Document Information
Preface
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Tasks)
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Preparing to Create Zones by Using CDE Actions (Task Map)
Creating Labeled Zones by Using CDE Actions (Task Map)
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
D. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
E. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
|
R
- real UID of root, required for applications, Evaluating Software for Security
- rebooting
- activating labels, Reboot and Log In to Trusted Extensions
- enabling login to labeled zone, Enable Users to Log In to a Labeled Zone
- Reducing Printing Restrictions in Trusted Extensions (Task Map), Reducing Printing Restrictions in Trusted Extensions (Task Map)
- regaining control of desktop focus, How to Regain Control of the Desktop's Current Focus
- registering, LDAP credentials with the Solaris Management Console, Register LDAP Credentials With the Solaris Management Console
- regular users, See users
- relabeling information, How to Enable a User to Change the Security Level of Data
- remote administration
- defaults, Secure Remote Administration in Trusted Extensions
- methods, Methods for Administering Remote Systems in Trusted Extensions
- remote host templates
- assigning to hosts, How to Assign a Security Template to a Host or a Group of Hosts
- assigning, Configuring Trusted Network Databases (Task Map)
- creating, How to Construct a Remote Host Template
- tool for administering, Security Templates Tool
- remote hosts, using fallback mechanism in tnrhdb, Trusted Network Fallback Mechanism
- Remote Login authorization, How to Create a Rights Profile for Convenient Authorizations
- remote logins, enabling for roles, Enable Remote Login by a Role in Trusted Extensions
- remote multilevel desktop, accessing, How to Use Xvnc to Remotely Access a Trusted Extensions System
- removable media, mounting, How to Add a Software Package in Trusted Extensions
- remove_allocatable command, Command Line Tools in Trusted Extensions
- removing Trusted Extensions, See disabling
- removing
- labels on printer output, How to Remove Labels From Printed Output
- zone-specific nscd daemon, Configure a Name Service Cache in Each Labeled Zone
- repairing, labels in internal databases, How to Obtain a Readable Label From Its Hexadecimal Form
- requirements for Trusted Extensions
- Solaris installation options, Install a Solaris System to Support Trusted Extensions
- Solaris installed systems, Prepare an Installed Solaris System for Trusted Extensions
- resolv.conf file
- action for editing, Trusted CDE Actions
- loading during configuration, Make the Global Zone an LDAP Client in Trusted Extensions
- Restart Zone action, Trusted CDE Actions
- restoring control of desktop focus, How to Regain Control of the Desktop's Current Focus
- restricting
- access to computer based on label, Effects of Label Range on a Device
- access to devices, Device Protection With Trusted Extensions Software
- access to global zone, Role Assumption in Trusted Extensions
- access to lower-level files, How to Disable the Mounting of Lower-Level Files
- access to printers with labels, Restricting Access to Printers and Print Job Information in Trusted Extensions
- actions by rights profiles, Trusted Processes in the Window System
- mounts of lower-level files, How to Disable the Mounting of Lower-Level Files
- printer access with labels, Restricting Access to Printers and Print Job Information in Trusted Extensions
- printer label range, How to Configure a Restricted Label Range for a Printer
- remote access, Secure Remote Administration in Trusted Extensions
- Revoke or Reclaim Device authorization
- How to Assign Device Authorizations
- How to Assign Device Authorizations
- rights profiles
- assigning, Security Attribute Assignment to Users in Trusted Extensions
- controlling the use of actions, Trusted Processes in the Window System
- Convenient Authorizations, How to Create a Rights Profile for Convenient Authorizations
- customizing for separation of duty, Create Rights Profiles That Enforce Separation of Duty
- with Allocate Device authorization, How to Assign Device Authorizations
- with device allocation authorizations, How to Assign Device Authorizations
- with new device authorizations, How to Create New Device Authorizations
- Rights tool, Trusted Extensions Tools in the Solaris Management Console
- rights, See rights profiles
- rmmount.conf file
- How to Configure an Audio Player Program for Use in Trusted CDE
- How to Prevent the File Manager From Displaying After Device Allocation
