – Adding audit events and audit classes is described in Chapter 30, Managing Oracle Solaris Auditing (Tasks), in System Administration Guide: Security Services.
Rights profiles – Adding rights profiles is described in Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.
Roles – Adding roles is described in Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.
Authorizations – For an example of adding a new authorization, see Customizing Device Authorizations in Trusted Extensions (Task Map).
As in the Oracle Solaris OS, privileges cannot be extended.
Trusted Extensions provides the following unique security features:
Labels – Subjects and objects are labeled. Processes are labeled. Zones and the network are labeled.
Device Allocation Manager – By default, devices are protected by allocation requirements. The Device Allocation Manager GUI is the interface for administrators and for regular users.