Solaris Trusted Extensions Administrator's Procedures
Previous Next

Document Information

Preface

Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

7.  Trusted Extensions Administration Concepts

8.  Trusted Extensions Administration Tools

9.  Getting Started as a Trusted Extensions Administrator (Tasks)

10.  Security Requirements on a Trusted Extensions System (Overview)

11.  Administering Security Requirements in Trusted Extensions (Tasks)

12.  Users, Rights, and Roles in Trusted Extensions (Overview)

13.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

Customizing the User Environment for Security (Task Map)

Managing Users and Rights With the Solaris Management Console (Task Map)

Handling Other Tasks in the Solaris Management Console (Task Map)

14.  Remote Administration in Trusted Extensions (Tasks)

15.  Trusted Extensions and LDAP (Overview)

16.  Managing Zones in Trusted Extensions (Tasks)

17.  Managing and Mounting Files in Trusted Extensions (Tasks)

18.  Trusted Networking (Overview)

19.  Managing Networks in Trusted Extensions (Tasks)

20.  Multilevel Mail in Trusted Extensions (Overview)

21.  Managing Labeled Printing (Tasks)

22.  Devices in Trusted Extensions (Overview)

23.  Managing Devices for Trusted Extensions (Tasks)

24.  Trusted Extensions Auditing (Overview)

25.  Software Management in Trusted Extensions (Tasks)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Using CDE Actions to Install Zones in Trusted Extensions

Associating Network Interfaces With Zones by Using CDE Actions (Task Map)

Preparing to Create Zones by Using CDE Actions (Task Map)

Creating Labeled Zones by Using CDE Actions (Task Map)

C.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

D.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

E.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Solaris Man Pages That Are Modified by Trusted Extensions

Glossary

Index

Managing Users and Rights With the Solaris Management Console (Task Map)

In Trusted Extensions, you must use the Solaris Management Console to administer users, authorizations, rights, and roles. To manage users and their security attributes, assume the Security Administrator role.

Task

Description

For Instructions

Modify a user's label range.

Modifies the labels at which a user can work. Modifications can restrict or extend the range that the label_encodings file permits.

How to Modify a User's Label Range in the Solaris Management Console

Create a rights profile for convenient authorizations.

Several authorizations exist that might be useful for regular users. Creates a profile for users who qualify to have these authorizations.

How to Create a Rights Profile for Convenient Authorizations

Modify a user's default privilege set.

Removes a privilege from the user's default privilege set.

How to Restrict a User's Set of Privileges

Prevent account locking for particular users.

Users who can assume a role must have account locking turned off.

How to Prevent Account Locking for Users

Hide labels on a user's screen.

On a single-label system, you might want a user to not view labels.

How to Hide Labels From a User

Enable a user to relabel data.

Authorizes a user to downgrade information or upgrade information.

How to Enable a User to Change the Security Level of Data

Remove a user from the system.

Completely removes a user and the user's processes..

How to Delete a User Account From a Trusted Extensions System

Handle other tasks.

Uses the Solaris Management Console to handle tasks that are not specific to Trusted Extensions.

Handling Other Tasks in the Solaris Management Console (Task Map)

How to Modify a User's Label Range in the Solaris Management Console

You might want to extend a user's label range to give the user read access to an administrative application. For example, a user who can log in to the global zone could then run the Solaris Management Console. The user could view, but not not change the contents.

Alternatively, you might want to restrict the user's label range. For example, a guest user might be limited to one label.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Open a Trusted Extensions toolbox in the Solaris Management Console.

    Use a toolbox of the appropriate scope. For details, see Initialize the Solaris Management Console Server in Trusted Extensions.

  2. Under System Configuration, navigate to User Accounts.

    A password prompt might be displayed.

  3. Type the role password.
  4. Select the individual user from User Accounts.
  5. Click the Trusted Extensions Attributes tab.
    Dialog box shows the Trusted Extensions Attributes tab for a user.
    • To extend the user's label range, choose a higher clearance.

