JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Configuration and Administration     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

6.  Trusted Extensions Administration Concepts

7.  Trusted Extensions Administration Tools

8.  Security Requirements on a Trusted Extensions System (Overview)

9.  Performing Common Tasks in Trusted Extensions

10.  Users, Rights, and Roles in Trusted Extensions (Overview)

11.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

12.  Remote Administration in Trusted Extensions (Tasks)

13.  Managing Zones in Trusted Extensions

14.  Managing and Mounting Files in Trusted Extensions

15.  Trusted Networking (Overview)

16.  Managing Networks in Trusted Extensions (Tasks)

17.  Trusted Extensions and LDAP (Overview)

18.  Multilevel Mail in Trusted Extensions (Overview)

19.  Managing Labeled Printing (Tasks)

20.  Devices in Trusted Extensions (Overview)

21.  Managing Devices for Trusted Extensions (Tasks)

22.  Trusted Extensions Auditing (Overview)

23.  Software Management in Trusted Extensions

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

C.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Oracle Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

D.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Oracle Solaris Man Pages That Are Modified by Trusted Extensions

Glossary

Index

A

B

C

D

E

F

G

H

I

K

L

M

N

O

P

R

S

T

U

V

W

X

Z

Index

A

access
See computer access
remote systems, index iconRemote Administration in Trusted Extensions (Tasks)
access policy
devices, index iconDevice Access Policies
Discretionary Access Control (DAC)
index iconTrusted Extensions and the Oracle Solaris OS
index iconDifferences Between Trusted Extensions and the Oracle Solaris OS
Mandatory Access Control (MAC), index iconDifferences Between Trusted Extensions and the Oracle Solaris OS
accessing
administrative tools, index iconGetting Started as a Trusted Extensions Administrator (Task Map)
audit records by label, index iconAudit Tasks in Trusted Extensions
devices, index iconDevice Protection With Trusted Extensions Software
global zone, index iconHow to Enter the Global Zone in Trusted Extensions
home directories, index iconZones in Trusted Extensions
labeled zones by users, index iconHow to Enable Users to Log In to a Labeled Zone
printers, index iconLabels, Printers, and Printing
remote multilevel desktop, index iconHow to Configure a Trusted Extensions System With Xvnc for Remote Access
ZFS dataset mounted in lower-level zone from higher-level zone, index iconHow to Share a ZFS Dataset From a Labeled Zone
account locking, preventing for users who can assume roles, index iconHow to Prevent Account Locking for Users
accounts
See also roles
See also users
creating, index iconCreating Roles and Users in Trusted Extensions
planning, index iconPlanning User Security in Trusted Extensions
accreditation checks, index iconTrusted Extensions Accreditation Checks
accreditation ranges, label_encodings file, index iconLabel Encodings File
adding
IPsec protections, index iconHow to Apply IPsec Protections in a Multilevel Trusted Extensions Network
LDAP role with roleadd, index iconHow to Create the Security Administrator Role in Trusted Extensions
local role with roleadd, index iconHow to Create the Security Administrator Role in Trusted Extensions
local user with useradd, index iconHow to Create Users Who Can Assume Roles in Trusted Extensions
logical interfaces, index iconHow to Add an IP Instance to a Labeled Zone
multilevel dataset, index iconHow to Create and Share a Multilevel Dataset
network databases to LDAP server, index iconPopulate the Oracle Directory Server Enterprise Edition
nscd daemon to every labeled zone, index iconHow to Configure a Separate Name Service for Each Labeled Zone
remote host templates, index iconCreating Security Templates (Tasks)
remote hosts, index iconHow to Connect a Trusted Extensions System to Other Trusted Extensions Systems
roles, index iconCreating Roles and Users in Trusted Extensions
secondary zones, index iconHow to Create a Secondary Labeled Zone
shared network interfaces, index iconHow to Share a Single IP Address With All Zones
Trusted Extensions packages, index iconAdd Trusted Extensions Packages to an Oracle Solaris System
users who can assume roles, index iconHow to Create Users Who Can Assume Roles in Trusted Extensions
VNIC interfaces, index iconHow to Add a Virtual Network Interface to a Labeled Zone
zone-specific nscd daemon, index iconHow to Configure a Separate Name Service for Each Labeled Zone
