Skip Navigation Links
Trusted Extensions Administrator's Procedures
Oracle Solaris 10 1/13 Information Library
Search Scope:
This Document
Entire Library
Trusted Extensions Administrator's Procedures
January 2013
Explains how to maintain the Trusted Extensions feature of Oracle Solaris on one or more systems.
Document Information
Preface
1. Trusted Extensions Administration Concepts
Trusted Extensions Software and the Oracle Solaris OS
Similarities Between Trusted Extensions and the Oracle Solaris OS
Differences Between Trusted Extensions and the Oracle Solaris OS
Multiheaded Systems and the Trusted Extensions Desktop
Basic Concepts of Trusted Extensions
Trusted Extensions Protections
Trusted Extensions and Access Control
Roles and Trusted Extensions
Labels in Trusted Extensions Software
Dominance Relationships Between Labels
Administrative Labels
Label Encodings File
Label Ranges
Account Label Range
Session Range
What Labels Protect and Where Labels Appear
2. Trusted Extensions Administration Tools
Administration Tools for Trusted Extensions
txzonemgr
Script
Trusted CDE Actions
Device Allocation Manager
Solaris Management Console Tools
Trusted Extensions Tools in the Solaris Management Console
Security Templates Tool
Trusted Network Zones Tool
Client-Server Communication With the Solaris Management Console
Solaris Management Console Documentation
Label Builder in Trusted Extensions
Command Line Tools in Trusted Extensions
Remote Administration in Trusted Extensions
3. Getting Started as a Trusted Extensions Administrator (Tasks)
What's New in Trusted Extensions
Security Requirements When Administering Trusted Extensions
Role Creation in Trusted Extensions
Role Assumption in Trusted Extensions
Getting Started as a Trusted Extensions Administrator (Task Map)
How to Enter the Global Zone in Trusted Extensions
How to Exit the Global Zone in Trusted Extensions
How to Administer the Local System With the Solaris Management Console
How to Start CDE Administrative Actions in Trusted Extensions
How to Edit Administrative Files in Trusted Extensions
4. Security Requirements on a Trusted Extensions System (Overview)
Configurable Oracle Solaris Security Features
Trusted Extensions Interfaces for Configuring Security Features
Extension of Oracle Solaris Security Mechanisms by Trusted Extensions
Trusted Extensions Security Features
Security Requirements Enforcement
Users and Security Requirements
Email Usage
Password Enforcement
Information Protection
Password Protection
Group Administration
User Deletion Practices
Rules When Changing the Level of Security for Data
sel_config
File
Customization of Solaris Trusted Extensions (CDE)
Front Panel Customization
Workspace Menu Customization
5. Administering Security Requirements in Trusted Extensions (Tasks)
Common Tasks in Trusted Extensions (Task Map)
How to Assign the Editor of Your Choice as the Trusted Editor
How to Change the Password for
root
How to Regain Control of the Desktop's Current Focus
How to Obtain the Hexadecimal Equivalent for a Label
How to Obtain a Readable Label From Its Hexadecimal Form
How to Change Security Defaults in System Files
6. Users, Rights, and Roles in Trusted Extensions (Overview)
User Security Features in Trusted Extensions
Administrator Responsibilities for Users
System Administrator Responsibilities for Users
Security Administrator Responsibilities for Users
Decisions to Make Before Creating Users in Trusted Extensions
Default User Security Attributes in Trusted Extensions
label_encodings
File Defaults
policy.conf
File Defaults in Trusted Extensions
Configurable User Attributes in Trusted Extensions
Security Attributes That Must Be Assigned to Users
Security Attribute Assignment to Users in Trusted Extensions
.copy_files
and
.link_files
Files
7. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
Customizing the User Environment for Security (Task Map)
How to Modify Default User Label Attributes
How to Modify
policy.conf
Defaults
How to Configure Startup Files for Users in Trusted Extensions
How to Log In to a Failsafe Session in Trusted Extensions
Managing Users and Rights With the Solaris Management Console (Task Map)
How to Modify a User's Label Range in the Solaris Management Console