- roadmaps
- Task Map: Configuring Trusted Extensions, Task Map: Configuring Trusted Extensions
- Task Map: Preparing a Solaris System for Trusted Extensions, Task Map: Preparing a Solaris System for Trusted Extensions
- Task Map: Preparing For and Enabling Trusted Extensions, Task Map: Preparing For and Enabling Trusted Extensions
- role workspace, global zone, Security Requirements When Administering Trusted Extensions
- roleadd command, Create the Security Administrator Role in Trusted Extensions
- roles
- adding local role with roleadd, Create the Security Administrator Role in Trusted Extensions
- administering auditing, Role Setup for Audit Administration
- administering remotely
- How to Remotely Administer Systems by Using the Solaris Management Console From a Trusted Extensions System
- How to Remotely Administer Systems by Using the Solaris Management Console From an Unlabeled System
- assigning rights, Security Attribute Assignment to Users in Trusted Extensions
- assuming
- Security Requirements When Administering Trusted Extensions
- How to Enter the Global Zone in Trusted Extensions
- creating Security Administrator, Create the Security Administrator Role in Trusted Extensions
- creating, Role Creation in Trusted Extensions
- determining when to create, Make System and Security Decisions Before Enabling Trusted Extensions
- leaving role workspace, How to Exit the Global Zone in Trusted Extensions
- logging in remotely, Enable Remote Login by a Role in Trusted Extensions
- remote login, Remote Login by a Role in Trusted Extensions
- role assumption from unlabeled host, Remote Role-Based Administration From Unlabeled Hosts
- separation of duty
- Create Rights Profiles That Enforce Separation of Duty
- Create a Restricted System Administrator Role
- trusted application access, Administration Tools for Trusted Extensions
- verifying they work, Verify That the Trusted Extensions Roles Work
- workspaces, Security Requirements When Administering Trusted Extensions
- root passwords, required in Trusted Extensions, Prepare an Installed Solaris System for Trusted Extensions
- root UID, required for applications, Evaluating Software for Security
- route command
- Command Line Tools in Trusted Extensions
- Network Commands in Trusted Extensions
- routing, Overview of Routing in Trusted Extensions
- accreditation checks, Trusted Extensions Accreditation Checks
- commands in Trusted Extensions, Routing Commands in Trusted Extensions
- concepts, Administration of Routing in Trusted Extensions
- example of, Gateways in Trusted Extensions
- specifying default routes for labeled zones, Add a Network Interface That Does Not Use the Global Zone to Route an Existing Labeled Zone
- static with security attributes, How to Configure Routes With Security Attributes
- tables
- Routing Table Entries in Trusted Extensions
- Choosing Routers in Trusted Extensions
- using route command, How to Configure Routes With Security Attributes
S
- screens, initial display, Reboot and Log In to Trusted Extensions
- scripts
- getmounts, How to Display the Labels of Mounted Files
- getzonelabels, How to Display Ready or Running Zones
- /usr/sbin/txzonemgr
- Administration Tools for Trusted Extensions
- Zone Administration Utilities in Trusted Extensions
- secure attention, key combination, How to Regain Control of the Desktop's Current Focus
- Security Administrator role
- administering network of users, Managing Users and Rights With the Solaris Management Console (Task Map)
- administering PostScript restriction, PostScript Printing of Security Information
- administering printer security, Labels, Printers, and Printing
- assigning authorizations to users, How to Create a Rights Profile for Convenient Authorizations
- audit tasks, Audit Tasks of the Security Administrator
- configuring a device, How to Configure a Device in Trusted Extensions
- configuring serial line for login, How to Configure a Serial Line for Logins
- creating Convenient Authorizations rights profile, How to Create a Rights Profile for Convenient Authorizations
- creating, Create the Security Administrator Role in Trusted Extensions
- enabling unlabeled body pages from a public system, How to Modify policy.conf Defaults
- enforcing security, Enforcement of Device Security in Trusted Extensions
- modifying window configuration files, Front Panel Customization
- protecting nonallocatable devices, How to Protect Nonallocatable Devices in Trusted Extensions
- security administrators, See Security Administrator role
- security attributes, Routing Table Entries in Trusted Extensions
