JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11 Security Guidelines     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information


1.  Overview of Oracle Solaris Security

2.  Configuring Oracle Solaris Security

Installing the Oracle Solaris OS

Securing the System

How to Verify Your Packages

How to Disable Unneeded Services

How to Remove Power Management Capability From Users

How to Place a Security Message in Banner Files

How to Place a Security Message on the Desktop Login Screen

Securing Users

How to Set Stronger Password Constraints

How to Set Account Locking for Regular Users

How to Set More Restrictive umask Value for Regular Users

How to Audit Significant Events in Addition to Login/Logout

How to Monitor lo Events in Real Time

How to Remove Unneeded Basic Privileges From Users

Securing the Kernel

Configuring the Network

How to Display a Security Message to ssh Users

How to Use TCP Wrappers

Protecting File Systems and Files

How to Limit the Size of the tmpfs File System

Protecting and Modifying Files

Securing Applications and Services

Creating Zones to Contain Critical Applications

Managing Resources in Zones

Configuring IPsec and IKE

Configuring IP Filter

Configuring Kerberos

Adding SMF to a Legacy Service

Creating a BART Snapshot of the System

Adding Multilevel (Labeled) Security

Configuring Trusted Extensions

Configuring Labeled IPsec

3.  Monitoring and Maintaining Oracle Solaris Security

A.  Bibliography for Oracle Solaris Security

Adding Multilevel (Labeled) Security

Trusted Extensions extends Oracle Solaris security by enforcing a mandatory access control (MAC) policy. Sensitivity labels are automatically applied to all sources of data (networks, file systems, and windows) and consumers of data (user and processes). Access to all data is restricted based on the relationship between the label of the data (object) and the consumer (subject). The layered functionality consists of a set of label-aware services.

A partial list of Trusted Extensions services includes:

The group/feature/trusted-desktop packages provide the Oracle Solaris multilevel, trusted desktop environment.

Configuring Trusted Extensions

You must install the Trusted Extensions packages, then configure the system. After package installation, the system can run a desktop with a directly connected bitmapped display, such as a laptop or workstation. Network configuration is required to communicate with other systems.

For information and procedures see the following:

Configuring Labeled IPsec

You can protect your labeled packets with IPsec.

For information and procedures see the following: