Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: December 2017

How to Change Security Defaults in System Files

Files in the /etc/security and /etc/default directories contain security values. For more information, see Chapter 3, Controlling Access to Systems in Securing Systems and Attached Devices in Oracle Solaris 11.3.


Caution  - Relax system security defaults only if site security policy allows you to.

Before You Begin

You are in the global zone and are assigned the solaris.admin.edit/filename authorization. By default, the root role has this authorization.

  • Edit the system file.

    The following table lists the security files and which security values you might change in the files. The first two files are unique to Trusted Extensions.

    For More Information
    sel_config in /usr/share/gnome/
    Specifies how system behaves when information is moved to a different label.
    sel_config(4) man page
    TrustedExtensionsPolicy in /usr/lib/xorg/
    Modify SUN_TSOL security policy enforcement of label separation in the X server.
    Reduce the allowed number of password tries.
    passwd(1) man page
    Disable keyboard shutdown.

    Note - On hosts that are used by administrators for debugging, the default setting for KEYBOARD_ABORT allows access to the kadb kernel debugger.

    kadb(1M) man page
    Require a more powerful algorithm for user passwords.
    Remove a basic privilege from all users of this host.
    Restrict users of this host to Basic Solaris User authorizations.
    Require users to change passwords frequently.
    Require users to create maximally different passwords.
    Require a longer user password.
    Require a password that cannot be found in your dictionary.
    passwd(1) man page