Go to main content
Index
A
- access See
computer access- remote systemsRemote Administration in Trusted Extensions
- access policy
- devicesDevice Access Policies
- Discretionary Access Control (DAC)
- Differences Between Trusted Extensions and the Oracle Solaris OS
- Trusted Extensions and the Oracle Solaris OS
- Mandatory Access Control (MAC)Differences Between Trusted Extensions and the Oracle Solaris OS
- accessing
- administrative toolsGetting Started as a Trusted Extensions Administrator on a Desktop System
- audit records by labelAudit Tasks in Trusted Extensions
- devicesDevice Protection With Trusted Extensions Software
- global zoneHow to Enter the Global Zone in Trusted Extensions
- home directoriesZones in Trusted Extensions
- labeled zones by usersHow to Enable Users to Log In to a Labeled
Zone
- printersLabels, Printers, and Printing
- remote multilevel desktopHow to Configure a Trusted Extensions System With Xvnc for Remote Access
- ZFS dataset mounted in lower-level zone from higher-level zoneSharing and Mounting a ZFS Dataset From Labeled Zones
- account locking
- preventing for users who can assume rolesHow to Prevent Account Locking
for Users
- accounts
- See Alsoroles
- See Alsousers
- creatingCreating Roles and Users in Trusted Extensions
- planningPlanning User Security in Trusted Extensions
- accreditation checksTrusted Extensions Accreditation Checks
- accreditation ranges
- label_encodings fileLabel Encodings File
- adding
- IPsec protectionsHow to Apply IPsec Protections in
a Multilevel Trusted Extensions Network
- LDAP role with roleaddCreating the Security Administrator Role in LDAP
- local role with roleaddHow to Create the Security Administrator
Role in Trusted Extensions
- local user with useraddUsing the useradd Command to Create a Local User
- logical interfacesHow to Add an IP Instance to a Labeled Zone
- multilevel datasetHow to Create and Share a Multilevel Dataset
- network databases to LDAP serverPopulate the Oracle Directory Server Enterprise Edition
- nscd daemon to every labeled zoneHow to Configure a Separate Name Service for
Each Labeled Zone
- remote host templatesCreating Security Templates
- remote hostsHow to Connect a Trusted Extensions System to Other Trusted Extensions Systems
- rolesCreating Roles and Users in Trusted Extensions
- secondary zonesHow to Create a Secondary Labeled Zone
- shared network interfacesHow to Share a Single IP Address With All Zones
- Trusted Extensions packagesAdd Trusted Extensions Packages to an Oracle Solaris System
- users who can assume rolesHow to Create Users Who Can Assume Roles in Trusted Extensions
- VNIC interfacesHow to Add a Virtual Network Interface to a
Labeled Zone
- zone-specific nscd daemonHow to Configure a Separate Name Service for
Each Labeled Zone
- Additional Trusted Extensions Configuration TasksAdditional Trusted Extensions Configuration Tasks
- ADMIN_HIGH label
- body page labels andHow to Configure a Zone as a Single-Level
Print Server
- devices andDevice Protection With Trusted Extensions Software
- global zone processes and zonesGlobal Zone Processes and Labeled
Zones
- mlslabel andmlslabel Property
and Mounting Single-Level File Systems
- multilevel datasets andNo Privilege Overrides for MAC Read-Write
Policy
- NFS-mounted files in global zoneTrusted Extensions Policy for Single-Level
Datasets
- no localizationFor International Customers of Trusted Extensions
- role clearanceHow to Create a System Administrator
Role
- roles andRole Creation in Trusted Extensions
- top administrative labelAdministrative Labels
- ADMIN_LOW label
- limitations on unlabeled system mountsSharing and Mounting Files
in the Global Zone
- lowest labelAdministrative Labels
- mounting files andSharing and Mounting Files
in the Global Zone
- protecting administrative filesPassword Protection
- administering
- account lockingHow to Prevent Account Locking
for Users
- assigning device authorizationsHow to Assign Device Authorizations
- auditing in Trusted ExtensionsAudit Management by Role in Trusted Extensions
- changing label of informationHow to Enable a User to Change the Security
Level of Data
- convenient authorizations for usersHow to Create a Rights Profile for Convenient Authorizations
- device allocationHow to Assign Device Authorizations
- device authorizationsHow to Create New Device Authorizations
- devices
- Managing Devices in Trusted Extensions
- Managing Devices for Trusted Extensions
- file systems
- mountingHow to NFS Mount Files in a Labeled Zone
- overviewTrusted Extensions Policies for Mounted File
Systems
- troubleshootingHow to Troubleshoot Mount Failures in Trusted Extensions
- files
- backing up with labelsHow to Back Up Files in Trusted Extensions
- restoring with labelsHow to Restore Files in Trusted Extensions
- from the global zoneHow to Enter the Global Zone in Trusted Extensions
- labeled IPsecConfiguring Labeled IPsec
- labeled printingManaging Labeled Printing
- LDAPAbout Trusted Extensions and LDAP
- mailAbout Multilevel Mail in Trusted Extensions
- multilevel datasetsResults of Sharing and Mounting File Systems in Trusted Extensions
- multilevel portsDisplaying Multilevel Ports on a System
- printingManaging Printing in Trusted Extensions
- quick reference for administratorsQuick Reference to Trusted Extensions Administration
- remote host templatesCreating Security Templates
- remotelyRemote Administration in Trusted Extensions
- routes with security attributesHow to Add Default Routes
- security templates
- How to Add a Range of Hosts to a Security
Template
- How to Add a Host to a Security Template
- sharing file systemsHow to Share File Systems From a Labeled Zone
- startup files for usersHow to Configure Startup Files for Users
in Trusted Extensions
- system filesHow to Change Security Defaults in System
Files
- third-party softwareSoftware Management in Trusted Extensions
- trusted networkManaging Networks in Trusted Extensions
- unlabeled printingReducing Printing Restrictions in Trusted Extensions
- user privilegesHow to Restrict a User's Set of
Privileges
- users
- Managing Users and Rights
- Managing Users, Rights,
and Roles in Trusted Extensions
- Decisions to Make Before Creating
Users in Trusted Extensions
- zonesManaging Zones
- zones by using txzonemgrZone Administration Utilities in Trusted Extensions
- administrative labelsAdministrative Labels
- administrative roles Seeroles
- administrative tools
- accessingGetting Started as a Trusted Extensions Administrator on a Desktop System
- commandsCommand Line Tools in Trusted Extensions
- configuration filesConfiguration Files in Trusted Extensions
- descriptionTrusted Extensions Administration Tools
- Device ManagerDevice Manager
- label builderLabel Builder in Trusted Extensions
- Labeled Zone Managertxzonemgr Script
- Selection ManagerSelection Manager in Trusted Extensions
- txzonemgr scripttxzonemgr Script
- Allocate Device authorization
- How to Assign Device Authorizations
- Device Protection With Trusted Extensions Software
- How to Create a Rights Profile for Convenient Authorizations
- allocate error state
- correctingHow to Revoke or Reclaim a Device in Trusted Extensions
- allocating
- using Device ManagerDevice Manager GUI
- allocating devices
- for copying dataHow to Copy Files to Portable Media in Trusted Extensions
- application security labelLabels for IPsec-Protected Exchanges
- applications
- enabling initial network contact between client and serverMaking the Host Address 0.0.0.0/32 a Valid Initial Address
- evaluating for securitySecurity Administrator Responsibilities for
Trusted Programs
- trusted and trustworthyEvaluating Software for Security
- ARMOR roles
- Creating Roles and Users in Trusted Extensions Task Map
- Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- assigning
- privileges to usersSecurity Attribute Assignment to Users
in Trusted Extensions
- rights profilesSecurity Attribute Assignment to Users
in Trusted Extensions
- Assume Role menu itemHow to Enter the Global Zone in Trusted Extensions
- assuming
- rolesHow to Enter the Global Zone in Trusted Extensions
