oracle home
Trusted Extensions Configuration and Administration
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Index S
Updated: July 2014
Trusted Extensions Configuration and Administration
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Part I Initial Configuration of Trusted Extensions
Chapter 1 Security Planning for Trusted Extensions
What's New in Trusted Extensions in Oracle Solaris 11.2
Planning for Security in Trusted Extensions
Understanding Trusted Extensions
Understanding Your Site's Security Policy
Planning Who Will Configure Trusted Extensions
Devising a Label Strategy
For International Customers of Trusted Extensions
Planning System Hardware and Capacity for Trusted Extensions
Planning Your Trusted Network
Planning Your Labeled Zones in Trusted Extensions
Trusted Extensions Zones and Oracle Solaris Zones
Zone Creation in Trusted Extensions
Access to Labeled Zones
Applications That Are Restricted to a Labeled Zone
Planning for Multilevel Services
Planning for the LDAP Naming Service in Trusted Extensions
Planning for Auditing in Trusted Extensions
Planning User Security in Trusted Extensions
Forming an Install Team for Trusted Extensions
Resolving Additional Issues Before Enabling??Trusted Extensions
Backing Up the System Before Enabling Trusted Extensions
Results of Enabling Trusted Extensions From an Administrator's Perspective
Chapter 2 Configuration Roadmap for Trusted Extensions
Task Map: Preparing for and Enabling Trusted Extensions
Task Map: Choosing a Trusted Extensions Configuration
Task Map: Configuring Trusted Extensions With the Provided Defaults
Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements
Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris
Initial Setup Team Responsibilities
Resolving Security Issues Before Installing Trusted Extensions
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
Installing and Enabling Trusted Extensions
Add Trusted Extensions Packages to an Oracle Solaris System
Enable Trusted Extensions
Log In to Trusted Extensions
Chapter 4 Configuring Trusted Extensions
Setting Up the Global Zone in Trusted Extensions
How to Check and Install Your Label Encodings File
How to Configure an IPv6 CIPSO Network in Trusted Extensions
How to Configure a Different Domain of Interpretation
Creating Labeled Zones
How to Create a Default Trusted Extensions System
How to Create Labeled Zones Interactively
How to Assign Labels to Two Zone Workspaces
How to Create Labeled Zones by Using the zonecfg Command
Configuring the Network Interfaces in Trusted Extensions
How to Share a Single IP Address With All Zones
How to Add an IP Instance to a Labeled Zone
How to Add a Virtual Network Interface to a Labeled Zone
How to Connect a Trusted Extensions System to Other Trusted Extensions Systems
How to Configure a Separate Name Service for Each Labeled Zone
Creating Roles and Users in Trusted Extensions
How to Create the Security Administrator Role in Trusted Extensions
How to Create a System Administrator Role
How to Create Users Who Can Assume Roles in Trusted Extensions
How to Verify That the Trusted Extensions Roles Work
How to Enable Users to Log In to a Labeled Zone
Creating Centralized Home Directories in Trusted Extensions
How to Create the Home Directory Server in Trusted Extensions
How to Enable Users to Access Their Remote Home Directories at Every Label by Logging In to Each NFS Server
How to Enable Users to Access Their Remote Home Directories by Configuring the Automounter on Each Server
Troubleshooting Your Trusted Extensions Configuration
How to Move Desktop Panels to the Bottom of the Screen
Additional Trusted Extensions Configuration Tasks
How to Create a Secondary Labeled Zone
How to Create and Share a Multilevel Dataset
How to Copy Files to Portable Media in Trusted Extensions
How to Copy Files From Portable Media in Trusted Extensions
How to Remove Trusted Extensions From the System
Chapter 5 Configuring LDAP for Trusted Extensions
Configuring LDAP on a Trusted Extensions Network
Configuring an LDAP Proxy Server on a Trusted Extensions System
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
Collect Information for the LDAP Server
Install the Oracle Directory Server Enterprise Edition
Create an LDAP Client for the LDAP Server
Configure the Logs for the Oracle Directory Server Enterprise Edition
Configure a Multilevel Port for the Oracle Directory Server Enterprise Edition
