Document Information
Preface
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Tasks)
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Preparing to Create Zones by Using CDE Actions (Task Map)
Creating Labeled Zones by Using CDE Actions (Task Map)
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
D. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
E. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
|
D
- DAC, See discretionary access control (DAC)
- databases
- devices, Trusted CDE Actions
- in LDAP, Using a Naming Service in Trusted Extensions
- trusted network, Network Configuration Databases in Trusted Extensions
- datasets, See ZFS
- deallocate command, Command Line Tools in Trusted Extensions
- deallocating, forcing, How to Revoke or Reclaim a Device in Trusted Extensions
- debugging, See troubleshooting
- deciding
- to configure as a role or as superuser, Make System and Security Decisions Before Enabling Trusted Extensions
- to use a Sun-supplied encodings file, Make System and Security Decisions Before Enabling Trusted Extensions
- decisions to make
- based on site security policy, Site Security Policy and Trusted Extensions
- before enabling Trusted Extensions, Make System and Security Decisions Before Enabling Trusted Extensions
- default routes, specifying for labeled zones, Add a Network Interface That Does Not Use the Global Zone to Route an Existing Labeled Zone
- deleting, labeled zones, How to Remove Trusted Extensions From the System
- desktops
- accessing multilevel remotely, How to Use Xvnc to Remotely Access a Trusted Extensions System
- logging in to a failsafe session, How to Log In to a Failsafe Session in Trusted Extensions
- workspace color changes, How to Enter the Global Zone in Trusted Extensions
- /dev/kmem kernel image file, security violation, Evaluating Software for Security
- developer responsibilities, Developer Responsibilities When Creating Trusted Programs
- Device Allocation Manager
- administrative tool, Administration Tools for Trusted Extensions
- description, Device Allocation Manager GUI
- use by administrators, How to Configure a Device in Trusted Extensions
- device allocation
- authorizing, How to Assign Device Authorizations
- overview, Device Protection With Trusted Extensions Software
- preventing File Manager display, How to Prevent the File Manager From Displaying After Device Allocation
- profiles that include allocation authorizations, How to Assign Device Authorizations
- device-clean scripts
- adding to devices, How to Add a Device_Clean Script in Trusted Extensions
- requirements, Device-Clean Scripts
- device databases, action for editing, Trusted CDE Actions
- devices
- access policy, Device Access Policies
- accessing, Device Allocation Manager GUI
- adding customized authorizations, How to Add Site-Specific Authorizations to a Device in Trusted Extensions
- adding device_clean script, How to Add a Device_Clean Script in Trusted Extensions
- administering with Device Allocation Manager, How to Configure a Device in Trusted Extensions
- administering, Managing Devices for Trusted Extensions (Tasks)
- allocating, Device Protection With Trusted Extensions Software
- automatically starting an audio player, How to Configure an Audio Player Program for Use in Trusted CDE
- configuring devices, How to Configure a Device in Trusted Extensions
- configuring serial line, How to Configure a Serial Line for Logins
- creating new authorizations, How to Create New Device Authorizations
- in Trusted Extensions, Devices in Trusted Extensions (Overview)
- policy defaults, Device Access Policies
- preventing remote allocation of audio, How to Protect Nonallocatable Devices in Trusted Extensions
- protecting nonallocatable, How to Protect Nonallocatable Devices in Trusted Extensions
- protecting, Device Allocation Manager
- reclaiming, How to Revoke or Reclaim a Device in Trusted Extensions
- setting label range for nonallocatable, Effects of Label Range on a Device
- setting policy, Device Access Policies
- setting up audio, How to Configure an Audio Player Program for Use in Trusted CDE
- troubleshooting, How to Revoke or Reclaim a Device in Trusted Extensions
- using, Using Devices in Trusted Extensions (Task Map)
- dfstab file
- action for editing, Trusted CDE Actions
- for public zone, Access to NFS Mounted Directories in Trusted Extensions
- differences
- administrative interfaces in Trusted Extensions, Administrative Interfaces in Trusted Extensions
- between Trusted Extensions and Solaris auditing, Trusted Extensions and Auditing
- between Trusted Extensions and Solaris OS, Differences Between Trusted Extensions and the Solaris OS
- defaults in Trusted Extensions, Tighter Security Defaults in Trusted Extensions
- extending Solaris interfaces, Solaris Interfaces Extended by Trusted Extensions