- atohexlabel commandHow to Obtain the Hexadecimal Equivalent
for a Label
- audio devices
- preventing remote allocationPreventing Remote Allocation of the Audio Device
- Audit Review profile
- reviewing audit recordsAudit Tasks in Trusted Extensions
- audit tokens for Trusted Extensions
- label tokenlabel Token
- list ofTrusted Extensions Audit Tokens
- xatom tokenxatom Token
- xcolormap tokenxcolormap Token
- xcursor tokenxcursor Token
- xfont tokenxfont Token
- xgc tokenxgc Token
- xpixmap tokenxpixmap Token
- xproperty tokenxproperty Token
- xselect tokenxselect Token
- xwindow tokenxwindow Token
- auditing in Trusted Extensions
- additional audit eventsTrusted Extensions Audit Events
- additional audit policiesTrusted Extensions Audit Policy Options
- additional audit tokensTrusted Extensions Audit Tokens
- additions to existing auditing commandsExtensions to Auditing Commands in Trusted Extensions
- differences from Oracle Solaris auditingAuditing in Trusted Extensions
- planningPlanning for Auditing in Trusted Extensions
- referenceTrusted Extensions and Auditing
- roles for administeringAudit Management by Role in Trusted Extensions
- tasksAudit Tasks in Trusted Extensions
- X audit classesTrusted Extensions Audit Classes
- authorizations
- adding new device authorizationsHow to Create New Device Authorizations
- Allocate Device
- How to Assign Device Authorizations
- Device Protection With Trusted Extensions Software
- assigningSecurity Attribute Assignment to Users
in Trusted Extensions
- assigning device authorizationsHow to Assign Device Authorizations
- authorizing a user or role to change labelHow to Enable a User to Change the Security
Level of Data
- Configure Device AttributesHow to Assign Device Authorizations
- convenient for usersHow to Create a Rights Profile for Convenient Authorizations
- creating customized device authorizationsCreating Fine-Grained Device Authorizations
- creating local and remote device authorizationsCreating and Assigning Trusted Path and Non-Trusted Path Device Authorizations
- customizing for devicesHow to Add Site-Specific Authorizations to
a Device in Trusted Extensions
- grantedTrusted Extensions and Access Control
- profiles that include device allocation authorizationsHow to Assign Device Authorizations
- Revoke or Reclaim Device
- How to Assign Device Authorizations
- How to Assign Device Authorizations
- authorizing
- device allocationHow to Assign Device Authorizations
- unlabeled printingReducing Printing Restrictions in Trusted Extensions
B
- backing up
- previous system before installationBacking Up the System Before Enabling Trusted Extensions
- banner pages
- description of labeledLabeled Banner and Trailer Pages
- difference from trailer pageDifferences on a Trailer Page
- removing labelsHow to Enable Specific Users and Roles to
Bypass Labeling Printed Output
- typicalTypical Banner Page of a Labeled Print
Job
- body pages
- ADMIN_HIGH label onHow to Configure a Zone as a Single-Level
Print Server
- description of labeledLabeled Body Pages
- unlabeledHow to Enable Specific Users and Roles to
Bypass Labeling Printed Output
C
- .copy_files file
- description.copy_files and .link_files Files
- setting up for users
- Customizing Startup Files for Users
- How to Configure Startup Files for Users
in Trusted Extensions
- CD-ROM drives
- accessingDevice Protection With Trusted Extensions Software
- Change Password menu item
- descriptionUnique Trusted Extensions Security Features
- using to change root passwordHow to Change the Password for root on a Desktop System
- Change Workspace Label menu item
- descriptionUnique Trusted Extensions Security Features
- changing
- IDLETIME keywordChanging the System's Idle Settings
- labels by authorized usersHow to Enable a User to Change the Security
Level of Data
- rules for label changessel_config File
- security level of dataHow to Enable a User to Change the Security
Level of Data
- system security defaultsHow to Change Security Defaults in System
Files
- user privilegesHow to Restrict a User's Set of
Privileges
- checking
- label_encodings fileHow to Check and Install Your Label Encodings
File
- roles are workingHow to Verify That the Trusted Extensions Roles
Work
- checklists for initial setup teamChecklist for Configuring Trusted Extensions
- chk_encodings commandChecking label_encodings Syntax on the Command
Line
- choosing Seeselecting
- classification label componentDominance Relationships Between Labels
- clearances
- label overviewLabels in Trusted Extensions Software
- collecting information
- for LDAP serviceCollect Information for the LDAP Server
- colors
- indicating label of workspaceWhat Labels Protect and Where Labels Appear
- commands
- executing with privilegeHow to Enter the Global Zone in Trusted Extensions
- troubleshooting networkingHow to Debug the Trusted Extensions Network
- commercial applications
- evaluatingSecurity Administrator Responsibilities for
Trusted Programs
- Common Tasks in Trusted Extensions (Task Map)Performing Common Tasks in Trusted Extensions
- compartment label componentDominance Relationships Between Labels
- component definitions
- label_encodings fileLabel Encodings File
- computer access
- administrator responsibilitiesInformation Protection
- restrictingEffects of Label Range on a Device
- configuration files
- copyingHow to Copy Files to Portable Media in Trusted Extensions
- loadingHow to Copy Files From Portable Media
in Trusted Extensions
- Configure Device Attributes authorizationHow to Assign Device Authorizations
- configuring
- access to remote Trusted ExtensionsRemote Administration in Trusted Extensions
- authorizations for devicesHow to Create New Device Authorizations
- by assuming a limited role or as rootSecure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- devicesHow to Configure a Device by Using the Device Manager in Trusted Extensions
- labeled printingConfiguring Labeled Printing
- LDAP for Trusted ExtensionsConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- LDAP proxy server for Trusted Extensions clientsCreating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition
- logical interfacesHow to Add an IP Instance to a Labeled Zone
- network interfaces
- How to Connect a Trusted Extensions System to Other Trusted Extensions Systems
- How to Share a Single IP Address With All Zones
- routes with security attributesHow to Add Default Routes
- startup files for usersHow to Configure Startup Files for Users
in Trusted Extensions
- Trusted ExtensionsConfiguring Trusted Extensions
- Trusted Extensions labeled zonesCreating Labeled Zones
- trusted networkManaging Networks in Trusted Extensions
- VNICsHow to Add a Virtual Network Interface to a
Labeled Zone
- Configuring an LDAP Proxy Server on a Trusted Extensions System (Task Map)Configuring an LDAP Proxy Server on a Trusted Extensions System
- Configuring Labeled IPsec (Task Map)Configuring Labeled IPsec
- Configuring Labeled Printing (Task Map)Configuring Labeled Printing
- Configuring LDAP on a Trusted Extensions Network (Task Map)Configuring LDAP on a Trusted Extensions Network
- configuring Trusted Extensions
- checklist for initial setup teamChecklist for Configuring Trusted Extensions
- initial proceduresConfiguring Trusted Extensions
- kernel zonesCreating Labeled Zones
- labeled zonesCreating Labeled Zones
- remote accessRemote Administration in Trusted Extensions
- task mapsConfiguration Roadmap for Trusted Extensions
- controlling Seerestricting
- creating
- accountsCreating Roles and Users in Trusted Extensions
- accounts during or after configurationSecure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- authorizations for devicesHow to Create New Device Authorizations
- home directories
- Home Directory Creation in Trusted Extensions
- Creating Centralized Home Directories
in Trusted Extensions
- home directory serverHow to Create the Home Directory Server
in Trusted Extensions
- kernel zonesCreating Labeled Zones
- labeled zonesCreating Labeled Zones
- LDAP clientMake the Global Zone an LDAP Client in Trusted Extensions
- LDAP proxy server for Trusted Extensions clientsCreate an LDAP Proxy Server
- LDAP role with roleaddCreating the Security Administrator Role in LDAP
- local role with roleaddHow to Create the Security Administrator
Role in Trusted Extensions
- local user with useraddUsing the useradd Command to Create a Local User
- rolesCreating Roles and Users in Trusted Extensions
- users who can assume rolesHow to Create Users Who Can Assume Roles in Trusted Extensions
- zonesCreating Labeled Zones
- Creating Labeled ZonesCreating Labeled Zones
- customizing
- device authorizationsHow to Add Site-Specific Authorizations to
a Device in Trusted Extensions
- label_encodings fileLabel Encodings File
- unlabeled printingReducing Printing Restrictions in Trusted Extensions
- user accountsCustomizing the User Environment for Security
- Customizing Device Authorizations in Trusted Extensions (Task Map)Customizing Device Authorizations in Trusted Extensions
- Customizing User Environment for Security (Task Map)Customizing the User Environment for Security
- cut and paste
- and labelsRules When Changing the Level of Security
for Data
- cutting and pasting
- configuring rules for label changessel_config File
D
- /dev/kmem kernel image file
- security violationEvaluating Software for Security
- DAC Seediscretionary access control (DAC)
- data
- relabeling efficientlyHow to Create and Share a Multilevel Dataset
- databases
- in LDAPUsing the LDAP Naming Service in Trusted Extensions
- trusted networkNetwork Configuration Databases in Trusted Extensions
- datasets SeeZFS
- deallocating
- forcingHow to Revoke or Reclaim a Device in Trusted Extensions
- deallocating devicesHow to Copy Files From Portable Media
in Trusted Extensions
- debugging Seetroubleshooting
- deciding
- to configure by assuming a limited role or as rootSecure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- to use an Oracle-supplied encodings fileSecure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- decisions to make
- based on site security policySite Security Policy and Trusted Extensions
- before enabling Trusted ExtensionsSecure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- deleting
- labeled zonesHow to Remove Trusted Extensions From the System
- desktops
- accessing multilevel remotelyHow to Configure a Trusted Extensions System With Xvnc for Remote Access
- logging in to a failsafe sessionHow to Log In to a Failsafe Session
in Trusted Extensions
- moving panels to bottom of screenHow to Move Desktop Panels to the Bottom
of the Screen
- using Vino to shareUsing Vino to Share a Desktop in a Test Environment
- workspace color changesHow to Enter the Global Zone in Trusted Extensions
- developer responsibilitiesDeveloper Responsibilities When Creating Trusted
Programs
- device allocation
- authorizingHow to Assign Device Authorizations
- overviewDevice Protection With Trusted Extensions Software
- profiles that include allocation authorizationsHow to Assign Device Authorizations
- Device Manager
- administrative toolTrusted Extensions Administrative
Tools
- descriptionDevice Manager GUI
- use by administratorsHow to Configure a Device by Using the Device Manager in Trusted Extensions
- device-clean scripts
- adding to devicesHow to Add a Device_Clean Script in Trusted Extensions
- requirementsDevice-Clean Scripts
- devices
- access policyDevice Access Policies
- accessingDevice Manager GUI
- adding customized authorizationsHow to Add Site-Specific Authorizations to
a Device in Trusted Extensions
- adding device_clean scriptHow to Add a Device_Clean Script in Trusted Extensions
- administeringManaging Devices for Trusted Extensions
- administering with Device ManagerHow to Configure a Device by Using the Device Manager in Trusted Extensions
- allocatingDevice Protection With Trusted Extensions Software
- configuring devicesHow to Configure a Device by Using the Device Manager in Trusted Extensions
- creating new authorizationsHow to Create New Device Authorizations
- in Trusted ExtensionsAbout Devices in Trusted Extensions
- policy defaultsDevice Access Policies
- preventing remote allocation of audioPreventing Remote Allocation of the Audio Device
- protectingDevice Manager
- protecting nonallocatableHow to Protect Nonallocatable Devices in Trusted Extensions
- reclaimingHow to Revoke or Reclaim a Device in Trusted Extensions
- setting label range for nonallocatableEffects of Label Range on a Device
- setting policyDevice Access Policies
- troubleshootingHow to Revoke or Reclaim a Device in Trusted Extensions
- usingUsing Devices in Trusted Extensions Task Map
- differences
- administrative interfaces in Trusted ExtensionsAdministrative Interfaces in Trusted Extensions
- between Trusted Extensions and Oracle Solaris auditingAuditing in Trusted Extensions
- between Trusted Extensions and Oracle Solaris OSDifferences Between Trusted Extensions and the Oracle Solaris OS
- defaults in Trusted ExtensionsTighter Security Defaults in Trusted Extensions
- extending Oracle Solaris interfacesOracle Solaris Interfaces Extended by Trusted Extensions
- limited options in Trusted ExtensionsLimited Options in Trusted Extensions
- directories
- accessing lower-levelZones in Trusted Extensions
- authorizing a user or role to change label ofHow to Enable a User to Change the Security
Level of Data
- for naming service setupPopulate the Oracle Directory Server Enterprise Edition
- mountingHow to Share File Systems From a Labeled Zone
- sharingHow to Share File Systems From a Labeled Zone
- disabling
- Trusted ExtensionsHow to Remove Trusted Extensions From the System
- discretionary access control (DAC)Trusted Extensions and Access Control
- displaying
- labels of file systems in labeled zoneDisplaying the Labels of File Systems in the restricted Zone
- status of every zoneHow to Display Ready or Running Zones
- DOI
- remote host templatesNetwork Security Attributes in Trusted Extensions
- domain of interpretation (DOI)
- modifyingHow to Configure a Different Domain of Interpretation
- dominance of labelsDominance Relationships Between Labels
- Downgrade DragNDrop or CutPaste Info authorizationHow to Create a Rights Profile for Convenient Authorizations
- Downgrade File Label authorizationHow to Create a Rights Profile for Convenient Authorizations
- downgrading labels
- configuring rules for selection confirmersel_config File
- dpadm serviceInstall the Oracle Directory Server Enterprise Edition
- DragNDrop or CutPaste without viewing contents authorizationHow to Create a Rights Profile for Convenient Authorizations
- dsadm serviceInstall the Oracle Directory Server Enterprise Edition
E
- /etc/default/kbd file
- how to editHow to Change Security Defaults in System
Files
- /etc/default/login file
- how to editHow to Change Security Defaults in System
Files
- /etc/default/passwd file
- how to editHow to Change Security Defaults in System
Files
- /etc/hosts fileHow to Add Hosts to the System's
Known Network
- /etc/security/policy.conf file
- defaultspolicy.conf File
Defaults in Trusted Extensions
- how to editHow to Change Security Defaults in System
Files
- modifyingHow to Modify policy.conf Defaults
- /etc/security/tsol/label_encodings fileLabel Encodings File
- /etc/system file
- modifying for IPv6 CIPSO networkHow to Configure an IPv6 CIPSO Network in Trusted Extensions
- editing system filesHow to Change Security Defaults in System
Files
- enabling
- DOI different from 1How to Configure a Different Domain of Interpretation
- dpadm serviceInstall the Oracle Directory Server Enterprise Edition
- dsadm serviceInstall the Oracle Directory Server Enterprise Edition
- IPv6 CIPSO networkHow to Configure an IPv6 CIPSO Network in Trusted Extensions
- keyboard shutdownHow to Change Security Defaults in System
Files
- labeld serviceInstalling and Enabling Trusted Extensions
- login to labeled zoneHow to Enable Users to Log In to a Labeled
Zone
- Trusted Extensions featureInstalling and Enabling Trusted Extensions
- enabling Trusted Extensions
- /usr/sbin/labeladmTrusted Extensions Administrative
Tools
- encodings file Seelabel_encodings file