Populate the Oracle Directory Server Enterprise Edition
Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition
Create an LDAP Proxy Server
Creating a Trusted Extensions LDAP Client
Make the Global Zone an LDAP Client in Trusted Extensions
Part II Administration of Trusted Extensions
Chapter 6 Trusted Extensions Administration Concepts
Trusted Extensions and the Oracle Solaris OS
Similarities Between Trusted Extensions and the Oracle Solaris OS
Differences Between Trusted Extensions and the Oracle Solaris OS
Multiheaded Systems and the Trusted Extensions Desktop
Basic Concepts of Trusted Extensions
Trusted Extensions Protections
Trusted Extensions and Access Control
Labels in Trusted Extensions Software
Dominance Relationships Between Labels
Administrative Labels
Label Encodings File
Label Ranges
Account Label Range
Session Range
What Labels Protect and Where Labels Appear
Roles and Trusted Extensions
Chapter 7 Trusted Extensions Administration Tools
Administration Tools for Trusted Extensions
txzonemgr Script
Device Manager
Selection Manager in Trusted Extensions
Label Builder in Trusted Extensions
Command Line Tools in Trusted Extensions
Configuration Files in Trusted Extensions
Chapter 8 About Security Requirements on a Trusted Extensions System
Configurable Security Features
Roles in Trusted Extensions
Role Creation in Trusted Extensions
Role Assumption in Trusted Extensions
Trusted Extensions Interfaces for Configuring Security Features
Extension of Oracle Solaris Security Features by Trusted Extensions
Unique Trusted Extensions Security Features
Security Requirements Enforcement
Users and Security Requirements
Email Usage Guidelines
Password Enforcement
Information Protection
Password Protection
Group Administration Practices
User Deletion Practices
Rules When Changing the Level of Security for Data
sel_config File
Chapter 9 Common Tasks in Trusted Extensions
Getting Started as a Trusted Extensions Administrator on a Desktop System
How to Enter the Global Zone in Trusted Extensions
How to Exit the Global Zone in Trusted Extensions
Performing Common Tasks in Trusted Extensions
How to Change the Password for root on a Desktop System
How to Enforce a New Local User Password in a Labeled Zone
How to Regain Control of the Desktop's Current Focus
How to Obtain the Hexadecimal Equivalent for a Label
How to Obtain a Readable Label From Its Hexadecimal Form
How to Change Security Defaults in System Files
Chapter 10 About Users, Rights, and Roles in Trusted Extensions
User Security Features in Trusted Extensions
Administrator Responsibilities for Users
System Administrator Responsibilities for Users
Security Administrator Responsibilities for Users
Decisions to Make Before Creating Users in Trusted Extensions
Default User Security Attributes in Trusted Extensions
label_encodings File Defaults
policy.conf File Defaults in Trusted Extensions
Configurable User Attributes in Trusted Extensions
Security Attributes That Must Be Assigned to Users
Security Attribute Assignment to Users in Trusted Extensions
.copy_files and .link_files Files
Chapter 11 Managing Users, Rights, and Roles in Trusted Extensions
Customizing the User Environment for Security
How to Modify Default User Label Attributes
How to Modify policy.conf Defaults
How to Configure Startup Files for Users in Trusted Extensions
How to Log In to a Failsafe Session in Trusted Extensions
Managing Users and Rights
How to Modify a User's Label Range
How to Create a Rights Profile for Convenient Authorizations
How to Restrict a User's Set of Privileges
How to Prevent Account Locking for Users
How to Enable a User to Change the Security Level of Data
How to Delete a User Account From a Trusted Extensions System
Chapter 12 Remote Administration in Trusted Extensions
Remote Administration in Trusted Extensions
Methods for Administering Remote Systems in Trusted Extensions
Configuring and Administering Remote Systems in Trusted Extensions
Enable Remote Administration of a Remote Trusted Extensions System
How to Configure a Trusted Extensions System With Xvnc for Remote Access
How to Log In and Administer a Remote Trusted Extensions System
Chapter 13 Managing Zones in Trusted Extensions
Zones in Trusted Extensions
Zones and IP Addresses in Trusted Extensions
Zones and Multilevel Ports
Zones and ICMP in Trusted Extensions
Global Zone Processes and Labeled Zones