Additional Trusted Extensions Configuration Tasks, index iconAdditional Trusted Extensions Configuration Tasks
ADMIN_HIGH label
body page labels and, index iconHow to Configure a Zone as a Single-Level Print Server
devices and, index iconDevice Protection With Trusted Extensions Software
global zone processes and zones, index iconGlobal Zone Processes and Labeled Zones
mlslabel and, index iconmlslabel Property and Mounting Single-Level File Systems
multilevel datasets and, index iconNo Privilege Overrides for MAC Read-Write Policy
NFS-mounted files in global zone, index iconTrusted Extensions Policy for Single-Level Datasets
no localization, index iconFor International Customers of Trusted Extensions
role clearance, index iconHow to Create a System Administrator Role
roles and, index iconRole Creation in Trusted Extensions
top administrative label, index iconDominance Relationships Between Labels
ADMIN_LOW label
lowest label, index iconDominance Relationships Between Labels
protecting administrative files, index iconPassword Protection
limitations on unlabeled system mounts, index iconSharing and Mounting Files in the Global Zone
mounting files and, index iconSharing and Mounting Files in the Global Zone
administering
account locking, index iconHow to Prevent Account Locking for Users
assigning device authorizations, index iconHow to Assign Device Authorizations
auditing in Trusted Extensions, index iconAudit Management by Role in Trusted Extensions
changing label of information, index iconHow to Enable a User to Change the Security Level of Data
convenient authorizations for users, index iconHow to Create a Rights Profile for Convenient Authorizations
device allocation, index iconHow to Assign Device Authorizations
device authorizations, index iconHow to Create New Device Authorizations
devices
index iconManaging Devices for Trusted Extensions (Tasks)
index iconManaging Devices in Trusted Extensions (Task Map)
file systems
mounting, index iconHow to NFS Mount Files in a Labeled Zone
overview, index iconTrusted Extensions Policies for Mounted File Systems
troubleshooting, index iconHow to Troubleshoot Mount Failures in Trusted Extensions
files
backing up with labels, index iconHow to Back Up Files in Trusted Extensions
restoring with labels, index iconHow to Restore Files in Trusted Extensions
from the global zone, index iconHow to Enter the Global Zone in Trusted Extensions
labeled IPsec, index iconConfiguring Labeled IPsec (Task Map)
labeled printing, index iconManaging Labeled Printing (Tasks)
LDAP, index iconTrusted Extensions and LDAP (Overview)
mail, index iconMultilevel Mail in Trusted Extensions (Overview)
multilevel datasets, index iconResults of Sharing and Mounting File Systems in Trusted Extensions
multilevel ports, index iconHow to Create a Multilevel Port for a Zone
printing, index iconManaging Printing in Trusted Extensions (Tasks)
quick reference for administrators, index iconQuick Reference to Trusted Extensions Administration
remote host templates, index iconCreating Security Templates (Tasks)
remotely, index iconRemote Administration in Trusted Extensions (Tasks)
routes with security attributes, index iconHow to Add Default Routes
security templates
index iconHow to Add a Host to a Security Template
index iconHow to Add a Range of Hosts to a Security Template
sharing file systems, index iconHow to Share File Systems From a Labeled Zone
startup files for users, index iconHow to Configure Startup Files for Users in Trusted Extensions
system files, index iconHow to Change Security Defaults in System Files
third-party software, index iconSoftware Management in Trusted Extensions
trusted network, index iconManaging Networks in Trusted Extensions (Tasks)
unlabeled printing, index iconReducing Printing Restrictions in Trusted Extensions (Task Map)
user privileges, index iconHow to Restrict a User's Set of Privileges
users
index iconDecisions to Make Before Creating Users in Trusted Extensions
index iconManaging Users, Rights, and Roles in Trusted Extensions (Tasks)
index iconManaging Users and Rights (Task Map)
zones, index iconManaging Zones (Task Map)
zones by using txzonemgr, index iconZone Administration Utilities in Trusted Extensions
administrative labels, index iconDominance Relationships Between Labels
administrative roles, See roles
administrative tools
accessing, index iconGetting Started as a Trusted Extensions Administrator (Task Map)
commands, index iconCommand Line Tools in Trusted Extensions
configuration files, index iconConfiguration Files in Trusted Extensions
