Skip Navigation Links
Trusted Extensions Configuration Guide
Oracle Solaris 10 8/11 Information Library
Search Scope:
This Document
Entire Library
Trusted Extensions Configuration Guide
April 2012
Explains how to enable and initially configure the Trusted Extensions feature of Oracle Solaris.
Document Information
Preface
1. Security Planning for Trusted Extensions
Planning for Security in Trusted Extensions
Understanding Trusted Extensions
Understanding Your Site's Security Policy
Planning Who Will Configure Trusted Extensions
Devising a Label Strategy
For International Customers of Trusted Extensions
Planning System Hardware and Capacity for Trusted Extensions
Planning Your Trusted Network
Planning Your Labeled Zones in Trusted Extensions
Trusted Extensions Zones and Oracle Solaris Zones
Zone Creation in Trusted Extensions
Planning for Multilevel Access
Planning for the LDAP Naming Service in Trusted Extensions
Planning for Auditing in Trusted Extensions
Planning User Security in Trusted Extensions
Devising a Configuration Strategy for Trusted Extensions
Resolving Additional Issues Before Enabling Trusted Extensions
Backing Up the System Before Enabling Trusted Extensions
Results of Enabling Trusted Extensions From an Administrator's Perspective
2. Configuration Roadmap for Trusted Extensions
Task Map: Preparing an Oracle Solaris System for Trusted Extensions
Task Map: Preparing For and Enabling Trusted Extensions
Task Map: Configuring Trusted Extensions
3. Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)
Initial Setup Team Responsibilities
Installing or Upgrading the Oracle Solaris Operating System for Trusted Extensions
Install an Oracle Solaris System to Support Trusted Extensions
Prepare an Installed Oracle Solaris System for Trusted Extensions
Collecting Information and Making Decisions Before Enabling Trusted Extensions
Collect System Information Before Enabling Trusted Extensions
Make System and Security Decisions Before Enabling Trusted Extensions
Enabling the Trusted Extensions Service
Enable Trusted Extensions
4. Configuring Trusted Extensions (Tasks)
Setting Up the Global Zone in Trusted Extensions
Check and Install Your Label Encodings File
Enable IPv6 Networking in Trusted Extensions
Configure the Domain of Interpretation
Create ZFS Pool for Cloning Zones
Reboot and Log In to Trusted Extensions
Initialize the Solaris Management Console Server in Trusted Extensions
Make the Global Zone an LDAP Client in Trusted Extensions
Creating Labeled Zones
Run the
txzonemgr
Script
Configure the Network Interfaces in Trusted Extensions
Name and Label the Zone
Install the Labeled Zone
Boot the Labeled Zone
Verify the Status of the Zone
Customize the Labeled Zone
Copy or Clone a Zone in Trusted Extensions
Adding Network Interfaces and Routing to Labeled Zones
Add a Network Interface to Route an Existing Labeled Zone
Add a Network Interface That Does Not Use the Global Zone to Route an Existing Labeled Zone
Configure a Name Service Cache in Each Labeled Zone
Creating Roles and Users in Trusted Extensions
Create Rights Profiles That Enforce Separation of Duty
Create the Security Administrator Role in Trusted Extensions
Create a Restricted System Administrator Role
Create Users Who Can Assume Roles in Trusted Extensions
Verify That the Trusted Extensions Roles Work
Enable Users to Log In to a Labeled Zone
Creating Home Directories in Trusted Extensions
Create the Home Directory Server in Trusted Extensions
Enable Users to Access Their Home Directories in Trusted Extensions
Adding Users and Hosts to an Existing Trusted Network
Add an NIS User to the LDAP Server
Troubleshooting Your Trusted Extensions Configuration
netservices limited
Was Run After Trusted Extensions Was Enabled
Cannot Open the Console Window in a Labeled Zone
Labeled Zone Is Unable to Access the X Server
Additional Trusted Extensions Configuration Tasks
How to Copy Files to Portable Media in Trusted Extensions
How to Copy Files From Portable Media in Trusted Extensions
How to Remove Trusted Extensions From the System
5. Configuring LDAP for Trusted Extensions (Tasks)
Configuring an LDAP Server on a Trusted Extensions Host (Task Map)
Configuring an LDAP Proxy Server on a Trusted Extensions Host (Task Map)
Configuring the Sun Java System Directory Server on a Trusted Extensions System
Collect Information for the Directory Server for LDAP
Install the Sun Java System Directory Server
Create an LDAP Client for the Directory Server
Configure the Logs for the Sun Java System Directory Server
Configure a Multilevel Port for the Sun Java System Directory Server
Populate the Sun Java System Directory Server
Creating a Trusted Extensions Proxy for an Existing Sun Java System Directory Server
Create an LDAP Proxy Server
Configuring the Solaris Management Console for LDAP (Task Map)
Register LDAP Credentials With the Solaris Management Console
Enable the Solaris Management Console to Accept Network Communications
Edit the LDAP Toolbox in the Solaris Management Console
Verify That the Solaris Management Console Contains Trusted Extensions Information
6. Configuring a Headless System With Trusted Extensions (Tasks)
Headless System Configuration in Trusted Extensions (Task Map)
Enable Remote Login by
root
User in Trusted Extensions
Enable Remote Login by a Role in Trusted Extensions
Enable Remote Login From an Unlabeled System
Use a Remote Solaris Management Console to Administer in the Files Scope
Enable the Remote Display of Administrative GUIs
Use the
rlogin
or
ssh
Command to Log In and Administer a Headless System in Trusted Extensions
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
U.S. Government Publications
UNIX Security Publications
General Computer Security Publications
General UNIX Publications
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Specify Two IP Addresses for the System by Using a CDE Action
Specify One IP Address for the System by Using a CDE Action
Preparing to Create Zones by Using CDE Actions (Task Map)
Specify Zone Names and Zone Labels by Using a CDE Action
Creating Labeled Zones by Using CDE Actions (Task Map)
Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
Resolve Local Zone to Global Zone Routing in Trusted CDE
Customize a Booted Zone in Trusted Extensions
Use the Copy Zone Method in Trusted Extensions
Use the Clone Zone Method in Trusted Extensions
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
Glossary
Index
A
B
C
D
E
F
H
I
L
M
N
O
P
R
S
T
U
V
W
Z