Go to main content
oracle home
Trusted Extensions Configuration and Administration
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.4 Information Library
»
Trusted Extensions Configuration and ...
»
Initial Configuration of Trusted Extensions
»
Configuration Roadmap for Trusted Extensions
»
Task Map: Configuring Trusted Extensions With ...
Updated: November 2020
Trusted Extensions Configuration and Administration
Document Information
Using This Documentation
Product Documentation Library
Feedback
Part I Initial Configuration of Trusted Extensions
Chapter 1 Security Planning for Trusted Extensions
What's New in Trusted Extensions in Oracle Solaris 11.4
Planning for Security in Trusted Extensions
Understanding Trusted Extensions
Understanding Your Site's Security Policy
Planning Who Will Configure Trusted Extensions
Devising a Label Strategy
For International Customers of Trusted Extensions
Planning System Hardware and Capacity for Trusted Extensions
Planning Your Trusted Network
Planning Your Labeled Zones in Trusted Extensions
Trusted Extensions Zones and Oracle Solaris Zones
Zone Creation in Trusted Extensions
Access to Labeled Zones
Applications That Are Restricted to a Labeled Zone
Planning for Multilevel Services
Planning for the LDAP Naming Service in Trusted Extensions
Planning for Auditing in Trusted Extensions
Planning User Security in Trusted Extensions
Forming an Install Team for Trusted Extensions
Resolving Additional Issues Before Enabling Trusted Extensions
Backing Up the System Before Enabling Trusted Extensions
Results of Enabling Trusted Extensions From an Administrator's Perspective
Chapter 2 Configuration Roadmap for Trusted Extensions
Task Map: Preparing for and Enabling Trusted Extensions
Task Map: Choosing a Trusted Extensions Configuration
Task Map: Configuring Trusted Extensions With the Provided Defaults
Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements
Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris
Initial Setup Team Responsibilities
Resolving Security Issues Before Installing Trusted Extensions
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
Installing and Enabling Trusted Extensions
Add Trusted Extensions Packages to an Oracle Solaris System
Enable Trusted Extensions
Log In to Trusted Extensions
Chapter 4 Remote Administration in Trusted Extensions
Remote Administration in Trusted Extensions
Methods for Administering Remote Systems in Trusted Extensions
Configuring and Administering Remote Systems in Trusted Extensions
Enable Remote Administration of a Remote Trusted Extensions System
How to Configure a Trusted Extensions System With Xvnc for Remote Access
How to Log In and Administer a Remote Trusted Extensions System
Chapter 5 Configuring Trusted Extensions
Setting Up the Global Zone in Trusted Extensions
How to Check and Install Your Label Encodings File
How to Configure an IPv6 CIPSO Network in Trusted Extensions
How to Configure a Different Domain of Interpretation
Creating Labeled Zones
How to Create a Default Trusted Extensions System
How to Create Labeled Zones Interactively
How to Create Labeled Zones by Using the zonecfg Command
Configuring the Network Interfaces in Trusted Extensions
How to Share a Single IP Address With All Zones
How to Add a Virtual Network Interface to a Labeled Zone
How to Connect a Trusted Extensions System to Other Trusted Extensions Systems
How to Configure a Separate Name Service for Each Labeled Zone
Creating Roles and Users in Trusted Extensions
How to Create the Security Administrator Role in Trusted Extensions
How to Create a System Administrator Role
How to Create Users Who Can Assume Roles in Trusted Extensions
How to Verify That the Trusted Extensions Roles Work
How to Enable Users to Log In to a Labeled Zone
Creating Centralized Home Directories in Trusted Extensions
How to Create the Home Directory Server in Trusted Extensions
How to Enable Users to Access Their Remote Home Directories at Every Label by Logging In to Each NFS Server
How to Enable Users to Access Their Remote Home Directories by Configuring the Automounter on Each Server
Additional Trusted Extensions Configuration Tasks
How to Create a Secondary Labeled Zone
How to Create and Share a Multilevel Dataset
How to Remove Trusted Extensions From the System
Chapter 6 Configuring LDAP for Trusted Extensions
Using the LDAP Naming Service in Trusted Extensions
Configuring LDAP on a Trusted Extensions System
Configure a Multilevel Port for the LDAP Server
Populate the LDAP Server With Trusted Extensions Data
Configuring a Trusted Extensions LDAP Proxy Server
Creating a Trusted Extensions LDAP Client