Primary and Secondary Labeled Zones
Zone Administration Utilities in Trusted Extensions
Managing Zones
How to Display Ready or Running Zones
How to Display the Labels of Mounted Files
How to Loopback Mount a File That Is Usually Not Visible in a Labeled Zone
How to Disable the Mounting of Lower-Level Files
How to Share a ZFS Dataset From a Labeled Zone
How to Enable Files to Be Relabeled From a Labeled Zone
Chapter 14 Managing and Mounting Files in Trusted Extensions
Mount Possibilities in Trusted Extensions
Trusted Extensions Policies for Mounted File Systems
Trusted Extensions Policy for Single-Level Datasets
Trusted Extensions Policy for Multilevel Datasets
No Privilege Overrides for MAC Read-Write Policy
Results of Sharing and Mounting File Systems in Trusted Extensions
Sharing and Mounting Files in the Global Zone
Sharing and Mounting Files in a Labeled Zone
mlslabel Property and Mounting Single-Level File Systems
Multilevel Datasets for Relabeling Files
Mounting Multilevel Datasets From Another System
NFS Server and Client Configuration in Trusted Extensions
Home Directory Creation in Trusted Extensions
Changes to the Automounter in Trusted Extensions
Trusted Extensions Software and NFS Protocol Versions
Backing Up, Sharing, and Mounting Labeled Files
How to Back Up Files in Trusted Extensions
How to Restore Files in Trusted Extensions
How to Share File Systems From a Labeled Zone
How to NFS Mount Files in a Labeled Zone
How to Troubleshoot Mount Failures in Trusted Extensions
Chapter 15 Trusted Networking
About the Trusted Network
Trusted Extensions Data Packets
Trusted Extensions Multicast Packets
Trusted Network Communications
Network Commands in Trusted Extensions
Network Configuration Databases in Trusted Extensions
Trusted Network Security Attributes
Network Security Attributes in Trusted Extensions
Host Type and Template Name in Security Templates
Default Label in Security Templates
Domain of Interpretation in Security Templates
Label Range in Security Templates
Auxiliary Labels in Security Templates
Trusted Network Fallback Mechanism
About Routing in Trusted Extensions
Background on Routing
Routing Table Entries in Trusted Extensions
Trusted Extensions Accreditation Checks
Source Accreditation Checks
Gateway Accreditation Checks
Destination Accreditation Checks
Administration of Routing in Trusted Extensions
Choosing Routers in Trusted Extensions
Gateways in Trusted Extensions
Routing Commands in Trusted Extensions
Administration of Labeled IPsec
Labels for IPsec-Protected Exchanges
Label Extensions for IPsec Security Associations
Label Extensions for IKE
Labels and Accreditation in Tunnel Mode IPsec
Confidentiality and Integrity Protections With Label Extensions
Chapter 16 Managing Networks in Trusted Extensions
Labeling Hosts and Networks
Determining If You Need Site-Specific Security Templates
Viewing Existing Security Templates
How to View Security Templates
How to Add Hosts to the System's Known Network
Creating Security Templates
How to Create Security Templates
Adding Hosts to Security Templates
How to Add a Host to a Security Template
How to Add a Range of Hosts to a Security Template
Limiting the Hosts That Can Reach the Trusted Network
How to Limit the Hosts That Can Be Contacted on the Trusted Network
Configuring Routes and Multilevel Ports
How to Add Default Routes
How to Create a Multilevel Port for a Zone
Configuring Labeled IPsec
How to Apply IPsec Protections in a Multilevel Trusted Extensions Network
How to Configure a Tunnel Across an Untrusted Network
Troubleshooting the Trusted Network
How to Verify That a System's Interfaces Are Up
How to Debug the Trusted Extensions Network
How to Debug a Client's Connection to the LDAP Server
Chapter 17 About Trusted Extensions and LDAP
Using the LDAP Naming Service in Trusted Extensions
Locally Managed Trusted Extensions Systems
Trusted Extensions LDAP Databases
Quick Reference for the LDAP Naming Service in Trusted Extensions
Chapter 18 About Multilevel Mail in Trusted Extensions
Multilevel Mail Service
Trusted Extensions Mail Features
Chapter 19 Managing Labeled Printing
Labels, Printers, and Printing
Differences Between Trusted Extensions Printing in Oracle Solaris 10 and Oracle Solaris 11
Restricting Access to Printers and Print Job Information in Trusted Extensions
Labeled Printer Output
Labeled Banner and Trailer Pages