description, index iconTrusted Extensions Administration Tools
Device Manager, index iconDevice Manager
label builder, index iconLabel Builder in Trusted Extensions
Labeled Zone Manager, index icontxzonemgr Script
Selection Manager, index iconSelection Manager in Trusted Extensions
txzonemgr script, index icontxzonemgr Script
Allocate Device authorization
index iconHow to Create a Rights Profile for Convenient Authorizations
index iconDevice Protection With Trusted Extensions Software
index iconHow to Assign Device Authorizations
index iconHow to Assign Device Authorizations
allocate error state, correcting, index iconHow to Revoke or Reclaim a Device in Trusted Extensions
allocating, using Device Manager, index iconDevice Manager GUI
allocating devices, for copying data, index iconHow to Copy Files to Portable Media in Trusted Extensions
application security label, index iconLabels for IPsec-Protected Exchanges
applications
enabling initial network contact between client and server, index iconHow to Limit the Hosts That Can Be Contacted on the Trusted Network
evaluating for security, index iconSecurity Administrator Responsibilities for Trusted Programs
trusted and trustworthy, index iconEvaluating Software for Security
assigning
privileges to users, index iconSecurity Attribute Assignment to Users in Trusted Extensions
rights profiles, index iconSecurity Attribute Assignment to Users in Trusted Extensions
Assume Role menu item, index iconHow to Enter the Global Zone in Trusted Extensions
assuming, roles, index iconHow to Enter the Global Zone in Trusted Extensions
atohexlabel command, index iconHow to Obtain the Hexadecimal Equivalent for a Label
audio devices, preventing remote allocation, index iconHow to Protect Nonallocatable Devices in Trusted Extensions
Audit Review profile, reviewing audit records, index iconAudit Tasks in Trusted Extensions
audit tokens for Trusted Extensions
label token, index iconlabel Token
list of, index iconTrusted Extensions Audit Tokens
xatom token, index iconxatom Token
xcolormap token, index iconxcolormap Token
xcursor token, index iconxcursor Token
xfont token, index iconxfont Token
xgc token, index iconxgc Token
xpixmap token, index iconxpixmap Token
xproperty token, index iconxproperty Token
xselect token, index iconxselect Token
xwindow token, index iconxwindow Token
auditing in Trusted Extensions
additional audit events, index iconTrusted Extensions Audit Events
additional audit policies, index iconTrusted Extensions Audit Policy Options
additional audit tokens, index iconTrusted Extensions Audit Tokens
additions to existing auditing commands, index iconExtensions to Auditing Commands in Trusted Extensions
differences from Oracle Solaris auditing, index iconTrusted Extensions and Auditing
planning, index iconPlanning for Auditing in Trusted Extensions
reference, index iconTrusted Extensions Auditing (Overview)
roles for administering, index iconAudit Management by Role in Trusted Extensions
tasks, index iconAudit Tasks in Trusted Extensions
X audit classes, index iconTrusted Extensions Audit Classes
authorizations
adding new device authorizations, index iconHow to Create New Device Authorizations
Allocate Device
index iconDevice Protection With Trusted Extensions Software
index iconHow to Assign Device Authorizations
index iconHow to Assign Device Authorizations
assigning, index iconSecurity Attribute Assignment to Users in Trusted Extensions
assigning device authorizations, index iconHow to Assign Device Authorizations
authorizing a user or role to change label, index iconHow to Enable a User to Change the Security Level of Data
Configure Device Attributes, index iconHow to Assign Device Authorizations
convenient for users, index iconHow to Create a Rights Profile for Convenient Authorizations
creating customized device authorizations, index iconHow to Create New Device Authorizations
creating local and remote device authorizations, index iconHow to Create New Device Authorizations
customizing for devices, index iconHow to Add Site-Specific Authorizations to a Device in Trusted Extensions
granted, index iconTrusted Extensions and Access Control
profiles that include device allocation authorizations, index iconHow to Assign Device Authorizations
Revoke or Reclaim Device
index iconHow to Assign Device Authorizations
index iconHow to Assign Device Authorizations
authorizing
device allocation, index iconHow to Assign Device Authorizations
unlabeled printing, index iconReducing Printing Restrictions in Trusted Extensions (Task Map)