Solaris Trusted Extensions Administrator's Procedures
Previous Next

Document Information

Preface

Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

7.  Trusted Extensions Administration Concepts

8.  Trusted Extensions Administration Tools

9.  Getting Started as a Trusted Extensions Administrator (Tasks)

10.  Security Requirements on a Trusted Extensions System (Overview)

11.  Administering Security Requirements in Trusted Extensions (Tasks)

12.  Users, Rights, and Roles in Trusted Extensions (Overview)

13.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

14.  Remote Administration in Trusted Extensions (Tasks)

Secure Remote Administration in Trusted Extensions

Methods for Administering Remote Systems in Trusted Extensions

Remote Login by a Role in Trusted Extensions

Administering Trusted Extensions Remotely (Task Map)

15.  Trusted Extensions and LDAP (Overview)

16.  Managing Zones in Trusted Extensions (Tasks)

17.  Managing and Mounting Files in Trusted Extensions (Tasks)

18.  Trusted Networking (Overview)

19.  Managing Networks in Trusted Extensions (Tasks)

20.  Multilevel Mail in Trusted Extensions (Overview)

21.  Managing Labeled Printing (Tasks)

22.  Devices in Trusted Extensions (Overview)

23.  Managing Devices for Trusted Extensions (Tasks)

24.  Trusted Extensions Auditing (Overview)

25.  Software Management in Trusted Extensions (Tasks)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Using CDE Actions to Install Zones in Trusted Extensions

Associating Network Interfaces With Zones by Using CDE Actions (Task Map)

Preparing to Create Zones by Using CDE Actions (Task Map)

Creating Labeled Zones by Using CDE Actions (Task Map)

C.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

D.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

E.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Solaris Man Pages That Are Modified by Trusted Extensions

Glossary

Index

Remote Login by a Role in Trusted Extensions

As in the Solaris OS, a setting in the /etc/default/login file on each host must be changed to allow remote logins. Additionally, the pam.conf file might need to be modified. In Trusted Extensions, the security administrator is responsible for the change. For the procedures, see Enable Remote Login by root User in Trusted Extensions and Enable Remote Login by a Role in Trusted Extensions.

On both Trusted Extensions and Solaris hosts, remote logins might or might not require authorization. Remote Login Management in Trusted Extensions describes the conditions and types of logins that require authorization. By default, roles have the Remote Login authorization.

Remote Role-Based Administration From Unlabeled Hosts

In Trusted Extensions, users assume roles through the Trusted Path menu. The roles then operate in trusted workspaces. By default, roles cannot be assumed outside of the trusted path. If site policy permits, the security administrator can change the default policy. Administrators of unlabeled hosts that are running Solaris Management Console 2.1 client software can then administer trusted hosts.

This policy change only applies when the user on the remote unlabeled system has a user account on the Trusted Extensions host. The Trusted Extensions user must have the ability to assume an administrative role. The role can then use the Solaris Management Console to administer the remote system.

Caution - If remote administration from a non-Trusted Extensions host is enabled, the administrative environment is less protected than a Trusted Extensions administrative workspace. Be cautious when typing passwords and other secure data. As a precaution, shut down all untrusted applications before starting the Solaris Management Console.

Remote Login Management in Trusted Extensions

A remote login between two Trusted Extensions hosts is considered to be an extension of the current login session.

An authorization is not required when the rlogin command does not prompt for a password. If an /etc/hosts.equiv file or a .rhosts file in the user's home directory on the remote host lists either the username or the host from which the remote login is being attempted, no password is required. For more information, see the rhosts(4) and rlogin(1) man pages.

For all other remote logins, including logins with the ftp command, the Remote Login authorization is required.

To create a rights profile that includes the Remote Login authorization, see Managing Users and Rights With the Solaris Management Console (Task Map).
Previous Next