Solaris Trusted Extensions Administrator's Procedures
Previous

Document Information

Preface

Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

7.  Trusted Extensions Administration Concepts

8.  Trusted Extensions Administration Tools

9.  Getting Started as a Trusted Extensions Administrator (Tasks)

10.  Security Requirements on a Trusted Extensions System (Overview)

11.  Administering Security Requirements in Trusted Extensions (Tasks)

12.  Users, Rights, and Roles in Trusted Extensions (Overview)

13.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

14.  Remote Administration in Trusted Extensions (Tasks)

15.  Trusted Extensions and LDAP (Overview)

16.  Managing Zones in Trusted Extensions (Tasks)

17.  Managing and Mounting Files in Trusted Extensions (Tasks)

18.  Trusted Networking (Overview)

19.  Managing Networks in Trusted Extensions (Tasks)

20.  Multilevel Mail in Trusted Extensions (Overview)

21.  Managing Labeled Printing (Tasks)

22.  Devices in Trusted Extensions (Overview)

23.  Managing Devices for Trusted Extensions (Tasks)

24.  Trusted Extensions Auditing (Overview)

25.  Software Management in Trusted Extensions (Tasks)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Using CDE Actions to Install Zones in Trusted Extensions

Associating Network Interfaces With Zones by Using CDE Actions (Task Map)

Preparing to Create Zones by Using CDE Actions (Task Map)

Creating Labeled Zones by Using CDE Actions (Task Map)

C.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

D.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

E.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Solaris Man Pages That Are Modified by Trusted Extensions

Glossary

Index

U

unlabeled printing, configuring, Reducing Printing Restrictions in Trusted Extensions (Task Map)
updatehome command
Command Line Tools in Trusted Extensions
.copy_files and .link_files Files
Upgrade DragNDrop or CutPaste Info authorization, How to Create a Rights Profile for Convenient Authorizations
Upgrade File Label authorization, How to Create a Rights Profile for Convenient Authorizations
upgrading labels, configuring rules for selection confirmer, sel_config File
User Accounts tool, Trusted Extensions Tools in the Solaris Management Console
useradd command, Create Users Who Can Assume Roles in Trusted Extensions
users
accessing devices
Device Protection With Trusted Extensions Software
Device Protection With Trusted Extensions Software
accessing printers, Labels, Printers, and Printing
adding from NIS server, Add an NIS User to the LDAP Server
adding local user with useradd, Create Users Who Can Assume Roles in Trusted Extensions
assigning authorizations to, Security Attribute Assignment to Users in Trusted Extensions
assigning labels, Security Attribute Assignment to Users in Trusted Extensions
assigning passwords, Security Attribute Assignment to Users in Trusted Extensions
assigning rights, Security Attribute Assignment to Users in Trusted Extensions
assigning roles to, Security Attribute Assignment to Users in Trusted Extensions
authorizations for, How to Create a Rights Profile for Convenient Authorizations
Change Password menu item, Trusted Extensions Security Features
changing default privileges, Security Attribute Assignment to Users in Trusted Extensions
creating initial users, Create Users Who Can Assume Roles in Trusted Extensions
creating, Administrator Responsibilities for Users
customizing environment, Customizing the User Environment for Security (Task Map)
deletion precautions, User Deletion Practices
labels of processes, Label Ranges
lengthening timeout when relabeling, How to Lengthen the Timeout When Relabeling Information
logging in remotely to the global zone, How to Enable Specific Users to Log In Remotely to the Global Zone in Trusted Extensions
logging in to a failsafe session, How to Log In to a Failsafe Session in Trusted Extensions
modifying security defaults for all users, How to Modify policy.conf Defaults
modifying security defaults, How to Modify Default User Label Attributes
planning for, Decisions to Make Before Creating Users in Trusted Extensions
preventing account locking, How to Prevent Account Locking for Users
preventing from seeing others' processes, How to Modify policy.conf Defaults
printing, Labels, Printers, and Printing
removing some privileges, How to Restrict a User's Set of Privileges
requiring two roles to create user, Create Rights Profiles That Enforce Separation of Duty
requiring two roles to create users, Create a Restricted System Administrator Role
restoring control of desktop focus, How to Regain Control of the Desktop's Current Focus
security precautions, Group Administration
security training
Security Requirements Enforcement
Group Administration
Enforcement of Device Security in Trusted Extensions
session range, Label Ranges
setting up skeleton directories, How to Configure Startup Files for Users in Trusted Extensions
startup files, How to Configure Startup Files for Users in Trusted Extensions
using .copy_files file, How to Configure Startup Files for Users in Trusted Extensions
using .link_files file, How to Configure Startup Files for Users in Trusted Extensions
using devices, Using Devices in Trusted Extensions (Task Map)
Using Devices in Trusted Extensions (Task Map), Using Devices in Trusted Extensions (Task Map)
/usr/dt/bin/trusted_edit trusted editor, How to Edit Administrative Files in Trusted Extensions
/usr/dt/config/sel_config file
sel_config File
sel_config File
/usr/lib/lp/postscript/tsol_separator.ps file, labeling printer output, Labeled Printer Output
/usr/local/scripts/getmounts script, How to Display the Labels of Mounted Files
/usr/local/scripts/getzonelabels script, How to Display Ready or Running Zones
/usr/sbin/txzonemgr script
Administration Tools for Trusted Extensions
Zone Administration Utilities in Trusted Extensions
/usr/sbin/txzonemgr script
Run the txzonemgr Script
Labeled Zone Is Unable to Access the X Server
Creating Labeled Zones by Using CDE Actions (Task Map)
utadm command, default Sun Ray server configuration, How to Limit the Hosts That Can Be Contacted on the Trusted Network

