Skip Navigation Links | |
Exit Print View | |
Oracle Solaris 11 Security Guidelines Oracle Solaris 11 Information Library |
1. Overview of Oracle Solaris 11 Security
2. Configuring Oracle Solaris 11 Security
Installing the Oracle Solaris OS
Remove Power Management Capability From Users
Place Security Message in Banner Files
Place Security Message on the Desktop Login Screen
Set Stronger Password Constraints
Set Account Locking for Regular Users
Set More Restrictive umask Value for Regular Users
Audit Significant Events in Addition to Login/Logout
Monitor lo Events in Real Time
Remove Unneeded Basic Privileges From Users
Display Security Message to ssh and ftp Users
Disable the Network Routing Daemon
Disable Broadcast Packet Forwarding
Disable Responses to Echo Requests
Set Maximum Number of Incomplete TCP Connections
Set Maximum Number of Pending TCP Connections
Specify a Strong Random Number for Initial TCP Connection
Reset Network Parameters to Secure Values
Protecting File Systems and Files
Protecting and Modifying Files
Securing Applications and Services
Creating Zones to Contain Critical Applications
Adding SMF to a Legacy Service
Creating a BART Snapshot of the System
Trusted Extensions extends Oracle Solaris security by enforcing a mandatory access control (MAC) policy. Sensitivity labels are automatically applied to all sources of data (networks, file systems, and windows) and consumers of data (user and processes). Access to all data is restricted based on the relationship between the label of the data (object) and the consumer (subject). The layered functionality consists of a set of label-aware services.
A partial list of Trusted Extensions services includes:
Labeled networking
Label-aware file system mounting and sharing
Labeled desktop
Label configuration and translation
Label-aware system management tools
Label-aware device allocation
The group/feature/trusted-desktop packages provide the Oracle Solaris multilevel, trusted desktop environment.
You must install the Trusted Extensions packages, then configure the system. After package installation, the system can run a desktop with a directly connected bitmapped display, such as a laptop or workstation. Network configuration is required to communicate with other systems.
For information and procedures see the following:
You can protect your labeled packets with IPsec.
For information and procedures see the following: