Go to main content
Index
A
- access See
computer access- remote systems
Remote Administration in Trusted Extensions
- access policy
- devices
Device Access Policies
- Discretionary Access Control (DAC)
Differences Between Trusted Extensions and the Oracle Solaris OS
Trusted Extensions and the Oracle Solaris OS
- Mandatory Access Control (MAC)
Differences Between Trusted Extensions and the Oracle Solaris OS
- accessing
- administrative tools
Getting Started as a Trusted Extensions Administrator on a Desktop System
- audit records by label
Audit Tasks in Trusted Extensions
- devices
Device Protection With Trusted Extensions Software
- global zone
How to Enter the Global Zone in Trusted Extensions
- home directories
Zones in Trusted Extensions
- labeled zones by users
How to Enable Users to Log In to a Labeled
Zone
- printers
Labels, Printers, and Printing
- remote multilevel desktop
How to Configure a Trusted Extensions System With Xvnc for Remote Access
- ZFS dataset mounted in lower-level zone from higher-level zone
Sharing and Mounting a ZFS Dataset From Labeled Zones
- account locking
- preventing for users who can assume roles
How to Prevent Account Locking
for Users
- accounts
- See Also
roles - See Also
users
- creating
Creating Roles and Users in Trusted Extensions
- planning
Planning User Security in Trusted Extensions
- accreditation checks
Trusted Extensions Accreditation Checks
- accreditation ranges
- label_encodings file
Label Encodings File
- adding
- IPsec protections
How to Apply IPsec Protections in
a Multilevel Trusted Extensions Network
- LDAP role with roleadd
Creating the Security Administrator Role in LDAP
- local role with roleadd
How to Create the Security Administrator
Role in Trusted Extensions
- local user with useradd
Using the useradd Command to Create a Local User
- logical interfaces
How to Add an IP Instance to a Labeled Zone
- multilevel dataset
How to Create and Share a Multilevel Dataset
- network databases to LDAP server
Populate the Oracle Directory Server Enterprise Edition
- nscd daemon to every labeled zone
How to Configure a Separate Name Service for
Each Labeled Zone
- remote host templates
Creating Security Templates
- remote hosts
How to Connect a Trusted Extensions System to Other Trusted Extensions Systems
- roles
Creating Roles and Users in Trusted Extensions
- secondary zones
How to Create a Secondary Labeled Zone
- shared network interfaces
How to Share a Single IP Address With All Zones
- Trusted Extensions packages
Add Trusted Extensions Packages to an Oracle Solaris System
- users who can assume roles
How to Create Users Who Can Assume Roles in Trusted Extensions
- VNIC interfaces
How to Add a Virtual Network Interface to a
Labeled Zone
- zone-specific nscd daemon
How to Configure a Separate Name Service for
Each Labeled Zone
- Additional Trusted Extensions Configuration Tasks
Additional Trusted Extensions Configuration Tasks
- ADMIN_HIGH label
- body page labels and
How to Configure a Zone as a Single-Level
Print Server
- devices and
Device Protection With Trusted Extensions Software
- global zone processes and zones
Global Zone Processes and Labeled
Zones
- mlslabel and
mlslabel Property
and Mounting Single-Level File Systems
- multilevel datasets and
No Privilege Overrides for MAC Read-Write
Policy
- NFS-mounted files in global zone
Trusted Extensions Policy for Single-Level
Datasets
- no localization
For International Customers of Trusted Extensions
- role clearance
How to Create a System Administrator
Role
- roles and
Role Creation in Trusted Extensions
- top administrative label
Administrative Labels
- ADMIN_LOW label
- limitations on unlabeled system mounts
Sharing and Mounting Files
in the Global Zone
- lowest label
Administrative Labels
- mounting files and
Sharing and Mounting Files
in the Global Zone
- protecting administrative files
Password Protection
- administering
- account locking
How to Prevent Account Locking
for Users
- assigning device authorizations
How to Assign Device Authorizations
- auditing in Trusted Extensions
Audit Management by Role in Trusted Extensions
- changing label of information
How to Enable a User to Change the Security
Level of Data
- convenient authorizations for users
How to Create a Rights Profile for Convenient Authorizations
- device allocation
How to Assign Device Authorizations
- device authorizations
How to Create New Device Authorizations
- devices
Managing Devices in Trusted Extensions
Managing Devices for Trusted Extensions
- file systems
- mounting
How to NFS Mount Files in a Labeled Zone
- overview
Trusted Extensions Policies for Mounted File
Systems
- troubleshooting
How to Troubleshoot Mount Failures in Trusted Extensions
- files
- backing up with labels
How to Back Up Files in Trusted Extensions
- restoring with labels
How to Restore Files in Trusted Extensions
- from the global zone
How to Enter the Global Zone in Trusted Extensions
- labeled IPsec
Configuring Labeled IPsec
- labeled printing
Managing Labeled Printing
- LDAP
About Trusted Extensions and LDAP
- mail
About Multilevel Mail in Trusted Extensions
- multilevel datasets
Results of Sharing and Mounting File Systems in Trusted Extensions
- multilevel ports
Displaying Multilevel Ports on a System
- printing
Managing Printing in Trusted Extensions
- quick reference for administrators
Quick Reference to Trusted Extensions Administration
- remote host templates
Creating Security Templates
- remotely
Remote Administration in Trusted Extensions
- routes with security attributes
How to Add Default Routes
- security templates
How to Add a Range of Hosts to a Security
Template
How to Add a Host to a Security Template
- sharing file systems
How to Share File Systems From a Labeled Zone
- startup files for users
How to Configure Startup Files for Users
in Trusted Extensions
- system files
How to Change Security Defaults in System
Files
- third-party software
Software Management in Trusted Extensions
- trusted network
Managing Networks in Trusted Extensions
- unlabeled printing
Reducing Printing Restrictions in Trusted Extensions
- user privileges
How to Restrict a User's Set of
Privileges
- users
Managing Users and Rights
Managing Users, Rights,
and Roles in Trusted Extensions
Decisions to Make Before Creating
Users in Trusted Extensions
- zones
Managing Zones
- zones by using txzonemgr
Zone Administration Utilities in Trusted Extensions
- administrative labels
Administrative Labels
- administrative roles See
roles
- administrative tools
- accessing
Getting Started as a Trusted Extensions Administrator on a Desktop System
- commands
Command Line Tools in Trusted Extensions
- configuration files
Configuration Files in Trusted Extensions
- description
Trusted Extensions Administration Tools
- Device Manager
Device Manager
- label builder
Label Builder in Trusted Extensions
- Labeled Zone Manager
txzonemgr Script
- Selection Manager
Selection Manager in Trusted Extensions
- txzonemgr script
txzonemgr Script
- Allocate Device authorization
How to Assign Device Authorizations
Device Protection With Trusted Extensions Software
How to Create a Rights Profile for Convenient Authorizations
- allocate error state
- correcting
How to Revoke or Reclaim a Device in Trusted Extensions
- allocating
- using Device Manager
Device Manager GUI
- allocating devices
- for copying data
How to Copy Files to Portable Media in Trusted Extensions
- application security label
Labels for IPsec-Protected Exchanges
- applications
- enabling initial network contact between client and server
Making the Host Address 0.0.0.0/32 a Valid Initial Address
- evaluating for security
Security Administrator Responsibilities for
Trusted Programs
- trusted and trustworthy
Evaluating Software for Security
- ARMOR roles
Creating Roles and Users in Trusted Extensions Task Map
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- assigning
- privileges to users
Security Attribute Assignment to Users
in Trusted Extensions
- rights profiles
Security Attribute Assignment to Users
in Trusted Extensions
- Assume Role menu item
How to Enter the Global Zone in Trusted Extensions
- assuming
- roles
How to Enter the Global Zone in Trusted Extensions
- atohexlabel command
How to Obtain the Hexadecimal Equivalent
for a Label
- audio devices
- preventing remote allocation
Preventing Remote Allocation of the Audio Device
- Audit Review profile
- reviewing audit records
Audit Tasks in Trusted Extensions
- audit tokens for Trusted Extensions
- label token
label Token
- list of
Trusted Extensions Audit Tokens
- xatom token
xatom Token
- xcolormap token
xcolormap Token
- xcursor token
xcursor Token
- xfont token
xfont Token
- xgc token
xgc Token
- xpixmap token
xpixmap Token
- xproperty token
xproperty Token
- xselect token
xselect Token
- xwindow token
xwindow Token
- auditing in Trusted Extensions
- additional audit events
Trusted Extensions Audit Events
- additional audit policies
Trusted Extensions Audit Policy Options
- additional audit tokens
Trusted Extensions Audit Tokens
- additions to existing auditing commands
Extensions to Auditing Commands in Trusted Extensions
- differences from Oracle Solaris auditing
Auditing in Trusted Extensions
- planning
Planning for Auditing in Trusted Extensions
- reference
Trusted Extensions and Auditing
- roles for administering
Audit Management by Role in Trusted Extensions
- tasks
Audit Tasks in Trusted Extensions
- X audit classes
Trusted Extensions Audit Classes
- authorizations
- adding new device authorizations
How to Create New Device Authorizations
- Allocate Device
How to Assign Device Authorizations
Device Protection With Trusted Extensions Software
- assigning
Security Attribute Assignment to Users
in Trusted Extensions
- assigning device authorizations
How to Assign Device Authorizations
- authorizing a user or role to change label
How to Enable a User to Change the Security
Level of Data
- Configure Device Attributes
How to Assign Device Authorizations
- convenient for users
How to Create a Rights Profile for Convenient Authorizations
- creating customized device authorizations
Creating Fine-Grained Device Authorizations
- creating local and remote device authorizations
Creating and Assigning Trusted Path and Non-Trusted Path Device Authorizations
- customizing for devices
How to Add Site-Specific Authorizations to
a Device in Trusted Extensions
- granted
Trusted Extensions and Access Control
- profiles that include device allocation authorizations
How to Assign Device Authorizations
- Revoke or Reclaim Device
How to Assign Device Authorizations
How to Assign Device Authorizations
- authorizing
- device allocation
How to Assign Device Authorizations
- unlabeled printing
Reducing Printing Restrictions in Trusted Extensions
B
- backing up
- previous system before installation
Backing Up the System Before Enabling Trusted Extensions
- banner pages
- description of labeled
Labeled Banner and Trailer Pages
- difference from trailer page
Differences on a Trailer Page
- removing labels
How to Enable Specific Users and Roles to
Bypass Labeling Printed Output
- typical
Typical Banner Page of a Labeled Print
Job
- body pages
- ADMIN_HIGH label on
How to Configure a Zone as a Single-Level
Print Server
- description of labeled
Labeled Body Pages
- unlabeled
How to Enable Specific Users and Roles to
Bypass Labeling Printed Output
C
- .copy_files file
- description
.copy_files and .link_files Files
- setting up for users
Customizing Startup Files for Users
How to Configure Startup Files for Users
in Trusted Extensions
- CD-ROM drives
- accessing
Device Protection With Trusted Extensions Software
- Change Password menu item
- description
Unique Trusted Extensions Security Features
- using to change root password
How to Change the Password for root on a Desktop System
- Change Workspace Label menu item
- description
Unique Trusted Extensions Security Features
- changing
- IDLETIME keyword
Changing the System's Idle Settings
- labels by authorized users
How to Enable a User to Change the Security
Level of Data
- rules for label changes
sel_config File
- security level of data
How to Enable a User to Change the Security
Level of Data
- system security defaults
How to Change Security Defaults in System
Files
- user privileges
How to Restrict a User's Set of
Privileges
- checking
- label_encodings file
How to Check and Install Your Label Encodings
File
- roles are working
How to Verify That the Trusted Extensions Roles
Work
- checklists for initial setup team
Checklist for Configuring Trusted Extensions
- chk_encodings command
Checking label_encodings Syntax on the Command
Line
- choosing See
selecting
- classification label component
Dominance Relationships Between Labels
- clearances
- label overview
Labels in Trusted Extensions Software
- collecting information
- for LDAP service
Collect Information for the LDAP Server
- colors
- indicating label of workspace
What Labels Protect and Where Labels Appear
- commands
- executing with privilege
How to Enter the Global Zone in Trusted Extensions
- troubleshooting networking
How to Debug the Trusted Extensions Network
- commercial applications
- evaluating
Security Administrator Responsibilities for
Trusted Programs
- Common Tasks in Trusted Extensions (Task Map)
Performing Common Tasks in Trusted Extensions
- compartment label component
Dominance Relationships Between Labels
- component definitions
- label_encodings file
Label Encodings File
- computer access
- administrator responsibilities
Information Protection
- restricting
Effects of Label Range on a Device
- configuration files
- copying
How to Copy Files to Portable Media in Trusted Extensions
- loading
How to Copy Files From Portable Media
in Trusted Extensions
- Configure Device Attributes authorization
How to Assign Device Authorizations
- configuring
- access to remote Trusted Extensions
Remote Administration in Trusted Extensions
- authorizations for devices
How to Create New Device Authorizations
- by assuming a limited role or as root
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- devices
How to Configure a Device by Using the Device Manager in Trusted Extensions
- labeled printing
Configuring Labeled Printing
- LDAP for Trusted Extensions
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- LDAP proxy server for Trusted Extensions clients
Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition
- logical interfaces
How to Add an IP Instance to a Labeled Zone
- network interfaces
How to Connect a Trusted Extensions System to Other Trusted Extensions Systems
How to Share a Single IP Address With All Zones
- routes with security attributes
How to Add Default Routes
- startup files for users
How to Configure Startup Files for Users
in Trusted Extensions
- Trusted Extensions
Configuring Trusted Extensions
- Trusted Extensions labeled zones
Creating Labeled Zones
- trusted network
Managing Networks in Trusted Extensions
- VNICs
How to Add a Virtual Network Interface to a
Labeled Zone
- Configuring an LDAP Proxy Server on a Trusted Extensions System (Task Map)
Configuring an LDAP Proxy Server on a Trusted Extensions System
- Configuring Labeled IPsec (Task Map)
Configuring Labeled IPsec
- Configuring Labeled Printing (Task Map)
Configuring Labeled Printing
- Configuring LDAP on a Trusted Extensions Network (Task Map)
Configuring LDAP on a Trusted Extensions Network
- configuring Trusted Extensions
- checklist for initial setup team
Checklist for Configuring Trusted Extensions
- initial procedures
Configuring Trusted Extensions
- kernel zones
Creating Labeled Zones
- labeled zones
Creating Labeled Zones
- remote access
Remote Administration in Trusted Extensions
- task maps
Configuration Roadmap for Trusted Extensions
- controlling See
restricting
- creating
- accounts
Creating Roles and Users in Trusted Extensions
- accounts during or after configuration
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- authorizations for devices
How to Create New Device Authorizations
- home directories
Home Directory Creation in Trusted Extensions
Creating Centralized Home Directories
in Trusted Extensions
- home directory server
How to Create the Home Directory Server
in Trusted Extensions
- kernel zones
Creating Labeled Zones
- labeled zones
Creating Labeled Zones
- LDAP client
Make the Global Zone an LDAP Client in Trusted Extensions
- LDAP proxy server for Trusted Extensions clients
Create an LDAP Proxy Server
- LDAP role with roleadd
Creating the Security Administrator Role in LDAP
- local role with roleadd
How to Create the Security Administrator
Role in Trusted Extensions
- local user with useradd
Using the useradd Command to Create a Local User
- roles
Creating Roles and Users in Trusted Extensions
- users who can assume roles
How to Create Users Who Can Assume Roles in Trusted Extensions
- zones
Creating Labeled Zones
- Creating Labeled Zones
Creating Labeled Zones
- customizing
- device authorizations
How to Add Site-Specific Authorizations to
a Device in Trusted Extensions
- label_encodings file
Label Encodings File
- unlabeled printing
Reducing Printing Restrictions in Trusted Extensions
- user accounts
Customizing the User Environment for Security
- Customizing Device Authorizations in Trusted Extensions (Task Map)
Customizing Device Authorizations in Trusted Extensions
- Customizing User Environment for Security (Task Map)
Customizing the User Environment for Security
- cut and paste
- and labels
Rules When Changing the Level of Security
for Data
- cutting and pasting
- configuring rules for label changes
sel_config File
D
- /dev/kmem kernel image file
- security violation
Evaluating Software for Security
- DAC See
discretionary access control (DAC)
- data
- relabeling efficiently
How to Create and Share a Multilevel Dataset
- databases
- in LDAP
Using the LDAP Naming Service in Trusted Extensions
- trusted network
Network Configuration Databases in Trusted Extensions
- datasets See
ZFS
- deallocating
- forcing
How to Revoke or Reclaim a Device in Trusted Extensions
- deallocating devices
How to Copy Files From Portable Media
in Trusted Extensions
- debugging See
troubleshooting
- deciding
- to configure by assuming a limited role or as root
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- to use an Oracle-supplied encodings file
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- decisions to make
- based on site security policy
Site Security Policy and Trusted Extensions
- before enabling Trusted Extensions
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- deleting
- labeled zones
How to Remove Trusted Extensions From the System
- desktops
- accessing multilevel remotely
How to Configure a Trusted Extensions System With Xvnc for Remote Access
- logging in to a failsafe session
How to Log In to a Failsafe Session
in Trusted Extensions
- moving panels to bottom of screen
How to Move Desktop Panels to the Bottom
of the Screen
- using Vino to share
Using Vino to Share a Desktop in a Test Environment
- workspace color changes
How to Enter the Global Zone in Trusted Extensions
- developer responsibilities
Developer Responsibilities When Creating Trusted
Programs
- device allocation
- authorizing
How to Assign Device Authorizations
- overview
Device Protection With Trusted Extensions Software
- profiles that include allocation authorizations
How to Assign Device Authorizations
- Device Manager
- administrative tool
Trusted Extensions Administrative
Tools
- description
Device Manager GUI
- use by administrators
How to Configure a Device by Using the Device Manager in Trusted Extensions
- device-clean scripts
- adding to devices
How to Add a Device_Clean Script in Trusted Extensions
- requirements
Device-Clean Scripts
- devices
- access policy
Device Access Policies
- accessing
Device Manager GUI
- adding customized authorizations
How to Add Site-Specific Authorizations to
a Device in Trusted Extensions
- adding device_clean script
How to Add a Device_Clean Script in Trusted Extensions
- administering
Managing Devices for Trusted Extensions
- administering with Device Manager
How to Configure a Device by Using the Device Manager in Trusted Extensions
- allocating
Device Protection With Trusted Extensions Software
- configuring devices
How to Configure a Device by Using the Device Manager in Trusted Extensions
- creating new authorizations
How to Create New Device Authorizations
- in Trusted Extensions
About Devices in Trusted Extensions
- policy defaults
Device Access Policies
- preventing remote allocation of audio
Preventing Remote Allocation of the Audio Device
- protecting
Device Manager
- protecting nonallocatable
How to Protect Nonallocatable Devices in Trusted Extensions
- reclaiming
How to Revoke or Reclaim a Device in Trusted Extensions
- setting label range for nonallocatable
Effects of Label Range on a Device
- setting policy
Device Access Policies
- troubleshooting
How to Revoke or Reclaim a Device in Trusted Extensions
- using
Using Devices in Trusted Extensions Task Map
- differences
- administrative interfaces in Trusted Extensions
Administrative Interfaces in Trusted Extensions
- between Trusted Extensions and Oracle Solaris auditing
Auditing in Trusted Extensions
- between Trusted Extensions and Oracle Solaris OS
Differences Between Trusted Extensions and the Oracle Solaris OS
- defaults in Trusted Extensions
Tighter Security Defaults in Trusted Extensions
- extending Oracle Solaris interfaces
Oracle Solaris Interfaces Extended by Trusted Extensions
- limited options in Trusted Extensions
Limited Options in Trusted Extensions
- directories
- accessing lower-level
Zones in Trusted Extensions
- authorizing a user or role to change label of
How to Enable a User to Change the Security
Level of Data
- for naming service setup
Populate the Oracle Directory Server Enterprise Edition
- mounting
How to Share File Systems From a Labeled Zone
- sharing
How to Share File Systems From a Labeled Zone
- disabling
- Trusted Extensions
How to Remove Trusted Extensions From the System
- discretionary access control (DAC)
Trusted Extensions and Access Control
- displaying
- labels of file systems in labeled zone
Displaying the Labels of File Systems in the restricted Zone
- status of every zone
How to Display Ready or Running Zones
- DOI
- remote host templates
Network Security Attributes in Trusted Extensions
- domain of interpretation (DOI)
- modifying
How to Configure a Different Domain of Interpretation
- dominance of labels
Dominance Relationships Between Labels
- Downgrade DragNDrop or CutPaste Info authorization
How to Create a Rights Profile for Convenient Authorizations
- Downgrade File Label authorization
How to Create a Rights Profile for Convenient Authorizations
- downgrading labels
- configuring rules for selection confirmer
sel_config File
- dpadm service
Install the Oracle Directory Server Enterprise Edition
- DragNDrop or CutPaste without viewing contents authorization
How to Create a Rights Profile for Convenient Authorizations
- dsadm service
Install the Oracle Directory Server Enterprise Edition
E
- /etc/default/kbd file
- how to edit
How to Change Security Defaults in System
Files
- /etc/default/login file
- how to edit
How to Change Security Defaults in System
Files
- /etc/default/passwd file
- how to edit
How to Change Security Defaults in System
Files
- /etc/hosts file
How to Add Hosts to the System's
Known Network
- /etc/security/policy.conf file
- defaults
policy.conf File
Defaults in Trusted Extensions
- how to edit
How to Change Security Defaults in System
Files
- modifying
How to Modify policy.conf Defaults
- /etc/security/tsol/label_encodings file
Label Encodings File
- /etc/system file
- modifying for IPv6 CIPSO network
How to Configure an IPv6 CIPSO Network in Trusted Extensions
- editing system files
How to Change Security Defaults in System
Files
- enabling
- DOI different from 1
How to Configure a Different Domain of Interpretation
- dpadm service
Install the Oracle Directory Server Enterprise Edition
- dsadm service
Install the Oracle Directory Server Enterprise Edition
- IPv6 CIPSO network
How to Configure an IPv6 CIPSO Network in Trusted Extensions
- keyboard shutdown
How to Change Security Defaults in System
Files
- labeld service
Installing and Enabling Trusted Extensions
- login to labeled zone
How to Enable Users to Log In to a Labeled
Zone
- Trusted Extensions feature
Installing and Enabling Trusted Extensions
- enabling Trusted Extensions
- /usr/sbin/labeladm
Trusted Extensions Administrative
Tools
- encodings file See
label_encodings file
- evaluating programs for security
Evaluating Software for Security
- exporting See
sharing
F
- failsafe session
- logging in
How to Log In to a Failsafe Session
in Trusted Extensions
- fallback mechanism
- in security templates
Trusted Network Fallback Mechanism
- file systems
- mounting in global and labeled zones
Results of Sharing and Mounting File Systems in Trusted Extensions
- NFS mounts
Results of Sharing and Mounting File Systems in Trusted Extensions
- sharing
Trusted Extensions Policies for Mounted File
Systems
- sharing in global and labeled zones
Results of Sharing and Mounting File Systems in Trusted Extensions
- files
- .copy_files
How to Configure Startup Files for Users
in Trusted Extensions
.copy_files and .link_files Files
- .link_files
How to Configure Startup Files for Users
in Trusted Extensions
.copy_files and .link_files Files
- /etc/default/kbd
How to Change Security Defaults in System
Files
- /etc/default/login
How to Change Security Defaults in System
Files
- /etc/default/passwd
How to Change Security Defaults in System
Files
- /etc/security/policy.conf
How to Modify policy.conf Defaults
policy.conf File
Defaults in Trusted Extensions
- /etc/security/tsol/label_encodings file
Label Encodings File
- /usr/bin/tsoljdsselmgr
Rules When Changing the Level of Security
for Data
- /usr/lib/cups/filter/tsol_separator.ps
Labeled Printer Output
- /usr/sbin/txzonemgr
Zone Administration Utilities in Trusted Extensions
Trusted Extensions Administrative
Tools
- /usr/share/gnome/sel_config
sel_config File
- accessing from dominating labels
How to Display the Labels of Mounted
Files
- authorizing a user or role to change label of
How to Enable a User to Change the Security
Level of Data
- backing up with labels
How to Back Up Files in Trusted Extensions
- copying from removable media
How to Copy Files From Portable Media
in Trusted Extensions
- getmounts
How to Display the Labels of Mounted
Files
- loopback mounting
How to Loopback Mount a File That
Is Usually Not Visible in a Labeled Zone
- policy.conf
How to Change Security Defaults in System
Files
- preventing access from dominating labels
How to Disable the Mounting of Lower-Level
Files
- relabeling privileges
How to Enable Files to Be Relabeled From a
Labeled Zone
- restoring with labels
How to Restore Files in Trusted Extensions
- startup
How to Configure Startup Files for Users
in Trusted Extensions
- files and file systems
- mounting
How to Share File Systems From a Labeled Zone
- naming
How to Share File Systems From a Labeled Zone
- sharing
How to Share File Systems From a Labeled Zone
- finding
- label equivalent in hexadecimal
How to Obtain the Hexadecimal Equivalent
for a Label
- label equivalent in text format
How to Obtain a Readable Label
From Its Hexadecimal Form
G
- gateways
- accreditation checks
Gateway Accreditation Checks
- example of
Gateways in Trusted Extensions
- gdm
- accessing multilevel remotely
How to Configure a Trusted Extensions System With Xvnc for Remote Access
- getmounts script
How to Display the Labels of Mounted
Files
- Getting Started as a Trusted Extensions Administrator (Task Map)
Getting Started as a Trusted Extensions Administrator on a Desktop System
- global zone
- difference from labeled zones
Zones in Trusted Extensions
- entering
How to Enter the Global Zone in Trusted Extensions
- exiting
How to Exit the Global Zone in Trusted Extensions
- groups
- deletion precautions
Group Administration Practices
- security requirements
Group Administration Practices
H
- Handling Devices in Trusted Extensions (Task Map)
Handling Devices in Trusted Extensions
- hardware planning
Planning System Hardware and Capacity for Trusted Extensions
- hextoalabel command
How to Obtain a Readable Label
From Its Hexadecimal Form
- home directories
- accessing
Zones in Trusted Extensions
- creating
Home Directory Creation in Trusted Extensions
Creating Centralized Home Directories
in Trusted Extensions
- creating server for
How to Create the Home Directory Server
in Trusted Extensions
- logging in and getting
How to Enable Users to Access Their
Remote Home Directories by Configuring the Automounter on Each Server
How to Enable Users to Access Their
Remote Home Directories at Every Label by Logging In to Each NFS Server
- host types
- networking
Host Type and Template Name in Security Templates
Trusted Extensions Data Packets
- remote host templates
Network Security Attributes in Trusted Extensions
- table of templates and protocols
Host Type and Template Name in Security Templates
- hosts
- adding to /etc/hosts file
How to Add Hosts to the System's
Known Network
- adding to security template
How to Add a Range of Hosts to a Security
Template
How to Add a Host to a Security Template
- assigning a template
Adding Hosts to Security Templates
- networking concepts
Trusted Network Communications
- hot key
- regaining control of desktop focus
How to Regain Control of the Desktop's
Current Focus
I
- IDLECMD keyword
- changing default
Changing the System's Idle Settings
- IDLETIME keyword
- changing default
Changing the System's Idle Settings
- IKE
- labels in tunnel mode
Labels and Accreditation in Tunnel Mode IPsec
- immutable zones
- Trusted Extensions and
Creating Labeled Zones
- importing
- software
Adding Software to Trusted Extensions
- initial setup team
- checklist for configuring Trusted Extensions
Checklist for Configuring Trusted Extensions
- inner label
Labels for IPsec-Protected Exchanges
- installing
- label_encodings file
How to Check and Install Your Label Encodings
File
Enable Trusted Extensions
- Oracle Directory Server Enterprise Edition
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- Oracle Solaris OS for Trusted Extensions
Adding the Trusted Extensions Feature to Oracle Solaris
- interfaces
- adding to security template
How to Add a Range of Hosts to a Security
Template
How to Add a Host to a Security Template
- verifying they are up
How to Verify That a System's Interfaces
Are Up
- internationalizing See
localizing
- IP addresses
- 0.0.0.0 host address
Trusted Extensions Host Address and Fallback Mechanism Entries
- fallback mechanism in trusted networking
Trusted Network Fallback Mechanism
- ipadm command
Network Commands in Trusted Extensions
- IPsec
- label extensions
Label Extensions for IPsec Security Associations
- labels in tunnel mode
Labels and Accreditation in Tunnel Mode IPsec
- labels on trusted exchanges
Labels for IPsec-Protected Exchanges
- protections with label extensions
Confidentiality and Integrity Protections With
Label Extensions
- with Trusted Extensions labels
Administration of Labeled IPsec
- ipseckey command
Network Commands in Trusted Extensions
- IPv6
- entry in /etc/system file
How to Configure an IPv6 CIPSO Network in Trusted Extensions
- troubleshooting
How to Configure an IPv6 CIPSO Network in Trusted Extensions
K
- kernel zones
- Trusted Extensions and
Creating Labeled Zones
- key combinations
- testing if grab is trusted
How to Regain Control of the Desktop's
Current Focus
- keyboard shutdown
- enabling
How to Change Security Defaults in System
Files
- kmem kernel image file
Evaluating Software for Security
L
- .link_files file
- description
.copy_files and .link_files Files
- setting up for users
How to Configure Startup Files for Users
in Trusted Extensions
- label extensions
- IKE negotiations
Label Extensions for IKE
- IPsec SAs
Label Extensions for IPsec Security Associations
- label ranges
- restricting remote access
Remote Administration in Trusted Extensions
- setting on frame buffers
Effects of Label Range on a Device
- setting on printers
Effects of Label Range on a Device
- label audit token
label Token
- label_encodings file
- checking
How to Check and Install Your Label Encodings
File
- contents
Label Encodings File
- installing
How to Check and Install Your Label Encodings
File
Enable Trusted Extensions
- localizing
For International Customers of Trusted Extensions
- modifying
How to Check and Install Your Label Encodings
File
Enable Trusted Extensions
- reference for labeled printing
Labeled Printer Output
- source of accreditation ranges
Label Encodings File
- labeladm command
Installing and Enabling Trusted Extensions- enabling Trusted Extensions
Installing and Enabling Trusted Extensions
- installing encodings file
Enable Trusted Extensions
Enable Trusted Extensions
- removing Trusted Extensions
How to Remove Trusted Extensions From the System
- labeld service
- disabling
How to Remove Trusted Extensions From the System
- enabling
Installing and Enabling Trusted Extensions
- labeled IPsec See
IPsec
- labeled multicast packets
Trusted Extensions Multicast Packets
- labeled printing
- banner pages
Labeled Banner and Trailer Pages
- body pages
Labeled Body Pages
- removing label
How to Create a Rights Profile for Convenient Authorizations
- without banner page
How to Create a Rights Profile for Convenient Authorizations
- Labeled Zone Manager See
txzonemgr script
- labeled zones See
zones
- labeling
- turning on labels
Log In to Trusted Extensions
- zones
How to Create Labeled Zones Interactively
- Labeling Hosts and Networks (Tasks)
Labeling Hosts and Networks
- labels See Also
label ranges- accreditation in tunnel mode
Labels and Accreditation in Tunnel Mode IPsec
- authorizing a user or role to change label of data
How to Enable a User to Change the Security
Level of Data
- Change Workspace Label menu item
Unique Trusted Extensions Security Features
- classification component
Dominance Relationships Between Labels
- compartment component
Dominance Relationships Between Labels
- configuring rules for label changes
sel_config File
- default in remote host templates
Network Security Attributes in Trusted Extensions
- described
Trusted Extensions and Access Control
- determining text equivalents
How to Obtain a Readable Label
From Its Hexadecimal Form
- displaying in hexadecimal
How to Obtain the Hexadecimal Equivalent
for a Label
- displaying labels of file systems in labeled zone
Displaying the Labels of File Systems in the restricted Zone
- dominance
Dominance Relationships Between Labels
- downgrading and upgrading
sel_config File
- extensions for IKE SAs
Label Extensions for IKE
- extensions for IPsec SAs
Label Extensions for IPsec Security Associations
- of processes
What Labels Protect and Where Labels Appear
- of user processes
Session Range
- on IPsec exchanges
Labels for IPsec-Protected Exchanges
- on printouts
Labeled Printer Output
- overview
Labels in Trusted Extensions Software
- planning
Devising a Label Strategy
- printing without page labels
How to Enable Specific Users and Roles to
Bypass Labeling Printed Output
- relationships
Dominance Relationships Between Labels
- repairing in internal databases
How to Obtain a Readable Label
From Its Hexadecimal Form
- Selection Manager dialog box
Unique Trusted Extensions Security Features
- specifying for zones
How to Create Labeled Zones Interactively
- troubleshooting
How to Obtain a Readable Label
From Its Hexadecimal Form
- TrustedExtensionsPolicy file
Unique Trusted Extensions Security Features
- well-formed
Label Ranges
- laptops
- planning
Planning for Multilevel Services
- LDAP
- displaying entries
Quick Reference for the LDAP Naming Service
in Trusted Extensions
- managing the naming service
Quick Reference for the LDAP Naming Service
in Trusted Extensions
- naming service for Trusted Extensions
Using the LDAP Naming Service in Trusted Extensions
- planning
Planning for the LDAP Naming Service in Trusted Extensions
- starting proxy server
Quick Reference for the LDAP Naming Service
in Trusted Extensions
- starting server
Quick Reference for the LDAP Naming Service
in Trusted Extensions
- stopping proxy server
Quick Reference for the LDAP Naming Service
in Trusted Extensions
- stopping server
Quick Reference for the LDAP Naming Service
in Trusted Extensions
- troubleshooting
How to Debug a Client's Connection
to the LDAP Server
- Trusted Extensions databases
Using the LDAP Naming Service in Trusted Extensions
- LDAP configuration
- creating client
Make the Global Zone an LDAP Client in Trusted Extensions
- for Trusted Extensions
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- NFS servers, and
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- Sun Ray servers, and
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- LDAP server
- collecting information for
Collect Information for the LDAP Server
- configuring multilevel port
Configure a Multilevel Port for the Oracle Directory Server Enterprise Edition
- configuring naming service
Install the Oracle Directory Server Enterprise Edition
- configuring proxy for Trusted Extensions clients
Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition
- creating proxy for Trusted Extensions clients
Create an LDAP Proxy Server
- installing in Trusted Extensions
Install the Oracle Directory Server Enterprise Edition
- protecting log files
Configure the Logs for the Oracle Directory Server Enterprise Edition
- limiting
- defined hosts on the network
How to Limit the Hosts That Can Be Contacted on the Trusted Network
- localizing
- configuring labeled printouts
tsol_separator.ps Configuration
File
- LOFS
- mounting datasets in Trusted Extensions
Mount Possibilities in Trusted Extensions
- log files
- protecting LDAP Server logs
Configure the Logs for the Oracle Directory Server Enterprise Edition
- logging in
- to a home directory server
How to Enable Users to Access Their
Remote Home Directories by Configuring the Automounter on Each Server
How to Enable Users to Access Their
Remote Home Directories at Every Label by Logging In to Each NFS Server
- using ssh command
How to Log In and Administer a Remote Trusted Extensions System
- login
- by roles
Roles in Trusted Extensions
- remote
Enable Remote Administration of a Remote Trusted Extensions System
- logout
- requiring
Changing the System's Idle Settings
M
- MAC See
mandatory access control (MAC)
- mail
- administering
About Multilevel Mail in Trusted Extensions
- implementation in Trusted Extensions
Trusted Extensions Mail Features
- multilevel
Multilevel Mail Service
- man pages
- quick reference for Trusted Extensions administrators
List of Trusted Extensions Man Pages
- managing See
administering
- Managing Devices in Trusted Extensions (Task Map)
Managing Devices in Trusted Extensions
- Managing Printing in Trusted Extensions (Task Map)
Managing Printing in Trusted Extensions
- Managing Users and Rights (Task Map)
Managing Users and Rights
- Managing Zones (Task Map)
Managing Zones
- mandatory access control (MAC)
- enforcing on the network
About the Trusted Network
- in Trusted Extensions
Trusted Extensions and Access Control
- maximum labels
- remote host templates
Network Security Attributes in Trusted Extensions
- media
- copying files from removable
How to Copy Files From Portable Media
in Trusted Extensions
- minimum labels
- remote host templates
Network Security Attributes in Trusted Extensions
- MLPs See
multilevel ports (MLPs)
- mlslabel property
- ADMIN_HIGH label and
mlslabel Property
and Mounting Single-Level File Systems
- modifying
- label_encodings file
How to Check and Install Your Label Encodings
File
- mounting
- file systems
How to Share File Systems From a Labeled Zone
- files by loopback mounting
How to Loopback Mount a File That
Is Usually Not Visible in a Labeled Zone
- overview
Results of Sharing and Mounting File Systems in Trusted Extensions
- troubleshooting
How to Troubleshoot Mount Failures in Trusted Extensions
- ZFS dataset on labeled zone
How to Share a ZFS Dataset From
a Labeled Zone
- mounting datasets in Trusted Extensions
Mount Possibilities in Trusted Extensions
- multicast packets
Trusted Extensions Multicast Packets
- multiheaded system
- trusted stripe
Multiheaded Systems and the Trusted Extensions Desktop
- multilevel datasets
- creating
How to Create and Share a Multilevel Dataset
- overview
Multilevel Datasets for Relabeling Files
- multilevel mounts
- NFS protocol versions
Trusted Extensions Software and NFS Protocol
Versions
- multilevel ports (MLPs)
- administering
Displaying Multilevel Ports on a System
- example of NFSv3 MLP
Configuring a Private Multilevel Port for NFSv3 Over udp
- example of web proxy MLP
How to Create a Multilevel Port
for a Zone
- multilevel printing
- accessing by print client
How to Enable a Trusted Extensions Client to
Access a Printer
- configuring
How to Configure a Network Printer
How to Configure a Multilevel Print Server
and Its Printers
- multilevel server
- planning
Planning for Multilevel Services
N
- name service cache daemon See
nscd daemon
- names
- specifying for zones
How to Create Labeled Zones Interactively
- names of file systems
How to Share File Systems From a Labeled Zone
- naming
- zones
How to Create Labeled Zones Interactively
- naming services
- databases unique to Trusted Extensions
Using the LDAP Naming Service in Trusted Extensions
- LDAP
About Trusted Extensions and LDAP
- managing LDAP
Quick Reference for the LDAP Naming Service
in Trusted Extensions
- net_mac_aware privilege
How to Disable the Mounting of Lower-Level
Files
- netstat command
How to Debug the Trusted Extensions Network
Network Commands in Trusted Extensions
- network
- See
trusted network - See
Trusted Extensions network
- network databases
- description
Network Configuration Databases in Trusted Extensions
- in LDAP
Using the LDAP Naming Service in Trusted Extensions
- network packets
Trusted Extensions Data Packets
- networking concepts
Trusted Network Communications
- NFS
- mounting datasets in Trusted Extensions
Mount Possibilities in Trusted Extensions
- NFS mounts
- accessing lower-level directories
NFS Server and Client Configuration in Trusted Extensions
- in global and labeled zones
Results of Sharing and Mounting File Systems in Trusted Extensions
- NFS servers
- LDAP servers, and
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- nonallocatable devices
- protecting
How to Protect Nonallocatable Devices in Trusted Extensions
- setting label range
Effects of Label Range on a Device
- nscd daemon
- adding to every labeled zone
How to Configure a Separate Name Service for
Each Labeled Zone
O
- Oracle Directory Server Enterprise Edition See
LDAP server
- Oracle Solaris OS
- differences from Trusted Extensions
Differences Between Trusted Extensions and the Oracle Solaris OS
- differences from Trusted Extensions auditing
Auditing in Trusted Extensions
- similarities with Trusted Extensions
Similarities Between Trusted Extensions and the Oracle Solaris OS
- similarities with Trusted Extensions auditing
Auditing in Trusted Extensions
P
- packages
- Trusted Extensions feature
Add Trusted Extensions Packages to an Oracle Solaris System
- panels
- moving to bottom of screen
How to Move Desktop Panels to the Bottom
of the Screen
- passwords
- assigning
Security Attribute Assignment to Users
in Trusted Extensions
- Change Password menu item
How to Change the Password for root on a Desktop System
Unique Trusted Extensions Security Features
- changing for root
How to Change the Password for root on a Desktop System
- changing in labeled zone
How to Enforce a New Local User
Password in a Labeled Zone
- changing user passwords
Unique Trusted Extensions Security Features
- providing when changing labels
Unique Trusted Extensions Security Features
Unique Trusted Extensions Security Features
Unique Trusted Extensions Security Features
- storage
Password Protection
- testing if password prompt is trusted
Testing If the Password Prompt Can Be Trusted
- planning See Also
Trusted Extensions use- account creation
Planning User Security in Trusted Extensions
- administration strategy
Planning Who Will Configure Trusted Extensions
- auditing
Planning for Auditing in Trusted Extensions
- hardware
Planning System Hardware and Capacity for Trusted Extensions
- labels
Devising a Label Strategy
- laptop configuration
Planning for Multilevel Services
- LDAP naming service
Planning for the LDAP Naming Service in Trusted Extensions
- network
Planning Your Trusted Network
- Trusted Extensions
Planning for Security in Trusted Extensions
- Trusted Extensions configuration strategy
Forming an Install Team for Trusted Extensions
- zones
Planning Your Labeled Zones in Trusted Extensions
- policy.conf file
- changing defaults
How to Change Security Defaults in System
Files
- changing Trusted Extensions keywords
Changing the System's Idle Settings
- defaults
policy.conf File
Defaults in Trusted Extensions
- how to edit
How to Modify policy.conf Defaults
- preventing See
protecting
- Print without Banner authorization
How to Create a Rights Profile for Convenient Authorizations
- Print without Label authorization
How to Create a Rights Profile for Convenient Authorizations
- printed output See
printing
- printer output See
printing
- printers
- setting label range
Effects of Label Range on a Device
- printing
- and label_encodings file
Label Encodings File
- authorizations
Trusted Extensions Print Interfaces (Reference)
- authorizations for unlabeled output from a public system
Assigning Printing-Related Authorizations to All Users of a System
- configuring for multilevel labeled output
How to Configure a Network Printer
How to Configure a Multilevel Print Server
and Its Printers
- configuring for print client
How to Enable a Trusted Extensions Client to
Access a Printer
- configuring labeled zone
How to Configure a Zone as a Single-Level
Print Server
- configuring labels and text
tsol_separator.ps Configuration
File
- configuring public print jobs
Sending Public Print Jobs to an Unlabeled Printer
- in local language
tsol_separator.ps Configuration
File
- internationalizing labeled output
tsol_separator.ps Configuration
File
- labeling an Oracle Solaris print server
How to Assign a Label to an Unlabeled Print
Server
- localizing labeled output
tsol_separator.ps Configuration
File
- managing
Labels, Printers, and Printing
- PostScript
PostScript Printing of Security Information
- preventing labels on output
How to Remove Banner and Trailer Pages
- public jobs from an Oracle Solaris print server
Sending Public Print Jobs to an Unlabeled Printer
- using an Oracle Solaris print server
How to Assign a Label to an Unlabeled Print
Server
- without labeled banners and trailers
How to Create a Rights Profile for Convenient Authorizations
- without page labels
How to Enable Specific Users and Roles to
Bypass Labeling Printed Output
How to Create a Rights Profile for Convenient Authorizations
- printouts See
printing
- privileges
- changing defaults for users
Security Attribute Assignment to Users
in Trusted Extensions
- non-obvious reasons for requiring
Evaluating Software for Security
- removing proc_info from basic set
Modifying Every User's Basic Privilege Set
- restricting users'
How to Restrict a User's Set of
Privileges
- when executing commands
How to Enter the Global Zone in Trusted Extensions
- proc_info privilege
- removing from basic set
Modifying Every User's Basic Privilege Set
- procedures See
tasks and task maps
- processes
- labels of
What Labels Protect and Where Labels Appear
- labels of user processes
Session Range
- preventing users from seeing others' processes
Modifying Every User's Basic Privilege Set
- profiles See
rights profiles
- programs See
applications
- protecting
- devices
Device Protection With Trusted Extensions Software
Device Manager
- devices from remote allocation
Preventing Remote Allocation of the Audio Device
- file systems by using non-proprietary names
How to Share File Systems From a Labeled Zone
- files at lower labels from being accessed
How to Disable the Mounting of Lower-Level
Files
- information with labels
What Labels Protect and Where Labels Appear
- labeled hosts from access by arbitrary hosts
How to Limit the Hosts That Can Be Contacted on the Trusted Network
- nonallocatable devices
How to Protect Nonallocatable Devices in Trusted Extensions
- proxy server
- starting and stopping LDAP
Quick Reference for the LDAP Naming Service
in Trusted Extensions
- publications
- security and UNIX
Additional Security References
R
- real UID of root
- required for applications
Evaluating Software for Security
- rebooting
- activating labels
Log In to Trusted Extensions
- enabling login to labeled zone
How to Enable Users to Log In to a Labeled
Zone
- Reducing Printing Restrictions in Trusted Extensions (Task Map)
Reducing Printing Restrictions in Trusted Extensions
- regaining control of desktop focus
How to Regain Control of the Desktop's
Current Focus
- regular users See
users
- relabeling data
- eliminating IO
How to Create and Share a Multilevel Dataset
- relabeling information
How to Enable a User to Change the Security
Level of Data
- remote administration
- defaults
Remote Administration in Trusted Extensions
- methods
Methods for Administering Remote Systems in Trusted Extensions
- remote host templates
- 0.0.0.0/0 wildcard assignment
How to Limit the Hosts That Can Be Contacted on the Trusted Network
- adding systems to
How to Add a Range of Hosts to a Security
Template
How to Add a Host to a Security Template
- assigning
Adding Hosts to Security Templates
- creating
Creating Security Templates
- entry for Sun Ray servers
How to Limit the Hosts That Can Be Contacted on the Trusted Network
- remote hosts
- using fallback mechanism in tnrhdb
Trusted Network Fallback Mechanism
- Remote Login authorization
How to Create a Rights Profile for Convenient Authorizations
- remote multilevel desktop
- accessing
How to Configure a Trusted Extensions System With Xvnc for Remote Access
- remote systems
- configuring for role assumption
Enable Remote Administration of a Remote Trusted Extensions System
- removing
- labels on printouts
How to Remove Banner and Trailer Pages
- zone-specific nscd daemon
Removing a Name Service Cache From Each Labeled Zone
- removing Trusted Extensions See
disabling
- repairing
- labels in internal databases
How to Obtain a Readable Label
From Its Hexadecimal Form
- restoring control of desktop focus
How to Regain Control of the Desktop's
Current Focus
- restricting
- access to computer based on label
Effects of Label Range on a Device
- access to devices
Device Protection With Trusted Extensions Software
- access to global zone
Role Assumption in Trusted Extensions
- access to lower-level files
How to Disable the Mounting of Lower-Level
Files
- access to printers with labels
Restricting Access to Printers and Print
Job Information in Trusted Extensions
Differences Between Trusted Extensions Printing
in Oracle Solaris 10 and Oracle Solaris 11
- mounts of lower-level files
How to Disable the Mounting of Lower-Level
Files
- printer access with labels
Restricting Access to Printers and Print
Job Information in Trusted Extensions
Differences Between Trusted Extensions Printing
in Oracle Solaris 10 and Oracle Solaris 11
- remote access
Remote Administration in Trusted Extensions
- Revoke or Reclaim Device authorization
How to Assign Device Authorizations
How to Assign Device Authorizations
- rights See
rights profiles
- rights profiles
- assigning
Security Attribute Assignment to Users
in Trusted Extensions
- Convenient Authorizations
How to Create a Rights Profile for Convenient Authorizations
- with Allocate Device authorization
How to Assign Device Authorizations
- with device allocation authorizations
How to Assign Device Authorizations
- with new device authorizations
Creating and Assigning Trusted Path and Non-Trusted Path Device Authorizations
- roadmaps
- Task Map: Choosing a Trusted Extensions Configuration
Task Map: Choosing a Trusted Extensions Configuration
- Task Map: Configuring Trusted Extensions to Your Site's Requirements
Task Map: Configuring Trusted Extensions to
Meet Your Site's Requirements
- Task Map: Configuring Trusted Extensions With the Provided Defaults
Task Map: Configuring Trusted Extensions With
the Provided Defaults
- Task Map: Preparing For and Enabling Trusted Extensions
Task Map: Preparing for and Enabling Trusted Extensions
- role workspace
- global zone
Roles in Trusted Extensions
- roleadd command
How to Create the Security Administrator
Role in Trusted Extensions
- roles
- adding LDAP role with roleadd
Creating the Security Administrator Role in LDAP
- adding local role with roleadd
How to Create the Security Administrator
Role in Trusted Extensions
- administering auditing
Role Responsibilities for Audit Administration
- assigning rights
Security Attribute Assignment to Users
in Trusted Extensions
- assuming
How to Enter the Global Zone in Trusted Extensions
Roles in Trusted Extensions
- creating
Role Creation in Trusted Extensions
- creating Security Administrator
How to Create the Security Administrator
Role in Trusted Extensions
- deciding if ARMOR
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- determining when to create
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- leaving role workspace
How to Exit the Global Zone in Trusted Extensions
- trusted application access
Administration Tools for Trusted Extensions
- verifying they work
How to Verify That the Trusted Extensions Roles
Work
- workspaces
Roles in Trusted Extensions
- root role
- adding device_clean script
How to Add a Device_Clean Script in Trusted Extensions
- root UID
- required for applications
Evaluating Software for Security
- route command
Network Commands in Trusted Extensions
- routing
About Routing in Trusted Extensions- accreditation checks
Trusted Extensions Accreditation Checks
- commands in Trusted Extensions
Routing Commands in Trusted Extensions
- concepts
Administration of Routing in Trusted Extensions
- example of
Gateways in Trusted Extensions
- tables
Choosing Routers in Trusted Extensions
Routing Table Entries in Trusted Extensions
- using route command
How to Add Default Routes
S
- scripts
- /usr/bin/txzonemgr
How to Display Ready or Running Zones
- /usr/sbin/txzonemgr
Zone Administration Utilities in Trusted Extensions
Trusted Extensions Administrative
Tools
- getmounts
How to Display the Labels of Mounted
Files
- secure attention
- key combination
How to Regain Control of the Desktop's
Current Focus
- security
- initial setup team
Initial Setup Team Responsibilities
- publications
Additional Security References
- site security policy
Site Security Policy
- Security Administrator role
- administering printer security
Labels, Printers, and Printing
- administering users
Managing Users and Rights
- assigning authorizations to users
How to Create a Rights Profile for Convenient Authorizations
- configuring a device
How to Configure a Device by Using the Device Manager in Trusted Extensions
- creating
How to Create the Security Administrator
Role in Trusted Extensions
- creating Convenient Authorizations rights profile
How to Create a Rights Profile for Convenient Authorizations
- enabling unlabeled body pages from a public system
Assigning Printing-Related Authorizations to All Users of a System
- enforcing security
Enforcement of Device Security in Trusted Extensions
- protecting nonallocatable devices
How to Protect Nonallocatable Devices in Trusted Extensions
- security administrators See
Security Administrator role
- security attributes
Routing Table Entries in Trusted Extensions- modifying defaults for all users
How to Modify policy.conf Defaults
- modifying user defaults
How to Modify Default User Label Attributes
- setting for remote hosts
Creating Security Templates
- using in routing
How to Add Default Routes
- security information
- on printouts
Labeled Printer Output
- planning for Trusted Extensions
Resolving Additional Issues Before Enabling Trusted Extensions
- security label set
- remote host templates
Network Security Attributes in Trusted Extensions
- security mechanisms
- extensible
Extension of Oracle Solaris Security Features by Trusted Extensions
- Oracle Solaris
Security Mechanisms for Oracle Solaris Software
- security policy
- auditing
Trusted Extensions Audit Policy Options
- training users
Users and Security Requirements
- users and devices
Enforcement of Device Security in Trusted Extensions
- security templates See
remote host templates
- sel_config file
sel_config File
sel_config File
- selecting
- audit records by label
Audit Tasks in Trusted Extensions
- Selection Manager
- configuring rules for selection confirmer
sel_config File
- default configuration
Rules When Changing the Level of Security
for Data
- Selection Manager dialog box
- description
Unique Trusted Extensions Security Features
- Service Management Framework (SMF)
- dpadm
Install the Oracle Directory Server Enterprise Edition
- dsadm
Install the Oracle Directory Server Enterprise Edition
- session range
Session Range
- sessions
- failsafe
How to Log In to a Failsafe Session
in Trusted Extensions
- Setting Up Remote Administration in Trusted Extensions (Task Map)
Configuring and Administering Remote Systems in Trusted Extensions
- sharing
- IP addresses
How to Assign Labels to Two Zone Workspaces
- with Vino
Using Vino to Share a Desktop in a Test Environment
- ZFS dataset from labeled zone
How to Share a ZFS Dataset From
a Labeled Zone
- Shutdown authorization
How to Create a Rights Profile for Convenient Authorizations
- similarities
- between Trusted Extensions and Oracle Solaris auditing
