| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Configuration and Administration Oracle Solaris 11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Configuration and Administration Oracle Solaris 11 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
Setting Up the Global Zone in Trusted Extensions
How to Check and Install Your Label Encodings File
How to Enable IPv6 Networking in Trusted Extensions
How to Configure the Domain of Interpretation
How to Create a Default Trusted Extensions System
How to Create Labeled Zones Interactively
How to Assign Labels to Two Zone Workspaces
Configuring the Network Interfaces in Trusted Extensions
How to Share a Single IP Address With All Zones
How to Add an IP Instance to a Labeled Zone
How to Add a Virtual Network Interface to a Labeled Zone
How to Connect a Trusted Extensions System to Other Trusted Extensions Systems
How to Configure a Separate Name Service for Each Labeled Zone
Creating Roles and Users in Trusted Extensions
How to Create the Security Administrator Role in Trusted Extensions
How to Create a System Administrator Role
How to Create Users Who Can Assume Roles in Trusted Extensions
How to Verify That the Trusted Extensions Roles Work
How to Enable Users to Log In to a Labeled Zone
Creating Centralized Home Directories in Trusted Extensions
How to Create the Home Directory Server in Trusted Extensions
Troubleshooting Your Trusted Extensions Configuration
How to Move Desktop Panels to the Bottom of the Screen
Additional Trusted Extensions Configuration Tasks
How to Copy Files to Portable Media in Trusted Extensions
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions (Tasks)
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions (Tasks)
14. Managing and Mounting Files in Trusted Extensions (Tasks)
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions (Reference)
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
The following two tasks enable you to transfer exact copies of configuration files to every Trusted Extensions system at your site. The final task enables you to remove Trusted Extensions customizations from an Oracle Solaris system.
When copying to portable media, label the media with the sensitivity label of the information.
Note - During Trusted Extensions configuration, the root role might use portable media to transfer the label_encodings files to all systems. Label the media with Trusted Path.
Before You Begin
To copy administrative files, you must be in the root role in the global zone.
Use the Device Manager, and insert clean media. For details, see How to Allocate a Device in Trusted Extensions in Trusted Extensions User’s Guide.
The File Browser displays the contents of the clean media.
For details, see How to Deallocate a Device in Trusted Extensions in Trusted Extensions User’s Guide.
Note - Remember to physically affix a label to the media with the sensitivity label of the copied files.
Example 4-6 Keeping Configuration Files Identical on All Systems
The system administrator wants to ensure that every system is configured with the same settings. So, on the first system that is configured, the administrator creates a directory that cannot be deleted between reboots. In that directory, the administrator places the files that must be identical or very similar on all systems.
For example, the administrator modifies the policy.conf file, and the default login and passwd files for this site. So, the administrator copies the following files to the permanent directory.
# mkdir /export/commonfiles # cp /etc/security/policy.conf \ # cp /etc/default/login \ # cp /etc/default/passwd \ # cp /etc/security/tsol/label_encodings \ /export/commonfiles
The administrator uses the Device Manager to allocate a CD-ROM in the global zone, transfers the files to the CD, and affixes a Trusted Path label.
It is safe practice to rename the original Trusted Extensions file before replacing the file. When configuring a system, the root role renames and copies administrative files.
Before You Begin
To copy administrative files, you must be in the root role in the global zone.
For details, see How to Allocate a Device in Trusted Extensions in Trusted Extensions User’s Guide.
The File Browser displays the contents.
For example, add .orig to the end of the original file:
# cp /etc/security/tsol/label_encodings /etc/security/tsol/label_encodings.orig
For details, see How to Deallocate a Device in Trusted Extensions in Trusted Extensions User’s Guide.
You must perform specific steps to remove the Trusted Extensions feature from an Oracle Solaris system.
Before You Begin
You are in the root role in the global zone.
For portable media, affix a physical sticker with the sensitivity label of the zone to each archived zone.
For details, see How to Remove a Non-Global Zone in Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management.
# svcadm disable labeld
# svcadm disable allocate
Various services might need to be configured for your Oracle Solaris system. Possibilities include basic networking, naming services, and file system mounts.
|