- evaluating programs for securityEvaluating Software for Security
- exporting Seesharing
F
- failsafe session
- logging inHow to Log In to a Failsafe Session
in Trusted Extensions
- fallback mechanism
- in security templatesTrusted Network Fallback Mechanism
- file systems
- mounting in global and labeled zonesResults of Sharing and Mounting File Systems in Trusted Extensions
- NFS mountsResults of Sharing and Mounting File Systems in Trusted Extensions
- sharingTrusted Extensions Policies for Mounted File
Systems
- sharing in global and labeled zonesResults of Sharing and Mounting File Systems in Trusted Extensions
- files
- .copy_files
- How to Configure Startup Files for Users
in Trusted Extensions
- .copy_files and .link_files Files
- .link_files
- How to Configure Startup Files for Users
in Trusted Extensions
- .copy_files and .link_files Files
- /etc/default/kbdHow to Change Security Defaults in System
Files
- /etc/default/loginHow to Change Security Defaults in System
Files
- /etc/default/passwdHow to Change Security Defaults in System
Files
- /etc/security/policy.conf
- How to Modify policy.conf Defaults
- policy.conf File
Defaults in Trusted Extensions
- /etc/security/tsol/label_encodings fileLabel Encodings File
- /usr/bin/tsoljdsselmgrRules When Changing the Level of Security
for Data
- /usr/lib/cups/filter/tsol_separator.psLabeled Printer Output
- /usr/sbin/txzonemgr
- Zone Administration Utilities in Trusted Extensions
- Trusted Extensions Administrative
Tools
- /usr/share/gnome/sel_configsel_config File
- accessing from dominating labelsHow to Display the Labels of Mounted
Files
- authorizing a user or role to change label ofHow to Enable a User to Change the Security
Level of Data
- backing up with labelsHow to Back Up Files in Trusted Extensions
- copying from removable mediaHow to Copy Files From Portable Media
in Trusted Extensions
- getmountsHow to Display the Labels of Mounted
Files
- loopback mountingHow to Loopback Mount a File That
Is Usually Not Visible in a Labeled Zone
- policy.confHow to Change Security Defaults in System
Files
- preventing access from dominating labelsHow to Disable the Mounting of Lower-Level
Files
- relabeling privilegesHow to Enable Files to Be Relabeled From a
Labeled Zone
- restoring with labelsHow to Restore Files in Trusted Extensions
- startupHow to Configure Startup Files for Users
in Trusted Extensions
- files and file systems
- mountingHow to Share File Systems From a Labeled Zone
- namingHow to Share File Systems From a Labeled Zone
- sharingHow to Share File Systems From a Labeled Zone
- finding
- label equivalent in hexadecimalHow to Obtain the Hexadecimal Equivalent
for a Label
- label equivalent in text formatHow to Obtain a Readable Label
From Its Hexadecimal Form
G
- gateways
- accreditation checksGateway Accreditation Checks
- example ofGateways in Trusted Extensions
- gdm
- accessing multilevel remotelyHow to Configure a Trusted Extensions System With Xvnc for Remote Access
- getmounts scriptHow to Display the Labels of Mounted
Files
- Getting Started as a Trusted Extensions Administrator (Task Map)Getting Started as a Trusted Extensions Administrator on a Desktop System
- global zone
- difference from labeled zonesZones in Trusted Extensions
- enteringHow to Enter the Global Zone in Trusted Extensions
- exitingHow to Exit the Global Zone in Trusted Extensions
- groups
- deletion precautionsGroup Administration Practices
- security requirementsGroup Administration Practices
H
- Handling Devices in Trusted Extensions (Task Map)Handling Devices in Trusted Extensions
- hardware planningPlanning System Hardware and Capacity for Trusted Extensions
- hextoalabel commandHow to Obtain a Readable Label
From Its Hexadecimal Form
- home directories
- accessingZones in Trusted Extensions
- creating
- Home Directory Creation in Trusted Extensions
- Creating Centralized Home Directories
in Trusted Extensions
- creating server forHow to Create the Home Directory Server
in Trusted Extensions
- logging in and getting
- How to Enable Users to Access Their
Remote Home Directories by Configuring the Automounter on Each Server
- How to Enable Users to Access Their
Remote Home Directories at Every Label by Logging In to Each NFS Server
- host types
- networking
- Host Type and Template Name in Security Templates
- Trusted Extensions Data Packets
- remote host templatesNetwork Security Attributes in Trusted Extensions
- table of templates and protocolsHost Type and Template Name in Security Templates
- hosts
- adding to /etc/hosts fileHow to Add Hosts to the System's
Known Network
- adding to security template
- How to Add a Range of Hosts to a Security
Template
- How to Add a Host to a Security Template
- assigning a templateAdding Hosts to Security Templates
- networking conceptsTrusted Network Communications
- hot key
- regaining control of desktop focusHow to Regain Control of the Desktop's
Current Focus
I
- IDLECMD keyword
- changing defaultChanging the System's Idle Settings
- IDLETIME keyword
- changing defaultChanging the System's Idle Settings
- IKE
- labels in tunnel modeLabels and Accreditation in Tunnel Mode IPsec
- immutable zones
- Trusted Extensions andCreating Labeled Zones
- importing
- softwareAdding Software to Trusted Extensions
- initial setup team
- checklist for configuring Trusted ExtensionsChecklist for Configuring Trusted Extensions
- inner labelLabels for IPsec-Protected Exchanges
- installing
- label_encodings file
- How to Check and Install Your Label Encodings
File
- Enable Trusted Extensions
- Oracle Directory Server Enterprise EditionConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- Oracle Solaris OS for Trusted ExtensionsAdding the Trusted Extensions Feature to Oracle Solaris
- interfaces
- adding to security template
- How to Add a Range of Hosts to a Security
Template
- How to Add a Host to a Security Template
- verifying they are upHow to Verify That a System's Interfaces
Are Up
- internationalizing Seelocalizing
- IP addresses
- 0.0.0.0 host addressTrusted Extensions Host Address and Fallback Mechanism Entries
- fallback mechanism in trusted networkingTrusted Network Fallback Mechanism
- ipadm commandNetwork Commands in Trusted Extensions
- IPsec
- label extensionsLabel Extensions for IPsec Security Associations
- labels in tunnel modeLabels and Accreditation in Tunnel Mode IPsec
- labels on trusted exchangesLabels for IPsec-Protected Exchanges
- protections with label extensionsConfidentiality and Integrity Protections With
Label Extensions
- with Trusted Extensions labelsAdministration of Labeled IPsec
- ipseckey commandNetwork Commands in Trusted Extensions
- IPv6
- entry in /etc/system fileHow to Configure an IPv6 CIPSO Network in Trusted Extensions
- troubleshootingHow to Configure an IPv6 CIPSO Network in Trusted Extensions
K
- kernel zones
- Trusted Extensions andCreating Labeled Zones
- key combinations
- testing if grab is trustedHow to Regain Control of the Desktop's
Current Focus
- keyboard shutdown
- enablingHow to Change Security Defaults in System
Files
- kmem kernel image fileEvaluating Software for Security
L
- .link_files file
- description.copy_files and .link_files Files
- setting up for usersHow to Configure Startup Files for Users
in Trusted Extensions
- label extensions
- IKE negotiationsLabel Extensions for IKE
- IPsec SAsLabel Extensions for IPsec Security Associations
- label ranges
- restricting remote accessRemote Administration in Trusted Extensions
- setting on frame buffersEffects of Label Range on a Device
- setting on printersEffects of Label Range on a Device
- label audit tokenlabel Token
- label_encodings file
- checkingHow to Check and Install Your Label Encodings
File
- contentsLabel Encodings File
- installing
- How to Check and Install Your Label Encodings
File
- Enable Trusted Extensions
- localizingFor International Customers of Trusted Extensions
- modifying
- How to Check and Install Your Label Encodings
File
- Enable Trusted Extensions
- reference for labeled printingLabeled Printer Output
- source of accreditation rangesLabel Encodings File