Auditing in Trusted Extensions
- between Trusted Extensions and Oracle Solaris OS
Similarities Between Trusted Extensions and the Oracle Solaris OS
- single-label
- login
Account Label Range
- printing in a zone
How to Configure a Zone as a Single-Level
Print Server
- site security policy
- common violations
Common Security Violations
- personnel recommendations
Personnel Security Recommendations
- physical access recommendations
Physical Security Recommendations
- recommendations
Computer Security Recommendations
- tasks involved
Site Security Policy
- Trusted Extensions configuration decisions
Site Security Policy and Trusted Extensions
- understanding
Understanding Your Site's Security Policy
- snoop command
How to Debug the Trusted Extensions Network
Network Commands in Trusted Extensions
- software
- administering third-party
Software Management in Trusted Extensions
- importing
Adding Software to Trusted Extensions
- solaris.print.admin
- authorization
Trusted Extensions Print Interfaces (Reference)
- solaris.print.list
- authorization
Trusted Extensions Print Interfaces (Reference)
- solaris.print.nobanner
- authorization
Trusted Extensions Print Interfaces (Reference)
- solaris.print.nobanner authorization
Assigning Printing-Related Authorizations to All Users of a System
- solaris.print.unlabeled
- authorization
Trusted Extensions Print Interfaces (Reference)
- solaris.print.unlabeled authorization
Assigning Printing-Related Authorizations to All Users of a System
- startup files
- procedures for customizing
How to Configure Startup Files for Users
in Trusted Extensions
- Stop-A
- enabling
How to Change Security Defaults in System
Files
- Sun Ray systems
- 0.0.0.0/32 address for client contact
How to Limit the Hosts That Can Be Contacted on the Trusted Network
- enabling initial contact between client and server
Configuring a Valid Initial Address for a Labeled Sun Ray Server
- LDAP servers, and
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- preventing users from seeing others' processes
Modifying Every User's Basic Privilege Set
- web site for documentation
Task Map: Choosing a Trusted Extensions Configuration
- System Administrator role
- administering printers
Labels, Printers, and Printing
- creating
How to Create a System Administrator
Role
- reclaiming a device
How to Revoke or Reclaim a Device in Trusted Extensions
- reviewing audit records
Audit Tasks in Trusted Extensions
- system files
- editing
How to Change Security Defaults in System
Files
- label_encodings
How to Check and Install Your Label Encodings
File
- sel_config
sel_config File
- tsol_separator.ps
How to Enable Specific Users and Roles to
Bypass Labeling Printed Output
T
- tasks and task maps
- Additional Trusted Extensions Configuration Tasks
Additional Trusted Extensions Configuration Tasks
- Common Tasks in Trusted Extensions Task Map)
Performing Common Tasks in Trusted Extensions
- Configuring LDAP on a Trusted Extensions Network (Task Map)
Configuring LDAP on a Trusted Extensions Network
- Configuring an LDAP Proxy Server on a Trusted Extensions System (Task Map)
Configuring an LDAP Proxy Server on a Trusted Extensions System
- Configuring Labeled IPsec (Task Map)
Configuring Labeled IPsec
- Configuring Labeled Printing (Task Map)
Configuring Labeled Printing
- Creating Labeled Zones
Creating Labeled Zones
- Customizing Device Authorizations in Trusted Extensions (Task Map)
Customizing Device Authorizations in Trusted Extensions
- Customizing User Environment for Security (Task Map)
Customizing the User Environment for Security
- Getting Started as a Trusted Extensions Administrator Task Map
Getting Started as a Trusted Extensions Administrator on a Desktop System
- Handling Devices in Trusted Extensions (Task Map)
Handling Devices in Trusted Extensions
- Labeling Hosts and Networks (Tasks)
Labeling Hosts and Networks
- Managing Devices in Trusted Extensions (Task Map)
Managing Devices in Trusted Extensions
- Managing Printing in Trusted Extensions (Task Map)
Managing Printing in Trusted Extensions
- Managing Users and Rights
Managing Users and Rights
- Managing Zones (Task Map)
Managing Zones
- Reducing Printing Restrictions in Trusted Extensions (Task Map)
Reducing Printing Restrictions in Trusted Extensions
- Setting Up Remote Administration in Trusted Extensions (Task Map)
Configuring and Administering Remote Systems in Trusted Extensions
- Task Map: Choosing a Trusted Extensions Configuration
Task Map: Choosing a Trusted Extensions Configuration
- Task Map: Configuring Trusted Extensions to Your Site's Requirements
Task Map: Configuring Trusted Extensions to
Meet Your Site's Requirements
- Task Map: Configuring Trusted Extensions With the Provided Defaults
Task Map: Configuring Trusted Extensions With
the Provided Defaults
- Task Map: Preparing For and Enabling Trusted Extensions
Task Map: Preparing for and Enabling Trusted Extensions
- Troubleshooting the Trusted Network (Task Map)
Troubleshooting the Trusted Network
- Using Devices in Trusted Extensions (Task Map)
Using Devices in Trusted Extensions Task Map
- Viewing Existing Security Templates (Tasks)
Viewing Existing Security Templates
- templates See
remote host templates
- text label equivalents
- determining
How to Obtain a Readable Label
From Its Hexadecimal Form
- tncfg command
- creating a multilevel port
How to Create a Multilevel Port
for a Zone
- description
Network Commands in Trusted Extensions
- modifying DOI value
How to Configure a Different Domain of Interpretation
- tnchkdb command
- description
Network Commands in Trusted Extensions
- tnctl command
- description
Network Commands in Trusted Extensions
- tnd command
- description
Network Commands in Trusted Extensions
- tninfo command
- description
Network Commands in Trusted Extensions
- using
How to Debug a Client's Connection
to the LDAP Server
- tools See
administrative tools
- trailer pages See
banner pages
- translation See
localizing
- troubleshooting
- failed login
How to Log In to a Failsafe Session
in Trusted Extensions
- IPv6 configuration
How to Configure an IPv6 CIPSO Network in Trusted Extensions
- LDAP
How to Debug a Client's Connection
to the LDAP Server
- mounted file systems
How to Troubleshoot Mount Failures in Trusted Extensions
- network
Troubleshooting the Trusted Network
- reclaiming a device
How to Revoke or Reclaim a Device in Trusted Extensions
- repairing labels in internal databases
How to Obtain a Readable Label
From Its Hexadecimal Form
- Trusted Extensions configuration
Troubleshooting Your Trusted Extensions Configuration
- trusted network
How to Debug the Trusted Extensions Network
- verifying interface is up
How to Verify That a System's Interfaces
Are Up
- viewing ZFS dataset mounted in lower-level zone
Sharing and Mounting a ZFS Dataset From Labeled Zones
- Troubleshooting the Trusted Network (Task Map)
Troubleshooting the Trusted Network
- trusted applications
- in a role workspace
Administration Tools for Trusted Extensions
- Trusted Extensions See Also
Trusted Extensions planning- adding
Add Trusted Extensions Packages to an Oracle Solaris System
- adding to Oracle Solaris
Installing and Enabling Trusted Extensions
- decisions to make before enabling
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- differences from Oracle Solaris administrator's perspective
Results of Enabling Trusted Extensions From an Administrator's
Perspective
- differences from Oracle Solaris auditing
Auditing in Trusted Extensions
- differences from Oracle Solaris OS
Differences Between Trusted Extensions and the Oracle Solaris OS
- disabling
How to Remove Trusted Extensions From the System
- enabling
Installing and Enabling Trusted Extensions
- IPsec protections
Labels for IPsec-Protected Exchanges
- man pages quick reference
List of Trusted Extensions Man Pages
- memory requirements
Planning System Hardware and Capacity for Trusted Extensions
- networking
Trusted Networking
- planning configuration strategy
Forming an Install Team for Trusted Extensions
- planning for
Planning for Security in Trusted Extensions
- planning hardware
Planning System Hardware and Capacity for Trusted Extensions
- planning network
Planning Your Trusted Network
- preparing for
Resolving Security Issues Before Installing Trusted Extensions
- quick reference to administration
Quick Reference to Trusted Extensions Administration
- remote access to display
Using Vino to Share a Desktop in a Test Environment
- results before configuration
Results of Enabling Trusted Extensions From an Administrator's
Perspective
- similarities with Oracle Solaris auditing
Auditing in Trusted Extensions
- similarities with Oracle Solaris OS
Similarities Between Trusted Extensions and the Oracle Solaris OS
- two-role configuration strategy
Forming an Install Team for Trusted Extensions
- Trusted Extensions configuration
- adding network databases to LDAP server
Populate the Oracle Directory Server Enterprise Edition
- changing default DOI value
How to Configure a Different Domain of Interpretation
- databases for LDAP
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- division of tasks
Initial Setup Team Responsibilities
- evaluated configuration
Understanding Your Site's Security Policy
- initial procedures
Configuring Trusted Extensions
- initial setup team responsibilities
Initial Setup Team Responsibilities
- labeled zones
Creating Labeled Zones
- LDAP
Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- reboot to activate labels
Log In to Trusted Extensions
- remote systems
Remote Administration in Trusted Extensions
- task maps
Configuration Roadmap for Trusted Extensions