Create an LDAP Client to Populate the LDAP Server
Make the Global Zone an LDAP Client in Trusted Extensions
Quick Reference for the LDAP Directory Service in Trusted Extensions
LDAP Packages and Documentation in Oracle Solaris
Trusted Extensions Database Schema for LDAP
Part II Administration of Trusted Extensions
Chapter 7 Trusted Extensions Administration Concepts
Trusted Extensions and the Oracle Solaris OS
Similarities Between Trusted Extensions and the Oracle Solaris OS
Differences Between Trusted Extensions and the Oracle Solaris OS
Basic Concepts of Trusted Extensions
Trusted Extensions Protections
Trusted Extensions and Access Control
Labels in Trusted Extensions Software
Dominance Relationships Between Labels
Label Encodings File
Label Ranges
What Labels Protect and Where Labels Appear
Roles and Trusted Extensions
Chapter 8 Trusted Extensions Administration Tools
Administration Tools for Trusted Extensions
txzonemgr Script
Command Line Tools in Trusted Extensions
Configuration Files in Trusted Extensions
Chapter 9 About Security Requirements on a Trusted Extensions System
Configurable Security Features
Roles in Trusted Extensions
Role Creation in Trusted Extensions
Trusted Extensions Interfaces for Configuring Security Features
Extension of Oracle Solaris Security Features by Trusted Extensions
Unique Trusted Extensions Security Features
Rules When Changing the Level of Security for Data
Chapter 10 Common Tasks in Trusted Extensions
Performing Common Tasks in Trusted Extensions
How to Enforce a New Local User Password in a Labeled Zone
How to Obtain the Hexadecimal Equivalent for a Label
How to Obtain a Readable Label From Its Hexadecimal Form
How to Change Security Defaults in System Files
Chapter 11 About Users, Rights, and Roles in Trusted Extensions
User Security Features in Trusted Extensions
Administrator Responsibilities for Users
System Administrator Responsibilities for Users
Security Administrator Responsibilities for Users
Decisions to Make Before Creating Users in Trusted Extensions
Default User Security Attributes in Trusted Extensions
label_encodings File Defaults
policy.conf File Defaults in Trusted Extensions
Configurable User Attributes in Trusted Extensions
Security Attributes That Must Be Assigned to Users
Security Attribute Assignment to Users in Trusted Extensions
.copy_files and .link_files Files
Chapter 12 Managing Users, Rights, and Roles in Trusted Extensions
Customizing the User Environment for Security
How to Modify Default User Label Attributes
How to Modify policy.conf Defaults
How to Configure Startup Files for Users in Trusted Extensions
Managing Users and Rights
How to Modify a User's Label Range
How to Create a Rights Profile for Convenient Authorizations
How to Restrict a User's Set of Privileges
How to Prevent Account Locking for Users
How to Enable a User to Change the Security Level of Data
How to Delete a User Account From a Trusted Extensions System
Chapter 13 Managing Zones in Trusted Extensions
Zones in Trusted Extensions
Zones and IP Addresses in Trusted Extensions
Zones and Multilevel Ports
Zones and ICMP in Trusted Extensions
Global Zone Processes and Labeled Zones
Primary and Secondary Labeled Zones
Zone Administration Utilities in Trusted Extensions
Managing Zones
How to Display Ready or Running Zones
How to Display the Labels of Mounted Files
How to Loopback Mount a File That Is Usually Not Visible in a Labeled Zone
How to Disable the Mounting of Lower-Level Files
How to Share a ZFS Dataset From a Labeled Zone
How to Enable Files to Be Relabeled From a Labeled Zone
Chapter 14 Managing and Mounting Files in Trusted Extensions
Mount Possibilities in Trusted Extensions
Trusted Extensions Policies for Mounted File Systems
Trusted Extensions Policy for Single-Level Datasets
Trusted Extensions Policy for Multilevel Datasets
No Privilege Overrides for MAC Read-Write Policy
Results of Sharing and Mounting File Systems in Trusted Extensions
Sharing and Mounting Files in the Global Zone
Sharing and Mounting Files in a Labeled Zone
mlslabel Property and Mounting Single-Level File Systems
Multilevel Datasets for Relabeling Files
Mounting Multilevel Datasets From Another System
NFS Server and Client Configuration in Trusted Extensions
Home Directory Creation in Trusted Extensions
Changes to the Automounter in Trusted Extensions
Trusted Extensions Software and NFS Protocol Versions
Backing Up, Sharing, and Mounting Labeled Files
How to Back Up Files in Trusted Extensions
How to Restore Files in Trusted Extensions
How to Share File Systems From a Labeled Zone
How to NFS Mount Files in a Labeled Zone