Labeled Body Pages
tsol_separator.ps Configuration File
PostScript Printing of Security Information
Trusted Extensions Print Interfaces (Reference)
Managing Printing in Trusted Extensions
Configuring Labeled Printing
How to Configure a Multilevel Print Server and Its Printers
How to Configure a Network Printer
How to Configure a Zone as a Single-Level Print Server
How to Enable a Trusted Extensions Client to Access a Printer
Reducing Printing Restrictions in Trusted Extensions
How to Remove Banner and Trailer Pages
How to Assign a Label to an Unlabeled Print Server
How to Enable Specific Users and Roles to Bypass Labeling Printed Output
Chapter 20 About Devices in Trusted Extensions
Device Protection With Trusted Extensions Software
Device Label Ranges
Effects of Label Range on a Device
Device Access Policies
Device-Clean Scripts
Device Manager GUI
Enforcement of Device Security in Trusted Extensions
Devices in Trusted Extensions (Reference)
Chapter 21 Managing Devices for Trusted Extensions
Handling Devices in Trusted Extensions
Using Devices in Trusted Extensions Task Map
Managing Devices in Trusted Extensions
How to Configure a Device by Using the Device Manager in Trusted Extensions
How to Revoke or Reclaim a Device in Trusted Extensions
How to Protect Nonallocatable Devices in Trusted Extensions
How to Add a Device_Clean Script in Trusted Extensions
Customizing Device Authorizations in Trusted Extensions
How to Create New Device Authorizations
How to Add Site-Specific Authorizations to a Device in Trusted Extensions
How to Assign Device Authorizations
Chapter 22 Trusted Extensions and Auditing
Auditing in Trusted Extensions
Audit Management by Role in Trusted Extensions
Role Responsibilities for Audit Administration
Audit Tasks in Trusted Extensions
Trusted Extensions Audit Reference
Trusted Extensions Audit Classes
Trusted Extensions Audit Events
Trusted Extensions Audit Tokens
label Token
xatom Token
xcolormap Token
xcursor Token
xfont Token
xgc Token
xpixmap Token
xproperty Token
xselect Token
xwindow Token
Trusted Extensions Audit Policy Options
Extensions to Auditing Commands in Trusted Extensions
Chapter 23 Software Management in Trusted Extensions
Adding Software to Trusted Extensions
Security Mechanisms for Oracle Solaris Software
Evaluating Software for Security
Developer Responsibilities When Creating Trusted Programs
Security Administrator Responsibilities for Trusted Programs
Appendix A Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
U.S. Government Publications
UNIX Publications
General Computer Security Publications
Appendix B Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
Appendix C Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
Appendix D List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index W
Index X
Index Z
Language:
English
S
scripts
/usr/bin/txzonemgr
How to Display Ready or Running Zones
/usr/sbin/txzonemgr
Zone Administration Utilities in Trusted Extensions
Trusted Extensions Administrative Tools
getmounts
How to Display the Labels of Mounted Files
secure attention
key combination
How to Regain Control of the Desktop's Current Focus
security
initial setup team
Initial Setup Team Responsibilities
publications
Additional Security References
site security policy
Site Security Policy
Security Administrator role
administering printer security
Labels, Printers, and Printing
administering users
Managing Users and Rights
assigning authorizations to users
How to Create a Rights Profile for Convenient Authorizations
configuring a device
How to Configure a Device by Using the Device Manager in Trusted Extensions
creating
How to Create the Security Administrator Role in Trusted Extensions
creating Convenient Authorizations rights profile
How to Create a Rights Profile for Convenient Authorizations
enabling unlabeled body pages from a public system
Assigning Printing-Related Authorizations to All Users of a System
enforcing security
Enforcement of Device Security in Trusted Extensions
protecting nonallocatable devices
How to Protect Nonallocatable Devices in Trusted Extensions
security administrators
See
Security Administrator role
security attributes
Routing Table Entries in Trusted Extensions
modifying defaults for all users
How to Modify policy.conf Defaults
modifying user defaults
How to Modify Default User Label Attributes
setting for remote hosts
Creating Security Templates
