| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions
14. Managing and Mounting Files in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions adds information to the following Oracle Solaris man pages.
Trusted Extensions Modification and Links to Additional Information
Adds options to support allocating a device in a zone and cleaning the device in a windowed environment. In Trusted Extensions, regular users do not use this command.
For the user procedure, see How to Allocate a Device in Trusted Extensions in Trusted Extensions User’s Guide.
Adds the window policy, audit classes, audit events, and audit tokens for labeled information.
Adds the -l option to select audit records by label.
For examples, see How to Select Audit Events From the Audit Trail in Oracle Solaris 11.1 Administration: Security Services.
Adds label authorizations
Adds the capability to mount, and therefore view, lower-level home directories. Modifies the names and contents of auto_home maps to account for zone names and zone visibility from higher labels.
For more information, see Changes to the Automounter in Trusted Extensions.
Adds options to support deallocating a device in a zone, cleaning the device in a windowed environment, and specifying the type of device to deallocate. In Trusted Extensions, regular users do not use this command.
For the user procedure, see How to Allocate a Device in Trusted Extensions in Trusted Extensions User’s Guide.
Is invoked by default in Trusted Extensions
Recognizes the NET_MAC_AWARE and NET_MAC_AWARE_INHERIT process flags
Gets the mandatory access control status, SO_MAC_EXEMPT, of the socket
Gets the mandatory access control status, SO_MAC_EXEMPT, of the socket
Adds a debug flag, 0x0400, for labeled IKE processes.
Adds the label_aware global parameter and three Phase 1 transform keywords, single_label, multi_label, and wire_label
Supports the negotiation of labeled security associations through multilevel UDP ports 500 and 4500 in the global zone.
Also, see the ike.config(4) man page.
Adds the all-zones interface as a permanent property value.
For an example, see How to Verify That a System's Interfaces Are Up.
Adds the label, outer-label, and implicit-label extensions. These extensions associate Trusted Extensions labels with the traffic that is carried inside a security association.
Determines whether the system is configured with Trusted Extensions
Adds Trusted Extensions network databases in LDAP
Adds attributes, such as labels, that are associated with a device. Adds the -a option to display device attributes, such as authorizations and labels. Adds the -d option to display the default attributes of an allocated device type. Adds the -z option to display available devices that can be allocated to a labeled zone.
Adds the -R option to display extended security attributes for sockets and routing table entries..
For an example, see How to Troubleshoot Mount Failures in Trusted Extensions.
Adds labels to IPsec security associations (SAs)
Adds Trusted Extensions privileges, such as PRIV_FILE_DOWNGRADE_SL
Adds rights profiles, such as Object Label Management
Adds the -secattr option to add extended security attributes to a route. Adds the -secattr option to display the security attributes of the route: cipso, doi, max_sl, and min_sl.
For an example, see How to Troubleshoot Mount Failures in Trusted Extensions.
Sets the NET_MAC_AWARE per-process flag
Sets the SO_MAC_EXEMPT option
Sets the mandatory access control, SO_MAC_EXEMPT, on the socket
Supports the SO_MAC_EXEMPT option for unlabeled peers
Adds the -T option to archive and extract files and directories that are labeled.
See How to Back Up Files in Trusted Extensions and How to Restore Files in Trusted Extensions.
Adds attribute types that are used in labeled tar files
Adds getting the label value on a user credential
Adds the idletime, idlecmd, clearance, and min_label user security attributes that are specific to Trusted Extensions
|