      You can also lower the minimum label.

    • To restrict the label range to one label, make the clearance equal to the minimum label.
  6. To save the changes, click OK.

How to Create a Rights Profile for Convenient Authorizations

Where site security policy permits, you might want to create a rights profile that contains authorizations for users who can perform tasks that require authorization. To enable every user of a particular system to be authorized, see How to Modify policy.conf Defaults.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Open a Trusted Extensions toolbox in the Solaris Management Console.

    Use a toolbox of the appropriate scope. For details, see Initialize the Solaris Management Console Server in Trusted Extensions.

  2. Under System Configuration, navigate to Rights.

    A password prompt might be displayed.

  3. Type the role password.
  4. To add a rights profile, click Action –> Add Right.
  5. Create a rights profile that contains one or more of the following authorizations.

    For the step-by-step procedure, see How to Create or Change a Rights Profile in System Administration Guide: Security Services.

    In the following figure, the Authorizations Included window shows the authorizations that might be convenient for users.


    Dialog box shows the authorizations that might be appropriate for users at your site.

    • Allocate Device – Authorizes a user to allocate a peripheral device, such as a microphone.

      By default, Solaris users can read and write to a CD-ROM. However, in Trusted Extensions, only users who can allocate a device can access the CD-ROM drive. To allocate the drive for use requires authorization. Therefore, to read and write to a CD-ROM in Trusted Extensions, a user needs the Allocate Device authorization.

    • Downgrade DragNDrop or CutPaste Info – Authorizes a user to select information from a higher-level file and place that information in a lower-level file.

    • Downgrade File Label – Authorizes a user to lower the security level of a file

    • DragNDrop or CutPaste without viewing contents – Authorizes a user to move information without viewing the information that is being moved.

    • Print Postscript – Authorizes a user to print PostScriptTM files.

    • Print without Banner - Authorizes a user to print hard copy without a banner page.

    • Print without Label – Authorizes a user to print hard copy that does not display labels.

    • Remote Login – Authorizes a user to remotely log in.

    • Shutdown the System – Authorizes a user to shut down the system and to shut down a zone.

    • Upgrade DragNDrop or CutPaste Info – Authorizes a user to select information from a lower-level file and place that information in a higher-level file.

    • Upgrade File Label – Authorizes a user to heighten the security level of a file.

  6. Assign the rights profile to a user or a role.

    For assistance, see the online help. For the step-by-step procedure, see How to Change the RBAC Properties of a User in System Administration Guide: Security Services.

Example 13-6 Assigning a Printing-Related Authorization to a Role

In the following example, the Security Administrator allows a role to print jobs without labels on body pages.

In the Solaris Management Console, the security administrator navigates to Administrative Roles. She views the rights profiles that are included in a particular role, then ensures that the print-related authorizations are contained in one of the role's rights profiles.

How to Restrict a User's Set of Privileges

Site security might require that users be permitted fewer privileges than users are assigned by default. For example, at a site that uses Trusted Extensions on Sun Ray systems, you might want to prevent users from viewing other users' processes on the Sun Ray server.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Open a Trusted Extensions toolbox in the Solaris Management Console.

    Use a toolbox of the appropriate scope. For details, see Initialize the Solaris Management Console Server in Trusted Extensions.

  2. Under System Configuration, navigate to User Accounts.

    A password prompt might be displayed.

  3. Type the role password.
  4. Double–click the icon for the user.
  5. Remove one or more of the privileges in the basic set.
    1. Double-click the icon for the user.
    2. Click the Rights tab.
      Dialog box shows the contents of the Rights tab for a regular user.
    3. Click the Edit button to the right of the basic set in the right_extended_attr field.
    4. Remove proc_session or file_link_any.

      By removing the proc_session privilege, you prevent the user from examining any processes outside the user's current session. By removing the file_link_any privilege, you prevent the user from making hard links to files that are not owned by the user.