- labeladm commandInstalling and Enabling Trusted Extensions
- enabling Trusted ExtensionsInstalling and Enabling Trusted Extensions
- installing encodings file
- Enable Trusted Extensions
- Enable Trusted Extensions
- removing Trusted ExtensionsHow to Remove Trusted Extensions From the System
- labeld service
- disablingHow to Remove Trusted Extensions From the System
- enablingInstalling and Enabling Trusted Extensions
- labeled IPsec SeeIPsec
- labeled multicast packetsTrusted Extensions Multicast Packets
- labeled printing
- banner pagesLabeled Banner and Trailer Pages
- body pagesLabeled Body Pages
- removing labelHow to Create a Rights Profile for Convenient Authorizations
- without banner pageHow to Create a Rights Profile for Convenient Authorizations
- Labeled Zone Manager Seetxzonemgr script
- labeled zones Seezones
- labeling
- turning on labelsLog In to Trusted Extensions
- zonesHow to Create Labeled Zones Interactively
- Labeling Hosts and Networks (Tasks)Labeling Hosts and Networks
- labels See Alsolabel ranges
- accreditation in tunnel modeLabels and Accreditation in Tunnel Mode IPsec
- authorizing a user or role to change label of dataHow to Enable a User to Change the Security
Level of Data
- Change Workspace Label menu itemUnique Trusted Extensions Security Features
- classification componentDominance Relationships Between Labels
- compartment componentDominance Relationships Between Labels
- configuring rules for label changessel_config File
- default in remote host templatesNetwork Security Attributes in Trusted Extensions
- describedTrusted Extensions and Access Control
- determining text equivalentsHow to Obtain a Readable Label
From Its Hexadecimal Form
- displaying in hexadecimalHow to Obtain the Hexadecimal Equivalent
for a Label
- displaying labels of file systems in labeled zoneDisplaying the Labels of File Systems in the restricted Zone
- dominanceDominance Relationships Between Labels
- downgrading and upgradingsel_config File
- extensions for IKE SAsLabel Extensions for IKE
- extensions for IPsec SAsLabel Extensions for IPsec Security Associations
- of processesWhat Labels Protect and Where Labels Appear
- of user processesSession Range
- on IPsec exchangesLabels for IPsec-Protected Exchanges
- on printoutsLabeled Printer Output
- overviewLabels in Trusted Extensions Software
- planningDevising a Label Strategy
- printing without page labelsHow to Enable Specific Users and Roles to
Bypass Labeling Printed Output
- relationshipsDominance Relationships Between Labels
- repairing in internal databasesHow to Obtain a Readable Label
From Its Hexadecimal Form
- Selection Manager dialog boxUnique Trusted Extensions Security Features
- specifying for zonesHow to Create Labeled Zones Interactively
- troubleshootingHow to Obtain a Readable Label
From Its Hexadecimal Form
- TrustedExtensionsPolicy fileUnique Trusted Extensions Security Features
- well-formedLabel Ranges
- laptops
- planningPlanning for Multilevel Services
- LDAP
- displaying entriesQuick Reference for the LDAP Naming Service
in Trusted Extensions
- managing the naming serviceQuick Reference for the LDAP Naming Service
in Trusted Extensions
- naming service for Trusted ExtensionsUsing the LDAP Naming Service in Trusted Extensions
- planningPlanning for the LDAP Naming Service in Trusted Extensions
- starting proxy serverQuick Reference for the LDAP Naming Service
in Trusted Extensions
- starting serverQuick Reference for the LDAP Naming Service
in Trusted Extensions
- stopping proxy serverQuick Reference for the LDAP Naming Service
in Trusted Extensions
- stopping serverQuick Reference for the LDAP Naming Service
in Trusted Extensions
- troubleshootingHow to Debug a Client's Connection
to the LDAP Server
- Trusted Extensions databasesUsing the LDAP Naming Service in Trusted Extensions
- LDAP configuration
- creating clientMake the Global Zone an LDAP Client in Trusted Extensions
- for Trusted ExtensionsConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- NFS servers, andConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- Sun Ray servers, andConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- LDAP server
- collecting information forCollect Information for the LDAP Server
- configuring multilevel portConfigure a Multilevel Port for the Oracle Directory Server Enterprise Edition
- configuring naming serviceInstall the Oracle Directory Server Enterprise Edition
- configuring proxy for Trusted Extensions clientsCreating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition
- creating proxy for Trusted Extensions clientsCreate an LDAP Proxy Server
- installing in Trusted ExtensionsInstall the Oracle Directory Server Enterprise Edition
- protecting log filesConfigure the Logs for the Oracle Directory Server Enterprise Edition
- limiting
- defined hosts on the networkHow to Limit the Hosts That Can Be Contacted on the Trusted Network
- localizing
- configuring labeled printoutstsol_separator.ps Configuration
File
- LOFS
- mounting datasets in Trusted ExtensionsMount Possibilities in Trusted Extensions
- log files
- protecting LDAP Server logsConfigure the Logs for the Oracle Directory Server Enterprise Edition
- logging in
- to a home directory server
- How to Enable Users to Access Their
Remote Home Directories by Configuring the Automounter on Each Server
- How to Enable Users to Access Their
Remote Home Directories at Every Label by Logging In to Each NFS Server
- using ssh commandHow to Log In and Administer a Remote Trusted Extensions System
- login
- by rolesRoles in Trusted Extensions
- remoteEnable Remote Administration of a Remote Trusted Extensions System
- logout
- requiringChanging the System's Idle Settings
M
- MAC Seemandatory access control (MAC)
- mail
- administeringAbout Multilevel Mail in Trusted Extensions
- implementation in Trusted ExtensionsTrusted Extensions Mail Features
- multilevelMultilevel Mail Service
- man pages
- quick reference for Trusted Extensions administratorsList of Trusted Extensions Man Pages
- managing Seeadministering
- Managing Devices in Trusted Extensions (Task Map)Managing Devices in Trusted Extensions
- Managing Printing in Trusted Extensions (Task Map)Managing Printing in Trusted Extensions
- Managing Users and Rights (Task Map)Managing Users and Rights
- Managing Zones (Task Map)Managing Zones
- mandatory access control (MAC)
- enforcing on the networkAbout the Trusted Network
- in Trusted ExtensionsTrusted Extensions and Access Control
- maximum labels
- remote host templatesNetwork Security Attributes in Trusted Extensions
- media
- copying files from removableHow to Copy Files From Portable Media
in Trusted Extensions
- minimum labels
- remote host templatesNetwork Security Attributes in Trusted Extensions
- MLPs Seemultilevel ports (MLPs)
- mlslabel property
- ADMIN_HIGH label andmlslabel Property
and Mounting Single-Level File Systems
- modifying
- label_encodings fileHow to Check and Install Your Label Encodings
File
- mounting
- file systemsHow to Share File Systems From a Labeled Zone
- files by loopback mountingHow to Loopback Mount a File That
Is Usually Not Visible in a Labeled Zone
- overviewResults of Sharing and Mounting File Systems in Trusted Extensions
- troubleshootingHow to Troubleshoot Mount Failures in Trusted Extensions
- ZFS dataset on labeled zoneHow to Share a ZFS Dataset From
a Labeled Zone
- mounting datasets in Trusted ExtensionsMount Possibilities in Trusted Extensions
- multicast packetsTrusted Extensions Multicast Packets
- multiheaded system
- trusted stripeMultiheaded Systems and the Trusted Extensions Desktop
- multilevel datasets
- creatingHow to Create and Share a Multilevel Dataset
- overviewMultilevel Datasets for Relabeling Files
- multilevel mounts
- NFS protocol versionsTrusted Extensions Software and NFS Protocol
Versions
- multilevel ports (MLPs)
- administeringDisplaying Multilevel Ports on a System
- example of NFSv3 MLPConfiguring a Private Multilevel Port for NFSv3 Over udp
- example of web proxy MLPHow to Create a Multilevel Port
for a Zone
- multilevel printing
