Document Information
Preface
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
Multilevel Mail Service
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Tasks)
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Preparing to Create Zones by Using CDE Actions (Task Map)
Creating Labeled Zones by Using CDE Actions (Task Map)
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
D. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
E. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
|
Trusted Extensions Mail Features
In Trusted Extensions, the System Administrator role sets up and administers mail servers
according to instructions in the Solaris System Administration Guide: Advanced Administration and System Administration Guide: IP Services. In addition, the security
administrator determines how Trusted Extensions mail features need to be configured. The following aspects of managing mail are specific to Trusted Extensions:
The .mailrc file is at a user's minimum label. Therefore, users who work at multiple labels do not have a .mailrc file at the higher labels, unless they copy or link the .mailrc file in their minimum-label directory to each higher directory. The Security Administrator role or the individual user can add the .mailrc file to either .copy_files or .link_files. For a description of these files, see the updatehome(1M) man page. For configuration suggestions, see .copy_files and .link_files Files. Your mail reader can run at every label on a system. Some configuration is required to connect a mail client to the server. For example, to use Mozilla mail for multilevel mail requires that you configure a Mozilla mail client at each label to specify the mail server. The mail server could be the same or different for each label, but the server must be specified. The Mailing Lists tool in the Solaris Management Console manages mail aliases. Depending on the scope of the selected Solaris Management Console toolbox, you can update the local /etc/aliases file or the LDAP entry on the Sun Java System Directory Server. Trusted Extensions software checks host and user labels before sending or forwarding mail.
The software checks that the mail is within the accreditation range of the host. The checks are described in this list and in Chapter 19, Managing Networks in Trusted Extensions (Tasks). The software checks that the mail is between the account's clearance and minimum label. Users can read email that is received within their accreditation range. During a session, users can read mail only at their current label. To contact regular user by email, an administrative role must send mail from a workspace that is at a label that the user can read. The user's default label is usually a good choice.
|