How to Troubleshoot Mount Failures in Trusted Extensions
Chapter 15 Trusted Networking
About the Trusted Network
Trusted Extensions Data Packets
Trusted Extensions Multicast Packets
Trusted Network Communications
Network Commands in Trusted Extensions
Network Configuration Databases in Trusted Extensions
Trusted Network Security Attributes
Network Security Attributes in Trusted Extensions
Host Type and Template Name in Security Templates
Default Label in Security Templates
Domain of Interpretation in Security Templates
Label Range in Security Templates
Auxiliary Labels in Security Templates
Trusted Network Fallback Mechanism
About Routing in Trusted Extensions
Background on Routing
Routing Table Entries in Trusted Extensions
Trusted Extensions Accreditation Checks
Source Accreditation Checks
Gateway Accreditation Checks
Destination Accreditation Checks
Administration of Routing in Trusted Extensions
Choosing Routers in Trusted Extensions
Gateways in Trusted Extensions
Routing Commands in Trusted Extensions
Administration of Labeled IPsec
Labels for IPsec-Protected Exchanges
Label Extensions for IPsec Security Associations
Label Extensions for IKE
Labels and Accreditation in Tunnel Mode IPsec
Confidentiality and Integrity Protections With Label Extensions
Chapter 16 Managing Networks in Trusted Extensions
Labeling Hosts and Networks
Determining If You Need Site-Specific Security Templates
Viewing Existing Security Templates
How to View Security Templates
How to Add Hosts to the System's Known Network
Creating Security Templates
How to Create Security Templates
Adding Hosts to Security Templates
How to Add a Host to a Security Template
How to Add a Range of Hosts to a Security Template
Limiting the Hosts That Can Reach the Trusted Network
How to Limit the Hosts That Can Be Contacted on the Trusted Network
Configuring Routes and Multilevel Ports
How to Add Default Routes
How to Create a Multilevel Port for a Zone
Configuring Labeled IPsec
How to Apply IPsec Protections in a Multilevel Trusted Extensions Network
How to Configure a Tunnel Across an Untrusted Network
Troubleshooting the Trusted Network
How to Verify That a System's Interfaces Are Up
How to Debug the Trusted Extensions Network
How to Debug a Client's Connection to the LDAP Server
Chapter 17 About Multilevel Mail in Trusted Extensions
Multilevel Mail Service
Trusted Extensions Mail Features
Chapter 18 Managing Labeled Printing
Labels, Printers, and Printing
Differences Between Trusted Extensions Printing in Oracle Solaris 10 and Oracle Solaris 11.4
Restricting Access to Printers and Print Job Information in Trusted Extensions
Labeled Printer Output
Labeled Banner and Trailer Pages
Labeled Body Pages
tsol_separator.ps Configuration File
PostScript Printing of Security Information
Trusted Extensions Print Interfaces (Reference)
Managing Printing in Trusted Extensions
Configuring Labeled Printing
How to Configure a Multilevel Print Server and Its Printers
How to Configure a Network Printer
How to Configure a Zone as a Single-Level Print Server
How to Enable a Trusted Extensions Client to Access a Printer
Reducing Printing Restrictions in Trusted Extensions
How to Remove Banner and Trailer Pages
How to Assign a Label to an Unlabeled Print Server
How to Enable Specific Users and Roles to Bypass Labeling Printed Output
Chapter 19 Trusted Extensions and Auditing
Auditing in Trusted Extensions
Chapter 20 Software Management in Trusted Extensions
Adding Software to Trusted Extensions
Security Mechanisms for Oracle Solaris Software
Evaluating Software for Security
Developer Responsibilities When Creating Trusted Programs
Security Administrator Responsibilities for Trusted Programs
Appendix A Site Security Policy for Trusted Extensions
Creating and Managing a Security Policy for a Labeled Network
Appendix B Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
Appendix C Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
Appendix D List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
Trusted Extensions Glossary
Index
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index W
Index X
Index Z
Language:
English
Task Map: Configuring Trusted Extensions With the Provided Defaults
For a default configuration, perform the following tasks in sequence.
Task
For Instructions
Load the Trusted Extensions packages.
Add Trusted Extensions Packages to an Oracle Solaris System
Enable Trusted Extensions and reboot.
Enable Trusted Extensions
Log in.
Log In to Trusted Extensions
Create two labeled zones.
How to Create a Default Trusted Extensions System
Or,
How to Create Labeled Zones Interactively
Previous
Next