- accessing by print clientHow to Enable a Trusted Extensions Client to
Access a Printer
- configuring
- How to Configure a Network Printer
- How to Configure a Multilevel Print Server
and Its Printers
- multilevel server
- planningPlanning for Multilevel Services
N
- name service cache daemon Seenscd daemon
- names
- specifying for zonesHow to Create Labeled Zones Interactively
- names of file systemsHow to Share File Systems From a Labeled Zone
- naming
- zonesHow to Create Labeled Zones Interactively
- naming services
- databases unique to Trusted ExtensionsUsing the LDAP Naming Service in Trusted Extensions
- LDAPAbout Trusted Extensions and LDAP
- managing LDAPQuick Reference for the LDAP Naming Service
in Trusted Extensions
- net_mac_aware privilegeHow to Disable the Mounting of Lower-Level
Files
- netstat command
- How to Debug the Trusted Extensions Network
- Network Commands in Trusted Extensions
- network
- Seetrusted network
- SeeTrusted Extensions network
- network databases
- descriptionNetwork Configuration Databases in Trusted Extensions
- in LDAPUsing the LDAP Naming Service in Trusted Extensions
- network packetsTrusted Extensions Data Packets
- networking conceptsTrusted Network Communications
- NFS
- mounting datasets in Trusted ExtensionsMount Possibilities in Trusted Extensions
- NFS mounts
- accessing lower-level directoriesNFS Server and Client Configuration in Trusted Extensions
- in global and labeled zonesResults of Sharing and Mounting File Systems in Trusted Extensions
- NFS servers
- LDAP servers, andConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- nonallocatable devices
- protectingHow to Protect Nonallocatable Devices in Trusted Extensions
- setting label rangeEffects of Label Range on a Device
- nscd daemon
- adding to every labeled zoneHow to Configure a Separate Name Service for
Each Labeled Zone
O
- Oracle Directory Server Enterprise Edition SeeLDAP server
- Oracle Solaris OS
- differences from Trusted ExtensionsDifferences Between Trusted Extensions and the Oracle Solaris OS
- differences from Trusted Extensions auditingAuditing in Trusted Extensions
- similarities with Trusted ExtensionsSimilarities Between Trusted Extensions and the Oracle Solaris OS
- similarities with Trusted Extensions auditingAuditing in Trusted Extensions
P
- packages
- Trusted Extensions featureAdd Trusted Extensions Packages to an Oracle Solaris System
- panels
- moving to bottom of screenHow to Move Desktop Panels to the Bottom
of the Screen
- passwords
- assigningSecurity Attribute Assignment to Users
in Trusted Extensions
- Change Password menu item
- How to Change the Password for root on a Desktop System
- Unique Trusted Extensions Security Features
- changing for rootHow to Change the Password for root on a Desktop System
- changing in labeled zoneHow to Enforce a New Local User
Password in a Labeled Zone
- changing user passwordsUnique Trusted Extensions Security Features
- providing when changing labels
- Unique Trusted Extensions Security Features
- Unique Trusted Extensions Security Features
- Unique Trusted Extensions Security Features
- storagePassword Protection
- testing if password prompt is trustedTesting If the Password Prompt Can Be Trusted
- planning See AlsoTrusted Extensions use
- account creationPlanning User Security in Trusted Extensions
- administration strategyPlanning Who Will Configure Trusted Extensions
- auditingPlanning for Auditing in Trusted Extensions
- hardwarePlanning System Hardware and Capacity for Trusted Extensions
- labelsDevising a Label Strategy
- laptop configurationPlanning for Multilevel Services
- LDAP naming servicePlanning for the LDAP Naming Service in Trusted Extensions
- networkPlanning Your Trusted Network
- Trusted ExtensionsPlanning for Security in Trusted Extensions
- Trusted Extensions configuration strategyForming an Install Team for Trusted Extensions
- zonesPlanning Your Labeled Zones in Trusted Extensions
- policy.conf file
- changing defaultsHow to Change Security Defaults in System
Files
- changing Trusted Extensions keywordsChanging the System's Idle Settings
- defaultspolicy.conf File
Defaults in Trusted Extensions
- how to editHow to Modify policy.conf Defaults
- preventing Seeprotecting
- Print without Banner authorizationHow to Create a Rights Profile for Convenient Authorizations
- Print without Label authorizationHow to Create a Rights Profile for Convenient Authorizations
- printed output Seeprinting
- printer output Seeprinting
- printers
- setting label rangeEffects of Label Range on a Device
- printing
- and label_encodings fileLabel Encodings File
- authorizationsTrusted Extensions Print Interfaces (Reference)
- authorizations for unlabeled output from a public systemAssigning Printing-Related Authorizations to All Users of a System
- configuring for multilevel labeled output
- How to Configure a Network Printer
- How to Configure a Multilevel Print Server
and Its Printers
- configuring for print clientHow to Enable a Trusted Extensions Client to
Access a Printer
- configuring labeled zoneHow to Configure a Zone as a Single-Level
Print Server
- configuring labels and texttsol_separator.ps Configuration
File
- configuring public print jobsSending Public Print Jobs to an Unlabeled Printer
- in local languagetsol_separator.ps Configuration
File
- internationalizing labeled outputtsol_separator.ps Configuration
File
- labeling an Oracle Solaris print serverHow to Assign a Label to an Unlabeled Print
Server
- localizing labeled outputtsol_separator.ps Configuration
File
- managingLabels, Printers, and Printing
- PostScriptPostScript Printing of Security Information
- preventing labels on outputHow to Remove Banner and Trailer Pages
- public jobs from an Oracle Solaris print serverSending Public Print Jobs to an Unlabeled Printer
- using an Oracle Solaris print serverHow to Assign a Label to an Unlabeled Print
Server
- without labeled banners and trailersHow to Create a Rights Profile for Convenient Authorizations
- without page labels
- How to Enable Specific Users and Roles to
Bypass Labeling Printed Output
- How to Create a Rights Profile for Convenient Authorizations
- printouts Seeprinting
- privileges
- changing defaults for usersSecurity Attribute Assignment to Users
in Trusted Extensions
- non-obvious reasons for requiringEvaluating Software for Security
- removing proc_info from basic setModifying Every User's Basic Privilege Set
- restricting users'How to Restrict a User's Set of
Privileges
- when executing commandsHow to Enter the Global Zone in Trusted Extensions
- proc_info privilege
- removing from basic setModifying Every User's Basic Privilege Set
- procedures Seetasks and task maps
- processes
- labels ofWhat Labels Protect and Where Labels Appear
- labels of user processesSession Range
- preventing users from seeing others' processesModifying Every User's Basic Privilege Set
- profiles Seerights profiles
- programs Seeapplications
- protecting
- devices
- Device Protection With Trusted Extensions Software
- Device Manager
- devices from remote allocationPreventing Remote Allocation of the Audio Device
- file systems by using non-proprietary namesHow to Share File Systems From a Labeled Zone
- files at lower labels from being accessedHow to Disable the Mounting of Lower-Level
Files
- information with labelsWhat Labels Protect and Where Labels Appear
- labeled hosts from access by arbitrary hostsHow to Limit the Hosts That Can Be Contacted on the Trusted Network
- nonallocatable devicesHow to Protect Nonallocatable Devices in Trusted Extensions
- proxy server
- starting and stopping LDAPQuick Reference for the LDAP Naming Service
in Trusted Extensions
- publications
- security and UNIXAdditional Security References
R
- real UID of root
- required for applicationsEvaluating Software for Security
- rebooting
- activating labelsLog In to Trusted Extensions
- enabling login to labeled zoneHow to Enable Users to Log In to a Labeled
Zone
- Reducing Printing Restrictions in Trusted Extensions (Task Map)Reducing Printing Restrictions in Trusted Extensions