using in routing
How to Add Default Routes
security information
on printouts
Labeled Printer Output
planning for Trusted Extensions
Resolving Additional Issues Before Enabling??Trusted Extensions
security label set
remote host templates
Network Security Attributes in Trusted Extensions
security mechanisms
extensible
Extension of Oracle Solaris Security Features by Trusted Extensions
Oracle Solaris
Security Mechanisms for Oracle Solaris Software
security policy
auditing
Trusted Extensions Audit Policy Options
training users
Users and Security Requirements
users and devices
Enforcement of Device Security in Trusted Extensions
security templates
See
remote host templates
sel_config
file
sel_config File
sel_config File
selecting
audit records by label
Audit Tasks in Trusted Extensions
Selection Manager
configuring rules for selection confirmer
sel_config File
default configuration
Rules When Changing the Level of Security for Data
Selection Manager dialog box
description
Unique Trusted Extensions Security Features
Service Management Framework (SMF)
dpadm
Install the Oracle Directory Server Enterprise Edition
dsadm
Install the Oracle Directory Server Enterprise Edition
session range
Session Range
sessions
failsafe
How to Log In to a Failsafe Session in Trusted Extensions
Setting Up Remote Administration in Trusted Extensions (Task Map)
Configuring and Administering Remote Systems in Trusted Extensions
sharing
IP addresses
How to Assign Labels to Two Zone Workspaces
with Vino
Using Vino to Share a Desktop in a Test Environment
ZFS dataset from labeled zone
How to Share a ZFS Dataset From a Labeled Zone
Shutdown authorization
How to Create a Rights Profile for Convenient Authorizations
similarities
between Trusted Extensions and Oracle Solaris auditing
Auditing in Trusted Extensions
between Trusted Extensions and Oracle Solaris OS
Similarities Between Trusted Extensions and the Oracle Solaris OS
single-label
login
Account Label Range
printing in a zone
How to Configure a Zone as a Single-Level Print Server
site security policy
common violations
Common Security Violations
personnel recommendations
Personnel Security Recommendations
physical access recommendations
Physical Security Recommendations
recommendations
Computer Security Recommendations
tasks involved
Site Security Policy
Trusted Extensions configuration decisions
Site Security Policy and Trusted Extensions
understanding
Understanding Your Site's Security Policy
snoop
command
How to Debug the Trusted Extensions Network
Network Commands in Trusted Extensions
software
administering third-party
Software Management in Trusted Extensions
importing
Adding Software to Trusted Extensions
solaris.print.admin
authorization
Trusted Extensions Print Interfaces (Reference)
solaris.print.list
authorization
Trusted Extensions Print Interfaces (Reference)
solaris.print.nobanner
authorization
Trusted Extensions Print Interfaces (Reference)
solaris.print.nobanner authorization
Assigning Printing-Related Authorizations to All Users of a System
solaris.print.unlabeled
authorization
Trusted Extensions Print Interfaces (Reference)
solaris.print.unlabeled authorization
Assigning Printing-Related Authorizations to All Users of a System
startup files
procedures for customizing
How to Configure Startup Files for Users in Trusted Extensions
Stop-A
enabling
How to Change Security Defaults in System Files
Sun Ray systems
0.0.0.0/32
address for client contact
How to Limit the Hosts That Can Be Contacted on the Trusted Network
enabling initial contact between client and server
Configuring a Valid Initial Address for a Labeled Sun Ray Server
LDAP servers, and
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
preventing users from seeing others' processes
Modifying Every User's Basic Privilege Set
web site for documentation
Task Map: Choosing a Trusted Extensions Configuration
System Administrator role
administering printers
Labels, Printers, and Printing
creating
How to Create a System Administrator Role
reclaiming a device
How to Revoke or Reclaim a Device in Trusted Extensions
reviewing audit records
Audit Tasks in Trusted Extensions
system files
editing
How to Change Security Defaults in System Files
label_encodings
How to Check and Install Your Label Encodings File
sel_config
sel_config File
tsol_separator.ps
How to Enable Specific Users and Roles to Bypass Labeling Printed Output
Previous
Next