- limited options in Trusted Extensions, Limited Options in Trusted Extensions
- directories
- accessing lower-level, Zones in Trusted Extensions
- authorizing a user or role to change label of, How to Enable a User to Change the Security Level of Data
- for naming service setup, Populate the Sun Java System Directory Server
- mounting, How to Share Directories From a Labeled Zone
- sharing, How to Share Directories From a Labeled Zone
- disabling, Trusted Extensions, How to Remove Trusted Extensions From the System
- discretionary access control (DAC), Trusted Extensions and Access Control
- diskettes, accessing, Device Protection With Trusted Extensions Software
- displaying
- labels of file systems in labeled zone, How to Display the Labels of Mounted Files
- status of every zone, How to Display Ready or Running Zones
- DOI, remote host templates, Network Security Attributes in Trusted Extensions
- domain of interpretation (DOI), entry in /etc/system file, Configure the Domain of Interpretation
- dominance of labels, Dominance Relationships Between Labels
- Downgrade DragNDrop or CutPaste Info authorization, How to Create a Rights Profile for Convenient Authorizations
- Downgrade File Label authorization, How to Create a Rights Profile for Convenient Authorizations
- downgrading labels, configuring rules for selection confirmer, sel_config File
- dpadm service, Install the Sun Java System Directory Server
- DragNDrop or CutPaste without viewing contents authorization, How to Create a Rights Profile for Convenient Authorizations
- dsadm service, Install the Sun Java System Directory Server
- dtappsession command, Command Line Tools in Trusted Extensions
- dtsession command, running updatehome, .copy_files and .link_files Files
- dtterm terminal, forcing the sourcing of .profile, How to Configure Startup Files for Users in Trusted Extensions
- dtwm command, Trusted Processes in the Window System
E
- Edit Encodings action, Trusted CDE Actions
- editing
- system files, How to Change Security Defaults in System Files
- using trusted editor, How to Edit Administrative Files in Trusted Extensions
- enabling
- DOI different from 1
- Configure the Domain of Interpretation
- What's New in Trusted Extensions
- dpadm service, Install the Sun Java System Directory Server
- dsadm service, Install the Sun Java System Directory Server
- IPv6 network, Enable IPv6 Networking in Trusted Extensions
- keyboard shutdown, How to Change Security Defaults in System Files
- labeld service, Enable Solaris Trusted Extensions
- LDAP administration from a client, Enable the Solaris Management Console to Accept Network Communications
- login to labeled zone, Enable Users to Log In to a Labeled Zone
- Trusted Extensions on a Solaris system, Enable Solaris Trusted Extensions
- encodings file, See label_encodings file
- error messages
- troubleshooting
- Enable Solaris Trusted Extensions
- Labeled Zone Is Unable to Access the X Server
- /etc/default/kbd file, how to edit, How to Change Security Defaults in System Files
- /etc/default/login file, how to edit, How to Change Security Defaults in System Files
- /etc/default/passwd file, how to edit, How to Change Security Defaults in System Files
- /etc/default/print file, How to Enable Users to Print PostScript Files in Trusted Extensions
- /etc/dfs/dfstab file for public zone, Access to NFS Mounted Directories in Trusted Extensions
- /etc/dfs/dfstab file, Trusted CDE Actions
- /etc/dt/config/sel_config file
- sel_config File
- sel_config File
- /etc/hosts file
- How to Add Hosts to the System's Known Network
- How to Assign a Security Template to a Host or a Group of Hosts
- /etc/motd file, action for editing, Trusted CDE Actions
- /etc/nsswitch.conf file, Trusted CDE Actions
- /etc/resolv.conf file, Trusted CDE Actions
- /etc/rmmount.conf file
- How to Configure an Audio Player Program for Use in Trusted CDE
- How to Prevent the File Manager From Displaying After Device Allocation
- /etc/security/audit_class file, Trusted CDE Actions
- /etc/security/audit_control file, Trusted CDE Actions
- /etc/security/audit_event file, Trusted CDE Actions
- /etc/security/audit_startup file, Trusted CDE Actions
- /etc/security/policy.conf file
- policy.conf File Defaults in Trusted Extensions
- How to Modify policy.conf Defaults
- enabling PostScript printing, How to Enable Users to Print PostScript Files in Trusted Extensions
- how to edit, How to Change Security Defaults in System Files
- /etc/security/tsol/label_encodings file, Label Encodings File
- /etc/system file
- modifying for DOI different from 1, Configure the Domain of Interpretation
- modifying for IPv6 network, Enable IPv6 Networking in Trusted Extensions
- evaluating programs for security, Evaluating Software for Security
- exporting, See sharing
|