- regaining control of desktop focusHow to Regain Control of the Desktop's
Current Focus
- regular users Seeusers
- relabeling data
- eliminating IOHow to Create and Share a Multilevel Dataset
- relabeling informationHow to Enable a User to Change the Security
Level of Data
- remote administration
- defaultsRemote Administration in Trusted Extensions
- methodsMethods for Administering Remote Systems in Trusted Extensions
- remote host templates
- 0.0.0.0/0 wildcard assignmentHow to Limit the Hosts That Can Be Contacted on the Trusted Network
- adding systems to
- How to Add a Range of Hosts to a Security
Template
- How to Add a Host to a Security Template
- assigningAdding Hosts to Security Templates
- creatingCreating Security Templates
- entry for Sun Ray serversHow to Limit the Hosts That Can Be Contacted on the Trusted Network
- remote hosts
- using fallback mechanism in tnrhdbTrusted Network Fallback Mechanism
- Remote Login authorizationHow to Create a Rights Profile for Convenient Authorizations
- remote multilevel desktop
- accessingHow to Configure a Trusted Extensions System With Xvnc for Remote Access
- remote systems
- configuring for role assumptionEnable Remote Administration of a Remote Trusted Extensions System
- removing
- labels on printoutsHow to Remove Banner and Trailer Pages
- zone-specific nscd daemonRemoving a Name Service Cache From Each Labeled Zone
- removing Trusted Extensions Seedisabling
- repairing
- labels in internal databasesHow to Obtain a Readable Label
From Its Hexadecimal Form
- restoring control of desktop focusHow to Regain Control of the Desktop's
Current Focus
- restricting
- access to computer based on labelEffects of Label Range on a Device
- access to devicesDevice Protection With Trusted Extensions Software
- access to global zoneRole Assumption in Trusted Extensions
- access to lower-level filesHow to Disable the Mounting of Lower-Level
Files
- access to printers with labels
- Restricting Access to Printers and Print
Job Information in Trusted Extensions
- Differences Between Trusted Extensions Printing
in Oracle Solaris 10 and Oracle Solaris 11
- mounts of lower-level filesHow to Disable the Mounting of Lower-Level
Files
- printer access with labels
- Restricting Access to Printers and Print
Job Information in Trusted Extensions
- Differences Between Trusted Extensions Printing
in Oracle Solaris 10 and Oracle Solaris 11
- remote accessRemote Administration in Trusted Extensions
- Revoke or Reclaim Device authorization
- How to Assign Device Authorizations
- How to Assign Device Authorizations
- rights Seerights profiles
- rights profiles
- assigningSecurity Attribute Assignment to Users
in Trusted Extensions
- Convenient AuthorizationsHow to Create a Rights Profile for Convenient Authorizations
- with Allocate Device authorizationHow to Assign Device Authorizations
- with device allocation authorizationsHow to Assign Device Authorizations
- with new device authorizationsCreating and Assigning Trusted Path and Non-Trusted Path Device Authorizations
- roadmaps
- Task Map: Choosing a Trusted Extensions ConfigurationTask Map: Choosing a Trusted Extensions Configuration
- Task Map: Configuring Trusted Extensions to Your Site's RequirementsTask Map: Configuring Trusted Extensions to
Meet Your Site's Requirements
- Task Map: Configuring Trusted Extensions With the Provided DefaultsTask Map: Configuring Trusted Extensions With
the Provided Defaults
- Task Map: Preparing For and Enabling Trusted ExtensionsTask Map: Preparing for and Enabling Trusted Extensions
- role workspace
- global zoneRoles in Trusted Extensions
- roleadd commandHow to Create the Security Administrator
Role in Trusted Extensions
- roles
- adding LDAP role with roleaddCreating the Security Administrator Role in LDAP
- adding local role with roleaddHow to Create the Security Administrator
Role in Trusted Extensions
- administering auditingRole Responsibilities for Audit Administration
- assigning rightsSecurity Attribute Assignment to Users
in Trusted Extensions
- assuming
- How to Enter the Global Zone in Trusted Extensions
- Roles in Trusted Extensions
- creatingRole Creation in Trusted Extensions
- creating Security AdministratorHow to Create the Security Administrator
Role in Trusted Extensions
- deciding if ARMORSecure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- determining when to createSecure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- leaving role workspaceHow to Exit the Global Zone in Trusted Extensions
- trusted application accessAdministration Tools for Trusted Extensions
- verifying they workHow to Verify That the Trusted Extensions Roles
Work
- workspacesRoles in Trusted Extensions
- root role
- adding device_clean scriptHow to Add a Device_Clean Script in Trusted Extensions
- root UID
- required for applicationsEvaluating Software for Security
- route commandNetwork Commands in Trusted Extensions
- routingAbout Routing in Trusted Extensions
- accreditation checksTrusted Extensions Accreditation Checks
- commands in Trusted ExtensionsRouting Commands in Trusted Extensions
- conceptsAdministration of Routing in Trusted Extensions
- example ofGateways in Trusted Extensions
- tables
- Choosing Routers in Trusted Extensions
- Routing Table Entries in Trusted Extensions
- using route commandHow to Add Default Routes
S
- scripts
- /usr/bin/txzonemgrHow to Display Ready or Running Zones
- /usr/sbin/txzonemgr
- Zone Administration Utilities in Trusted Extensions
- Trusted Extensions Administrative
Tools
- getmountsHow to Display the Labels of Mounted
Files
- secure attention
- key combinationHow to Regain Control of the Desktop's
Current Focus
- security
- initial setup teamInitial Setup Team Responsibilities
- publicationsAdditional Security References
- site security policySite Security Policy
- Security Administrator role
- administering printer securityLabels, Printers, and Printing
- administering usersManaging Users and Rights
- assigning authorizations to usersHow to Create a Rights Profile for Convenient Authorizations
- configuring a deviceHow to Configure a Device by Using the Device Manager in Trusted Extensions
- creatingHow to Create the Security Administrator
Role in Trusted Extensions
- creating Convenient Authorizations rights profileHow to Create a Rights Profile for Convenient Authorizations
- enabling unlabeled body pages from a public systemAssigning Printing-Related Authorizations to All Users of a System
- enforcing securityEnforcement of Device Security in Trusted Extensions
- protecting nonallocatable devicesHow to Protect Nonallocatable Devices in Trusted Extensions
- security administrators SeeSecurity Administrator role
- security attributesRouting Table Entries in Trusted Extensions
- modifying defaults for all usersHow to Modify policy.conf Defaults
- modifying user defaultsHow to Modify Default User Label Attributes
- setting for remote hostsCreating Security Templates
- using in routingHow to Add Default Routes
- security information
- on printoutsLabeled Printer Output
- planning for Trusted ExtensionsResolving Additional Issues Before Enabling Trusted Extensions
- security label set
- remote host templatesNetwork Security Attributes in Trusted Extensions
- security mechanisms
- extensibleExtension of Oracle Solaris Security Features by Trusted Extensions
- Oracle SolarisSecurity Mechanisms for Oracle Solaris Software
- security policy
- auditingTrusted Extensions Audit Policy Options
- training usersUsers and Security Requirements
- users and devicesEnforcement of Device Security in Trusted Extensions
- security templates Seeremote host templates
- sel_config file
- sel_config File
- sel_config File
- selecting
- audit records by labelAudit Tasks in Trusted Extensions
- Selection Manager
- configuring rules for selection confirmersel_config File
- default configurationRules When Changing the Level of Security
for Data
- Selection Manager dialog box
- descriptionUnique Trusted Extensions Security Features
- Service Management Framework (SMF)
- dpadmInstall the Oracle Directory Server Enterprise Edition
- dsadmInstall the Oracle Directory Server Enterprise Edition