- modifying defaults for all users, How to Modify policy.conf Defaults
- modifying user defaults, How to Modify Default User Label Attributes
- setting for remote hosts, How to Construct a Remote Host Template
- using in routing, How to Configure Routes With Security Attributes
- security information, on printer output, Labeled Printer Output
- security label set, remote host templates, Network Security Attributes in Trusted Extensions
- security mechanisms
- extensible, Extension of Solaris Security Mechanisms by Trusted Extensions
- Solaris, Solaris Security Mechanisms for Software
- security policy
- auditing, Trusted Extensions Audit Policy Options
- training users, Users and Security Requirements
- users and devices, Enforcement of Device Security in Trusted Extensions
- Security Templates tool
- Trusted Extensions Tools in the Solaris Management Console
- Security Templates Tool
- assigning templates, How to Assign a Security Template to a Host or a Group of Hosts
- modifying tnrhdb
- Configuring Trusted Network Databases (Task Map)
- Configuring Trusted Network Databases (Task Map)
- using, How to Open the Trusted Networking Tools
- security templates, See remote host templates
- security
- initial setup team, Initial Setup Team Responsibilities
- publications, Additional Security References
- root password, Prepare an Installed Solaris System for Trusted Extensions
- site security policy, Site Security Policy
- sel_config file, sel_config File
- action for editing, Trusted CDE Actions
- configuring selection transfer rules, sel_config File
- selecting, audit records by label, Audit Tasks of the System Administrator
- Selection Confirmer, changing defaults, sel_config File
- Selection Manager
- changing timeout, How to Lengthen the Timeout When Relabeling Information
- configuring rules for selection confirmer, sel_config File
- separation of duty
- creating rights profiles, Create Rights Profiles That Enforce Separation of Duty
- planning for LDAP, Populate the Sun Java System Directory Server
- planning for, Devising a Configuration Strategy for Trusted Extensions
- serial line, configuring for logins, How to Configure a Serial Line for Logins
- service management facility (SMF), Trusted Extensions service, What's New in Trusted Extensions
- service management framework (SMF)
- dpadm, Install the Sun Java System Directory Server
- dsadm, Install the Sun Java System Directory Server
- labeld service, Enable Solaris Trusted Extensions
- session range, Label Ranges
- sessions, failsafe, How to Log In to a Failsafe Session in Trusted Extensions
- Set Daily Message action, Trusted CDE Actions
- Set Default Routes action, Trusted CDE Actions
- Set DNS Servers action, Trusted CDE Actions
- setlabel command, Command Line Tools in Trusted Extensions
- Share Filesystems action, Trusted CDE Actions
- Share Logical Interface action
- Trusted CDE Actions
- Specify Two IP Addresses for the System by Using a CDE Action
- Share Physical Interface action
- Trusted CDE Actions
- Specify One IP Address for the System by Using a CDE Action
- sharing, ZFS dataset from labeled zone, How to Share a ZFS Dataset From a Labeled Zone
- Shut Down Zone action
- Trusted CDE Actions
- Customize a Booted Zone in Trusted Extensions
- Shutdown authorization, How to Create a Rights Profile for Convenient Authorizations
- similarities
- between Trusted Extensions and Solaris auditing, Trusted Extensions and Auditing
- between Trusted Extensions and Solaris OS, Similarities Between Trusted Extensions and the Solaris OS
- single-label operation, Label Ranges
- single-label printing, configuring for a zone, How to Configure a Zone for Single-Label Printing
- site security policy
- common violations, Common Security Violations
- personnel recommendations, Personnel Security Recommendations
- physical access recommendations, Physical Security Recommendations
- recommendations, Computer Security Recommendations
- tasks involved, Site Security Policy
- Trusted Extensions configuration decisions, Site Security Policy and Trusted Extensions
- understanding, Understanding Your Site's Security Policy
- smtnrhdb command, Command Line Tools in Trusted Extensions
- smtnrhtp command, Command Line Tools in Trusted Extensions
- smtnzonecfg command, Command Line Tools in Trusted Extensions
- snoop command
- Network Commands in Trusted Extensions
- How to Debug the Trusted Extensions Network
- software
- administering third-party, Software Management in Trusted Extensions (Tasks)
- importing, Adding Software to Trusted Extensions
- installing Java programs, How to Install a Java Archive File in Trusted Extensions