How to Create a Rights Profile for Convenient Authorizations
How to Restrict a User's Set of Privileges
How to Prevent Account Locking for Users
How to Enable a User to Change the Security Level of Data
How to Delete a User Account From a Trusted Extensions System
Handling Other Tasks in the Solaris Management Console (Task Map)
8. Remote Administration in Trusted Extensions (Tasks)
Secure Remote Administration in Trusted Extensions
Methods for Administering Remote Systems in Trusted Extensions
Remote Login by a Role in Trusted Extensions
Remote Role-Based Administration From Unlabeled Hosts
Remote Login Management in Trusted Extensions
Administering Trusted Extensions Remotely (Task Map)
How to Log In Remotely From the Command Line in Trusted Extensions
How to Remotely Administer Trusted Extensions With
dtappsession
How to Remotely Administer Systems by Using the Solaris Management Console From a Trusted Extensions System
How to Remotely Administer Systems by Using the Solaris Management Console From an Unlabeled System
How to Enable Specific Users to Log In Remotely to the Global Zone in Trusted Extensions
How to Use Xvnc to Remotely Access a Trusted Extensions System
9. Trusted Extensions and LDAP (Overview)
Using a Naming Service in Trusted Extensions
Non-Networked Trusted Extensions Systems
Trusted Extensions LDAP Databases
Using the LDAP Naming Service in Trusted Extensions
10. Managing Zones in Trusted Extensions (Tasks)
Zones in Trusted Extensions
Zones and IP Addresses in Trusted Extensions
Zones and Multilevel Ports
Zones and ICMP in Trusted Extensions
Global Zone Processes and Labeled Zones
Zone Administration Utilities in Trusted Extensions
Managing Zones (Task Map)
How to Display Ready or Running Zones
How to Display the Labels of Mounted Files
How to Loopback Mount a File That Is Usually Not Visible in a Labeled Zone
How to Disable the Mounting of Lower-Level Files
How to Share a ZFS Dataset From a Labeled Zone
How to Enable Files to be Relabeled From a Labeled Zone
How to Configure a Multilevel Port for NFSv3 Over
udp
How to Create a Multilevel Port for a Zone
11. Managing and Mounting Files in Trusted Extensions (Tasks)
Sharing and Mounting Files in Trusted Extensions
NFS Mounts in Trusted Extensions
Sharing Files From a Labeled Zone
Access to NFS Mounted Directories in Trusted Extensions
Home Directory Creation in Trusted Extensions
Changes to the Automounter in Trusted Extensions
Trusted Extensions Software and NFS Protocol Versions
Backing Up, Sharing, and Mounting Labeled Files (Task Map)
How to Back Up Files in Trusted Extensions
How to Restore Files in Trusted Extensions
How to Share Directories From a Labeled Zone
How to NFS Mount Files in a Labeled Zone
How to Troubleshoot Mount Failures in Trusted Extensions
12. Trusted Networking (Overview)
The Trusted Network
Trusted Extensions Data Packets
Trusted Network Communications
Network Configuration Databases in Trusted Extensions
Network Commands in Trusted Extensions
Trusted Network Security Attributes
Network Security Attributes in Trusted Extensions
Host Type and Template Name in Security Templates
Default Label in Security Templates
Domain of Interpretation in Security Templates
Label Range in Security Templates
Security Label Set in Security Templates
Trusted Network Fallback Mechanism
Overview of Routing in Trusted Extensions
Background on Routing
Routing Table Entries in Trusted Extensions
Trusted Extensions Accreditation Checks
Source Accreditation Checks
Gateway Accreditation Checks
Destination Accreditation Checks
Administration of Routing in Trusted Extensions
Choosing Routers in Trusted Extensions
Gateways in Trusted Extensions
Routing Commands in Trusted Extensions
13. Managing Networks in Trusted Extensions (Tasks)
Managing the Trusted Network (Task Map)
Configuring Trusted Network Databases (Task Map)
How to Determine If You Need Site-Specific Security Templates
How to Open the Trusted Networking Tools
How to Construct a Remote Host Template
How to Add Hosts to the System's Known Network
How to Assign a Security Template to a Host or a Group of Hosts
How to Limit the Hosts That Can Be Contacted on the Trusted Network
Configuring Routes and Checking Network Information in Trusted Extensions (Task Map)