- troubleshooting
Troubleshooting Your Trusted Extensions Configuration
- Trusted Extensions menu
- Assume Role
How to Enter the Global Zone in Trusted Extensions
- Trusted Extensions network
- adding zone-specific nscd daemon
How to Configure a Separate Name Service for
Each Labeled Zone
- enabling IPv6 for CIPSO packets
How to Configure an IPv6 CIPSO Network in Trusted Extensions
- planning
Planning Your Trusted Network
- removing zone-specific nscd daemon
Removing a Name Service Cache From Each Labeled Zone
- trusted grab
- key combination
How to Regain Control of the Desktop's
Current Focus
- trusted network
- 0.0.0.0/0 wildcard address
How to Limit the Hosts That Can Be Contacted on the Trusted Network
- 0.0.0.0 tnrhdb entry
How to Limit the Hosts That Can Be Contacted on the Trusted Network
- concepts
Trusted Networking
- default labeling
Trusted Extensions Accreditation Checks
- example of routing
Gateways in Trusted Extensions
- host types
Host Type and Template Name in Security Templates
- labels and MAC enforcement
About the Trusted Network
- using templates
Creating Security Templates
- Trusted Path
- Device Manager
Device Manager GUI
- trusted path attribute
- when available
Roles and Trusted Extensions
- trusted programs
- adding
Developer Responsibilities When Creating Trusted
Programs
- defined
Evaluating Software for Security
- trusted stripe
- moving panels to bottom of screen
How to Move Desktop Panels to the Bottom
of the Screen
- on multiheaded system
Multiheaded Systems and the Trusted Extensions Desktop
- warping pointer to
Forcing the Pointer to the Trusted Stripe
- TrustedExtensionsPolicy file
- description
Unique Trusted Extensions Security Features
- trustworthy programs
Evaluating Software for Security
- tsol_separator.ps file
- configurable values
tsol_separator.ps Configuration
File
- customizing labeled printing
Labeled Printer Output
- tsoljdsselmgr application
Rules When Changing the Level of Security
for Data
- txzonemgr script
How to Display Ready or Running Zones- –c option
How to Create a Default Trusted Extensions System
U
- /usr/bin/tsoljdsselmgr application
Rules When Changing the Level of Security
for Data
- /usr/lib/cups/filter/tsol_separator.ps file
Labeled Printer Output
- /usr/local/scripts/getmounts script
How to Display the Labels of Mounted
Files
- /usr/sbin/txzonemgr script
How to Display Ready or Running Zones
Zone Administration Utilities in Trusted Extensions
Trusted Extensions Administrative
Tools
How to Create a Default Trusted Extensions System
- /usr/share/gnome/sel_config file
sel_config File
- unlabeled printing
- configuring
Reducing Printing Restrictions in Trusted Extensions
- updatehome command
.copy_files and .link_files Files
- Upgrade DragNDrop or CutPaste Info authorization
How to Create a Rights Profile for Convenient Authorizations
- Upgrade File Label authorization
How to Create a Rights Profile for Convenient Authorizations
- upgrading labels
- configuring rules for selection confirmer
sel_config File
- useradd command
Using the useradd Command to Create a Local User
- users
- accessing devices
Device Protection With Trusted Extensions Software
Device Protection With Trusted Extensions Software
- accessing printers
Labels, Printers, and Printing
- adding local user with useradd
Using the useradd Command to Create a Local User
- assigning authorizations to
Security Attribute Assignment to Users
in Trusted Extensions
- assigning labels
Security Attribute Assignment to Users
in Trusted Extensions
- assigning passwords
Security Attribute Assignment to Users
in Trusted Extensions
- assigning rights
Security Attribute Assignment to Users
in Trusted Extensions
- assigning roles to
Security Attribute Assignment to Users
in Trusted Extensions
- authorizations for
How to Create a Rights Profile for Convenient Authorizations
- Change Password menu item
Unique Trusted Extensions Security Features
- Change Workspace Label menu item
Unique Trusted Extensions Security Features
- changing default privileges
Security Attribute Assignment to Users
in Trusted Extensions
- creating
Administrator Responsibilities
for Users
- creating initial users
How to Create Users Who Can Assume Roles in Trusted Extensions
- customizing environment
Customizing the User Environment for Security
- deletion precautions
User Deletion Practices
- labels of processes
Session Range
- logging in to a failsafe session
How to Log In to a Failsafe Session
in Trusted Extensions
- modifying security defaults
How to Modify Default User Label Attributes
- modifying security defaults for all users
How to Modify policy.conf Defaults
- planning for
Decisions to Make Before Creating
Users in Trusted Extensions
- preventing account locking
How to Prevent Account Locking
for Users
- preventing from seeing others' processes
Modifying Every User's Basic Privilege Set
- printing
Labels, Printers, and Printing
- removing some privileges
How to Restrict a User's Set of
Privileges
- restoring control of desktop focus
How to Regain Control of the Desktop's
Current Focus
- security precautions
Group Administration Practices
- security training
Enforcement of Device Security in Trusted Extensions
Group Administration Practices
Security Requirements Enforcement
- Selection Manager dialog box
Unique Trusted Extensions Security Features
- session range
Session Range
- setting up skeleton directories
How to Configure Startup Files for Users
in Trusted Extensions
- startup files
How to Configure Startup Files for Users
in Trusted Extensions
- TrustedExtensionsPolicy file
Unique Trusted Extensions Security Features
- using .copy_files file
How to Configure Startup Files for Users
in Trusted Extensions
- using .link_files file
How to Configure Startup Files for Users
in Trusted Extensions
- using devices
Using Devices in Trusted Extensions Task Map
- Using Devices in Trusted Extensions (Task Map)
Using Devices in Trusted Extensions Task Map
- utadm command
- default Sun Ray server configuration
Configuring a Valid Initial Address for a Labeled Sun Ray Server
V
- verifying
- interface is up
How to Verify That a System's Interfaces
Are Up
- label_encodings file
How to Check and Install Your Label Encodings
File
- roles are working
How to Verify That the Trusted Extensions Roles
Work
- viewing See
accessing
- Vino
- sharing desktops
Using Vino to Share a Desktop in a Test Environment
- virtual network computing (VNC) See
Xvnc systems running Trusted Extensions
W
- well-formed labels
Label Ranges
- wildcard address See
fallback mechanism
- wire label
Labels for IPsec-Protected Exchanges
- workspaces
- color changes
How to Enter the Global Zone in Trusted Extensions
- colors indicating label of
What Labels Protect and Where Labels Appear
- global zone
Roles in Trusted Extensions
X
- X audit classes
Trusted Extensions Audit Classes
- xatom audit token
xatom Token
- xcolormap audit token
xcolormap Token
- xcursor audit token
xcursor Token
- xfont audit token
xfont Token
- xgc audit token
xgc Token
- xpixmap audit token
xpixmap Token
- xproperty audit token
xproperty Token
- xselect audit token
xselect Token
- Xvnc
- accessing multilevel remotely
How to Configure a Trusted Extensions System With Xvnc for Remote Access
- Xvnc systems running Trusted Extensions
- remote access to
How to Configure a Trusted Extensions System With Xvnc for Remote Access
Methods for Administering Remote Systems in Trusted Extensions
- xwindow audit token
xwindow Token
Z
- zenity script
How to Create a Default Trusted Extensions System
- ZFS
- adding dataset to labeled zone
How to Share a ZFS Dataset From
a Labeled Zone
- fast zone creation method
Zone Creation in Trusted Extensions
- mounting dataset read-write on labeled zone
How to Share a ZFS Dataset From
a Labeled Zone
- mounting datasets in Trusted Extensions
Mount Possibilities in Trusted Extensions
- multilevel datasets
Mount Possibilities in Trusted Extensions
How to Create and Share a Multilevel Dataset
- viewing mounted dataset read-only from higher-level zone
Sharing and Mounting a ZFS Dataset From Labeled Zones
- zones
- adding nscd daemon to each labeled zone
How to Configure a Separate Name Service for
Each Labeled Zone
- administering
Managing Zones
- creating MLP
How to Create a Multilevel Port
for a Zone
- creating MLP for NFSv3
Configuring a Private Multilevel Port for NFSv3 Over udp
- creating secondary
How to Create a Secondary Labeled Zone
- deciding creation method
Planning Your Labeled Zones in Trusted Extensions
- deleting
How to Remove Trusted Extensions From the System
- displaying labels of file systems
Displaying the Labels of File Systems in the restricted Zone
- displaying status
How to Display Ready or Running Zones
- enabling login to
How to Enable Users to Log In to a Labeled
Zone
- for isolating labeled services
How to Create a Secondary Labeled Zone
- global
Zones in Trusted Extensions
- global zone processes and
Global Zone Processes and Labeled
Zones
- immutable and Trusted Extensions
Creating Labeled Zones
- in Trusted Extensions
Managing Zones in Trusted Extensions
- kernel and Trusted Extensions
Creating Labeled Zones
- managing
Managing Zones in Trusted Extensions
- net_mac_aware privilege
How to NFS Mount Files in a Labeled Zone
- primary
Primary and Secondary Labeled
Zones
- removing nscd daemon from labeled zones
Removing a Name Service Cache From Each Labeled Zone
- secondary
Primary and Secondary Labeled
Zones
- specifying labels
How to Create Labeled Zones Interactively
- specifying names
How to Create Labeled Zones Interactively
- txzonemgr script
How to Create a Default Trusted Extensions System