- Solaris installation options, requirements, Install a Solaris System to Support Trusted Extensions
- Solaris installed systems, requirements for Trusted Extensions, Prepare an Installed Solaris System for Trusted Extensions
- Solaris Management Console
- administering trusted network, Configuring Trusted Network Databases (Task Map)
- administering users, Managing Users and Rights With the Solaris Management Console (Task Map)
- Computers and Networks tool, How to Add Hosts to the System's Known Network
- configuring for LDAP, Configuring the Solaris Management Console for LDAP (Task Map)
- configuring LDAP toolbox, Edit the LDAP Toolbox in the Solaris Management Console
- description of tools and toolboxes, Solaris Management Console Tools
- enabling LDAP toolbox to be used, Enable the Solaris Management Console to Accept Network Communications
- initializing, Initialize the Solaris Management Console Server in Trusted Extensions
- loading a Trusted Extensions toolbox, Initialize the Solaris Management Console Server in Trusted Extensions
- registering LDAP credentials, Register LDAP Credentials With the Solaris Management Console
- Security Templates tool
- Security Templates Tool
- How to Open the Trusted Networking Tools
- starting, How to Administer the Local System With the Solaris Management Console
- toolboxes, Solaris Management Console Tools
- troubleshooting
- Initialize the Solaris Management Console Server in Trusted Extensions
- Initialize the Solaris Management Console Server in Trusted Extensions
- Trusted Network Zones tool, Trusted Network Zones Tool
- using Trusted Network Zone Configuration tool
- Name and Label the Zone
- Specify Zone Names and Zone Labels by Using a CDE Action
- working with Sun Java System Directory Server, Configuring the Solaris Management Console for LDAP (Task Map)
- Solaris OS
- differences from Trusted Extensions auditing, Trusted Extensions and Auditing
- differences from Trusted Extensions, Differences Between Trusted Extensions and the Solaris OS
- similarities with Trusted Extensions auditing, Trusted Extensions and Auditing
- similarities with Trusted Extensions, Similarities Between Trusted Extensions and the Solaris OS
- solaris.print.nobanner authorization
- How to Modify policy.conf Defaults
- How to Suppress Banner and Trailer Pages for Specific Users
- solaris.print.ps authorization, How to Enable Users to Print PostScript Files in Trusted Extensions
- solaris.print.unlabeled authorization, How to Modify policy.conf Defaults
- Solaris Trusted Extensions, See Trusted Extensions
- StarOffice, lengthening timeout when relabeling, How to Lengthen the Timeout When Relabeling Information
- Start Zone action
- Trusted CDE Actions
- Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
- starting
- zones
- Boot the Labeled Zone
- Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
- startup files, procedures for customizing, How to Configure Startup Files for Users in Trusted Extensions
- Stop-A, enabling, How to Change Security Defaults in System Files
- Sun Java System Directory Server, See LDAP server
- Sun Ray systems
- enabling initial contact between client and server, How to Limit the Hosts That Can Be Contacted on the Trusted Network
- preventing users from seeing others' processes, How to Modify policy.conf Defaults
- svcs: Pattern 'labeld' doesn't match any instances, Enable Solaris Trusted Extensions
- System Administrator role
- adding device_clean script, How to Add a Device_Clean Script in Trusted Extensions
- adding print conversion filters, Additional Conversion Filters
- administering printers, Labels, Printers, and Printing
- audit tasks, Audit Tasks of the System Administrator
- enabling music to play automatically, How to Configure an Audio Player Program for Use in Trusted CDE
- preventing File Manager display, How to Prevent the File Manager From Displaying After Device Allocation
- reclaiming a device, How to Revoke or Reclaim a Device in Trusted Extensions
- restricting, Create a Restricted System Administrator Role
- reviewing audit records, Audit Tasks of the System Administrator
- system files
- editing
- How to Edit Administrative Files in Trusted Extensions
- How to Change Security Defaults in System Files
- Solaris /etc/default/print, How to Enable Users to Print PostScript Files in Trusted Extensions
- Solaris policy.conf, How to Enable Users to Print PostScript Files in Trusted Extensions
- Trusted Extensions sel_config, sel_config File
- Trusted Extensions tsol_separator.ps, How to Remove Page Labels From All Print Jobs
|