How to Configure Routes With Security Attributes
How to Check the Syntax of Trusted Network Databases
How to Compare Trusted Network Database Information With the Kernel Cache
How to Synchronize the Kernel Cache With Trusted Network Databases
Troubleshooting the Trusted Network (Task Map)
How to Verify That a Host's Interfaces Are Up
How to Debug the Trusted Extensions Network
How to Debug a Client Connection to the LDAP Server
14. Multilevel Mail in Trusted Extensions (Overview)
Multilevel Mail Service
Trusted Extensions Mail Features
15. Managing Labeled Printing (Tasks)
Labels, Printers, and Printing
Restricting Access to Printers and Print Job Information in Trusted Extensions
Labeled Printer Output
Labeled Body Pages
Labeled Banner and Trailer Pages
PostScript Printing of Security Information
Printer Model Scripts
Additional Conversion Filters
Interoperability of Trusted Extensions With Trusted Solaris 8 Printing
Trusted Extensions Print Interfaces (Reference)
Managing Printing in Trusted Extensions (Task Map)
Configuring Labeled Printing (Task Map)
How to Configure a Multilevel Print Server and Its Printers
How to Configure a Network Printer for Sun Ray Clients
How to Configure Cascade Printing on a Labeled System
How to Configure a Zone for Single-Label Printing
How to Enable a Trusted Extensions Client to Access a Printer
How to Configure a Restricted Label Range for a Printer
Reducing Printing Restrictions in Trusted Extensions (Task Map)
How to Remove Labels From Printed Output
How to Assign a Label to an Unlabeled Print Server
How to Remove Page Labels From All Print Jobs
How to Enable Specific Users to Suppress Page Labels
How to Suppress Banner and Trailer Pages for Specific Users
How to Enable Users to Print PostScript Files in Trusted Extensions
16. Devices in Trusted Extensions (Overview)
Device Protection With Trusted Extensions Software
Device Label Ranges
Effects of Label Range on a Device
Device Access Policies
Device-Clean Scripts
Device Allocation Manager GUI
Enforcement of Device Security in Trusted Extensions
Devices in Trusted Extensions (Reference)
17. Managing Devices for Trusted Extensions (Tasks)
Handling Devices in Trusted Extensions (Task Map)
Using Devices in Trusted Extensions (Task Map)
Managing Devices in Trusted Extensions (Task Map)
How to Configure a Device in Trusted Extensions
How to Revoke or Reclaim a Device in Trusted Extensions
How to Protect Nonallocatable Devices in Trusted Extensions
How to Configure a Serial Line for Logins
How to Configure an Audio Player Program for Use in Trusted CDE
How to Prevent the File Manager From Displaying After Device Allocation
How to Add a Device_Clean Script in Trusted Extensions
Customizing Device Authorizations in Trusted Extensions (Task Map)
How to Create New Device Authorizations
How to Add Site-Specific Authorizations to a Device in Trusted Extensions
How to Assign Device Authorizations
18. Trusted Extensions Auditing (Overview)
Trusted Extensions and Auditing
Audit Management by Role in Trusted Extensions
Role Setup for Audit Administration
Audit Tasks in Trusted Extensions
Audit Tasks of the Security Administrator
Audit Tasks of the System Administrator
Trusted Extensions Audit Reference
Trusted Extensions Audit Classes
Trusted Extensions Audit Events
Trusted Extensions Audit Tokens
label
Token
xatom
Token
xclient
Token
xcolormap
Token
xcursor
Token
xfont
Token
xgc
Token
xpixmap
Token
xproperty
Token
xselect
Token
xwindow
Token
Trusted Extensions Audit Policy Options
Extensions to Auditing Commands in Trusted Extensions
19. Software Management in Trusted Extensions (Tasks)
Adding Software to Trusted Extensions
Oracle Solaris Security Mechanisms for Software
Evaluating Software for Security
Developer Responsibilities When Creating Trusted Programs
Security Administrator Responsibilities for Trusted Programs
Trusted Processes in the Window System
Adding Trusted CDE Actions
Managing Software in Trusted Extensions (Tasks)
How to Add a Software Package in Trusted Extensions
How to Install a Java Archive File in Trusted Extensions
A. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
B. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
Z