V

VCL.xcu file, How to Lengthen the Timeout When Relabeling Information
verifying
interface is up, How to Verify That a Host's Interfaces Are Up
label_encodings file, Check and Install Your Label Encodings File
roles are working, Verify That the Trusted Extensions Roles Work
syntax of network databases, How to Check the Syntax of Trusted Network Databases
zone status, Verify the Status of the Zone
viewing, See accessing
virtual network computing (vnc), See Xvnc systems running Trusted Extensions

W

well-formed labels, Label Ranges
wildcard address, See fallback mechanism
window manager, Trusted Processes in the Window System
window system, trusted processes, Trusted Processes in the Window System
workspaces
color changes, How to Enter the Global Zone in Trusted Extensions
colors indicating label of, What Labels Protect and Where Labels Appear
global zone, Security Requirements When Administering Trusted Extensions
initial display, Reboot and Log In to Trusted Extensions

X

X audit classes, Trusted Extensions Audit Classes
xatom audit token, xatom Token
xc audit class, Trusted Extensions Audit Classes
xclient audit token, xclient Token
xcolormap audit token, xcolormap Token
xcursor audit token, xcursor Token
xfont audit token, xfont Token
xgc audit token, xgc Token
xp audit class, Trusted Extensions Audit Classes
xpixmap audit token, xpixmap Token
xproperty audit token, xproperty Token
xs audit class, Trusted Extensions Audit Classes
xselect audit token, xselect Token
Xtsolusersession script, Trusted Processes in the Window System
Xvnc systems running Trusted Extensions
remote access to
Methods for Administering Remote Systems in Trusted Extensions
How to Use Xvnc to Remotely Access a Trusted Extensions System
xwindow audit token, xwindow Token
xx audit class, Trusted Extensions Audit Classes

Z

zenity script, Run the txzonemgr Script
ZFS pools, creating for cloning zones, Create ZFS Pool for Cloning Zones
ZFS
adding dataset to labeled zone, How to Share a ZFS Dataset From a Labeled Zone
mounting dataset read-write on labeled zone, How to Share a ZFS Dataset From a Labeled Zone
unsupported but fast zone creation method, Zone Creation in Trusted Extensions
viewing mounted dataset read-only from higher-level zone, How to Share a ZFS Dataset From a Labeled Zone
Zone Console, output, Boot the Labeled Zone
/zone/public/etc/dfs/dfstab file, Access to NFS Mounted Directories in Trusted Extensions
Zone Terminal Console action, Trusted CDE Actions
output
Customize the Labeled Zone
Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
using, Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
zones
action for cloning, Trusted CDE Actions
action for configuring, Trusted CDE Actions
action for copying, Trusted CDE Actions
action for initializing, Trusted CDE Actions
action for installing, Trusted CDE Actions
action for restarting, Trusted CDE Actions
action for sharing logical interface, Trusted CDE Actions
action for sharing physical interface, Trusted CDE Actions
action for shutting down, Trusted CDE Actions
action for starting, Trusted CDE Actions
action for viewing from console, Trusted CDE Actions
adding network interface, Add a Network Interface to Route an Existing Labeled Zone
adding nscd daemon to each labeled zone, Configure a Name Service Cache in Each Labeled Zone
administering from Trusted JDS, Zone Administration Utilities in Trusted Extensions
administering, Managing Zones (Task Map)
associating zone names with labels
Name and Label the Zone
Specify Zone Names and Zone Labels by Using a CDE Action
booting
Boot the Labeled Zone
Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
creating MLP for NFSv3, How to Configure a Multilevel Port for NFSv3 Over udp
creating MLP, How to Create a Multilevel Port for a Zone
creating ZFS pool for cloning, Create ZFS Pool for Cloning Zones
creating, Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
customizing, Customize the Labeled Zone
deciding creation method, Planning for Zones in Trusted Extensions
deleting, How to Remove Trusted Extensions From the System
displaying labels of file systems, How to Display the Labels of Mounted Files
displaying status, How to Display Ready or Running Zones
enabling login to, Enable Users to Log In to a Labeled Zone
global, Zones in Trusted Extensions
halting, Customize the Labeled Zone
in Trusted Extensions, Managing Zones in Trusted Extensions (Tasks)
initializing for LDAP, Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
initializing, Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
installing
Install the Labeled Zone
Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
isolating with default routes, Add a Network Interface That Does Not Use the Global Zone to Route an Existing Labeled Zone
managing, Managing Zones in Trusted Extensions (Tasks)
net_mac_aware privilege, How to NFS Mount Files in a Labeled Zone
removing nscd daemon from labeled zones, Configure a Name Service Cache in Each Labeled Zone
showing zone activity
Boot the Labeled Zone
Customize the Labeled Zone
Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
shutting down, Customize a Booted Zone in Trusted Extensions
specifying a shared IP address, Specify Two IP Addresses for the System by Using a CDE Action
specifying default routes, Add a Network Interface That Does Not Use the Global Zone to Route an Existing Labeled Zone
specifying labels
Name and Label the Zone
Specify Zone Names and Zone Labels by Using a CDE Action
specifying names
Name and Label the Zone
Specify Zone Names and Zone Labels by Using a CDE Action
specifying one IP address for all zones
Configure the Network Interfaces in Trusted Extensions
Specify One IP Address for the System by Using a CDE Action
starting, Install, Initialize, and Boot a Labeled Zone by Using CDE Actions
tool for labeling, Trusted Network Zones Tool
troubleshooting access, Labeled Zone Is Unable to Access the X Server
troubleshooting installation, Install the Labeled Zone
txzonemgr script, Labeled Zone Is Unable to Access the X Server
/usr/sbin/txzonemgr script
Run the txzonemgr Script
Creating Labeled Zones by Using CDE Actions (Task Map)
verifying status, Verify the Status of the Zone
Previous