      Caution - Do not remove the proc_fork or the proc_exec privilege. Without these privileges, the user would not be able to use the system.


      Dialog box shows the basic privilege set for a regular user.
  6. To save the changes, click OK.

How to Prevent Account Locking for Users

Trusted Extensions extends the user security features in the Solaris Management Console to include account locking. Turn off account locking for users who can assume a role.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Start the Solaris Management Console.

    Use a toolbox of the appropriate scope. For details, see Initialize the Solaris Management Console Server in Trusted Extensions.

  2. Under System Configuration, navigate to User Accounts.

    A password prompt might be displayed.

  3. Type the role password.
  4. Double–click the icon for the user.
  5. Click the Trusted Extensions Attributes tab.
  6. In the Account Usage section, choose No from the pull-down menu next to Lock account after maximum failed logins.
  7. To save the changes, click OK.

How to Hide Labels From a User

Hiding labels is useful at a site where users can work at a single label only. An organization might not want regular users to see labels or to be aware of mandatory access controls. Ordinary users can then work whose desktop closely resembles the Java Desktop System, Release number or the CDE desktop on a Solaris system.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Open a Trusted Extensions toolbox in the Solaris Management Console.

    Use a toolbox of the appropriate scope. For details, see Initialize the Solaris Management Console Server in Trusted Extensions.

  2. Under System Configuration, navigate to User Accounts.

    A password prompt might be displayed.

  3. Type the role password.
  4. Double–click the icon for the user.
  5. Click the Trusted Extensions Attributes tab.
  6. Choose Hide from the Label: selection list.

    This setting overrides the value of LABELVIEW in the system's policy.conf file. For details, see Default User Security Attributes in Trusted Extensions.

  7. To save the changes, click OK.

How to Enable a User to Change the Security Level of Data

A regular user or a role can be authorized to change the security level, or labels, of files and directories. The user or role, in addition to having the authorization, must be configured to work at more than one label. And, the labeled zones must be configured to permit relabeling. For the procedure, see How to Enable Files to be Relabeled From a Labeled Zone.

Caution - Changing the security level of data is a privileged operation. This task is for trustworthy users only.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Follow the procedure How to Create a Rights Profile for Convenient Authorizations to create a rights profile.

    The following authorizations enable a user to relabel a file:

    • Downgrade File Label

    • Upgrade File Label

    The following authorizations enable a user to relabel information within a file:

    • Downgrade DragNDrop or CutPaste Info

    • DragNDrop or CutPaste Info Without Viewing

    • Upgrade DragNDrop or CutPaste Info

  2. Use the Solaris Management Console to assign the profile to the appropriate users and roles.

    For assistance, use the online help. For a step-by-step procedure, see How to Change the RBAC Properties of a User in System Administration Guide: Security Services.

How to Delete a User Account From a Trusted Extensions System

When a user is removed from the system, you must ensure that the user's home directory and any objects that the user owns are also deleted. As an alternative to deleting objects that are owned by the user, you might change the ownership of these objects to a valid user.

You must also ensure that all batch jobs that are associated with the user are also deleted. No objects or processes belonging to a removed user can remain on the system.

Before You Begin

You must be in the System Administrator role.

  1. Archive the user's home directory at every label.
  2. Archive the user's mail files at every label.
  3. In the Solaris Management Console, delete the user account.
    1. Open a Trusted Extensions toolbox in the Solaris Management Console.

      Use a toolbox of the appropriate scope. For details, see Initialize the Solaris Management Console Server in Trusted Extensions.

    2. Under System Configuration, navigate to User Accounts.

      A password prompt might be displayed.

    3. Type the role password.
    4. Select the user account to be removed, and click the Delete button.

      You are prompted to delete the user's home directory and mail files. When you accept the prompt, the user's home directory and mail files are deleted in the global zone only.

  4. In every labeled zone, manually delete the user's directories and mail files.

    Note - You are responsible for finding and deleting the user's temporary files at all labels, such as files in /tmp directories.
Previous Next