Document Information
Preface
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)
Initial Setup Team Responsibilities
Installing or Upgrading the Solaris OS for Trusted Extensions
Enabling the Solaris Trusted Extensions Service
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Tasks)
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Preparing to Create Zones by Using CDE Actions (Task Map)
Creating Labeled Zones by Using CDE Actions (Task Map)
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
D. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
E. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
|
Collecting Information and Making Decisions Before Enabling Trusted Extensions
For each system on which Solaris Trusted Extensions is going to be
configured, you need to know some information, and make some decisions about configuration.
For example, because you are going to create labeled zones, you might want
to set aside disk space where the zones can be cloned as a
Solaris ZFSTM File System. Solaris ZFS provides additional isolation for the zones.
Collect System Information Before Enabling Trusted Extensions
- Determine the system's main hostname and IP address.
The hostname is the name of the host on the network, and is
the global zone. On a Solaris system, the getent command returns the hostname, as
in: # getent hosts machine1
192.168.0.11 machine1
- Determine the IP address assignments for labeled zones.
A system with two IP addresses can function as a multilevel server. A
system with one IP address must have access to a multilevel server in
order to print or perform multilevel tasks. For a discussion of IP address
options, see Planning for Multilevel Access. Most systems require a second IP address for the labeled zones. For example,
the following is a host with a second IP address for labeled
zones: # getent hosts machine1-zones
192.168.0.12 machine1-zones
- Collect LDAP configuration information.
For the LDAP server that is running Trusted Extensions software, you need the
following information:
The name of the Trusted Extensions domain that the LDAP server serves The IP address of the LDAP server The LDAP profile name that will be loaded
For an LDAP proxy server, you also need the password for the
LDAP proxy.
Make System and Security Decisions Before Enabling Trusted ExtensionsFor each system on which Solaris Trusted Extensions is going to be
configured, make these configuration decisions before enabling the software.
- Decide how securely the system hardware needs to be protected.
At a secure site, this step has been done for every installed
Solaris system.
For SPARC systems, a PROM security level and password has been provided. For x86 systems, the BIOS is protected. On all systems, root is protected with a password.
- Prepare your label_encodings file.
If you have a site-specific label_encodings file, the file must be checked and
installed before other configuration tasks can be started. If your site does not
have a label_encodings file, you can use the default file that Sun supplies.
Sun also supplies other label_encodings files, which you can find in the
/etc/security/tsol directory. The Sun files are demonstration files. They might not be suitable
for production systems. To customize a file for your site, see Solaris Trusted Extensions Label Administration.
- From the list of labels in your label_encodings file, make a list of
the labeled zones that you need to create.
For the default label_encodings file, the labels are the following, and the zone names
can be similar to the following: Label |
Zone Name |
|---|
PUBLIC |
public |
CONFIDENTIAL : INTERNAL |
internal |
CONFIDENTIAL : NEED TO KNOW |
needtoknow |
CONFIDENTIAL : RESTRICTED |
restricted |
For ease of NFS mounting, the zone name of a particular label must
be identical on every system. Some systems, such as multilevel print servers, do
not need to have labeled zones installed. However, if you do install labeled
zones on a print server, the zone names must be identical to the
zone names of other systems on your network.
- Decide when to create roles.
Your site's security policy can require you to administer Trusted Extensions by assuming a
role. If so, or if you are configuring the system to satisfy
criteria for an evaluated configuration, you must create roles early in the configuration process. If you are not required to configure the system by using roles,
you can choose to configure the system as superuser. This method of configuration is
less secure. Audit records do not indicate which user was superuser during configuration.
Superuser can perform all tasks on the system, while a role can perform
a more limited set of tasks. Therefore, configuration is more controlled when being
performed by roles.
- Choose a zone creation method.
You can create zones from scratch, copy zones, or clone zones. These methods
differ in speed of creation, disk space requirements, and robustness. For the trade-offs,
see Planning for Zones in Trusted Extensions.
- Plan your LDAP configuration.
Using local files for administration is practical for non-networked systems. LDAP is the naming service for a networked environment. A populated LDAP server
is required when you configure several machines.
If you have an existing Sun JavaTM System Directory Server (LDAP server), you can create an LDAP proxy server on a system that is running Trusted Extensions. The multilevel proxy server handles communications with the unlabeled LDAP server. If you do not have an LDAP server, you can configure a system that runs Trusted Extensions software as a multilevel LDAP server.
- Decide other security issues for each system and for the network.
For example, you might want to consider the following security issues:
Determine which devices can be attached to the system and allocated for use. Identify which printers at what labels are accessible from the system. Identify any systems that have a limited label range, such as a gateway system or a public kiosk. Identify which labeled systems can communicate with particular unlabeled systems.
|