- session rangeSession Range
- sessions
- failsafeHow to Log In to a Failsafe Session
in Trusted Extensions
- Setting Up Remote Administration in Trusted Extensions (Task Map)Configuring and Administering Remote Systems in Trusted Extensions
- sharing
- IP addressesHow to Assign Labels to Two Zone Workspaces
- with VinoUsing Vino to Share a Desktop in a Test Environment
- ZFS dataset from labeled zoneHow to Share a ZFS Dataset From
a Labeled Zone
- Shutdown authorizationHow to Create a Rights Profile for Convenient Authorizations
- similarities
- between Trusted Extensions and Oracle Solaris auditingAuditing in Trusted Extensions
- between Trusted Extensions and Oracle Solaris OSSimilarities Between Trusted Extensions and the Oracle Solaris OS
- single-label
- loginAccount Label Range
- printing in a zoneHow to Configure a Zone as a Single-Level
Print Server
- site security policy
- common violationsCommon Security Violations
- personnel recommendationsPersonnel Security Recommendations
- physical access recommendationsPhysical Security Recommendations
- recommendationsComputer Security Recommendations
- tasks involvedSite Security Policy
- Trusted Extensions configuration decisionsSite Security Policy and Trusted Extensions
- understandingUnderstanding Your Site's Security Policy
- snoop command
- How to Debug the Trusted Extensions Network
- Network Commands in Trusted Extensions
- software
- administering third-partySoftware Management in Trusted Extensions
- importingAdding Software to Trusted Extensions
- solaris.print.admin
- authorizationTrusted Extensions Print Interfaces (Reference)
- solaris.print.list
- authorizationTrusted Extensions Print Interfaces (Reference)
- solaris.print.nobanner
- authorizationTrusted Extensions Print Interfaces (Reference)
- solaris.print.nobanner authorizationAssigning Printing-Related Authorizations to All Users of a System
- solaris.print.unlabeled
- authorizationTrusted Extensions Print Interfaces (Reference)
- solaris.print.unlabeled authorizationAssigning Printing-Related Authorizations to All Users of a System
- startup files
- procedures for customizingHow to Configure Startup Files for Users
in Trusted Extensions
- Stop-A
- enablingHow to Change Security Defaults in System
Files
- Sun Ray systems
- 0.0.0.0/32 address for client contactHow to Limit the Hosts That Can Be Contacted on the Trusted Network
- enabling initial contact between client and serverConfiguring a Valid Initial Address for a Labeled Sun Ray Server
- LDAP servers, andConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- preventing users from seeing others' processesModifying Every User's Basic Privilege Set
- web site for documentationTask Map: Choosing a Trusted Extensions Configuration
- System Administrator role
- administering printersLabels, Printers, and Printing
- creatingHow to Create a System Administrator
Role
- reclaiming a deviceHow to Revoke or Reclaim a Device in Trusted Extensions
- reviewing audit recordsAudit Tasks in Trusted Extensions
- system files
- editingHow to Change Security Defaults in System
Files
- label_encodingsHow to Check and Install Your Label Encodings
File
- sel_configsel_config File
- tsol_separator.psHow to Enable Specific Users and Roles to
Bypass Labeling Printed Output
T
- tasks and task maps
- Additional Trusted Extensions Configuration TasksAdditional Trusted Extensions Configuration Tasks
- Common Tasks in Trusted Extensions Task Map)Performing Common Tasks in Trusted Extensions
- Configuring LDAP on a Trusted Extensions Network (Task Map)Configuring LDAP on a Trusted Extensions Network
- Configuring an LDAP Proxy Server on a Trusted Extensions System (Task Map)Configuring an LDAP Proxy Server on a Trusted Extensions System
- Configuring Labeled IPsec (Task Map)Configuring Labeled IPsec
- Configuring Labeled Printing (Task Map)Configuring Labeled Printing
- Creating Labeled ZonesCreating Labeled Zones
- Customizing Device Authorizations in Trusted Extensions (Task Map)Customizing Device Authorizations in Trusted Extensions
- Customizing User Environment for Security (Task Map)Customizing the User Environment for Security
- Getting Started as a Trusted Extensions Administrator Task MapGetting Started as a Trusted Extensions Administrator on a Desktop System
- Handling Devices in Trusted Extensions (Task Map)Handling Devices in Trusted Extensions
- Labeling Hosts and Networks (Tasks)Labeling Hosts and Networks
- Managing Devices in Trusted Extensions (Task Map)Managing Devices in Trusted Extensions
- Managing Printing in Trusted Extensions (Task Map)Managing Printing in Trusted Extensions
- Managing Users and RightsManaging Users and Rights
- Managing Zones (Task Map)Managing Zones
- Reducing Printing Restrictions in Trusted Extensions (Task Map)Reducing Printing Restrictions in Trusted Extensions
- Setting Up Remote Administration in Trusted Extensions (Task Map)Configuring and Administering Remote Systems in Trusted Extensions
- Task Map: Choosing a Trusted Extensions ConfigurationTask Map: Choosing a Trusted Extensions Configuration
- Task Map: Configuring Trusted Extensions to Your Site's RequirementsTask Map: Configuring Trusted Extensions to
Meet Your Site's Requirements
- Task Map: Configuring Trusted Extensions With the Provided DefaultsTask Map: Configuring Trusted Extensions With
the Provided Defaults
- Task Map: Preparing For and Enabling Trusted ExtensionsTask Map: Preparing for and Enabling Trusted Extensions
- Troubleshooting the Trusted Network (Task Map)Troubleshooting the Trusted Network
- Using Devices in Trusted Extensions (Task Map)Using Devices in Trusted Extensions Task Map
- Viewing Existing Security Templates (Tasks)Viewing Existing Security Templates
- templates Seeremote host templates
- text label equivalents
- determiningHow to Obtain a Readable Label
From Its Hexadecimal Form
- tncfg command
- creating a multilevel portHow to Create a Multilevel Port
for a Zone
- descriptionNetwork Commands in Trusted Extensions
- modifying DOI valueHow to Configure a Different Domain of Interpretation
- tnchkdb command
- descriptionNetwork Commands in Trusted Extensions
- tnctl command
- descriptionNetwork Commands in Trusted Extensions
- tnd command
- descriptionNetwork Commands in Trusted Extensions
- tninfo command
- descriptionNetwork Commands in Trusted Extensions
- usingHow to Debug a Client's Connection
to the LDAP Server
- tools Seeadministrative tools
- trailer pages Seebanner pages
- translation Seelocalizing
- troubleshooting
- failed loginHow to Log In to a Failsafe Session
in Trusted Extensions
- IPv6 configurationHow to Configure an IPv6 CIPSO Network in Trusted Extensions
- LDAPHow to Debug a Client's Connection
to the LDAP Server
- mounted file systemsHow to Troubleshoot Mount Failures in Trusted Extensions
- networkTroubleshooting the Trusted Network
- reclaiming a deviceHow to Revoke or Reclaim a Device in Trusted Extensions
- repairing labels in internal databasesHow to Obtain a Readable Label
From Its Hexadecimal Form
- Trusted Extensions configurationTroubleshooting Your Trusted Extensions Configuration
- trusted networkHow to Debug the Trusted Extensions Network
- verifying interface is upHow to Verify That a System's Interfaces
Are Up
- viewing ZFS dataset mounted in lower-level zoneSharing and Mounting a ZFS Dataset From Labeled Zones
- Troubleshooting the Trusted Network (Task Map)Troubleshooting the Trusted Network
- trusted applications
- in a role workspaceAdministration Tools for Trusted Extensions
- Trusted Extensions See AlsoTrusted Extensions planning
- addingAdd Trusted Extensions Packages to an Oracle Solaris System
- adding to Oracle SolarisInstalling and Enabling Trusted Extensions
- decisions to make before enablingSecure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
- differences from Oracle Solaris administrator's perspectiveResults of Enabling Trusted Extensions From an Administrator's
Perspective
- differences from Oracle Solaris auditingAuditing in Trusted Extensions
- differences from Oracle Solaris OSDifferences Between Trusted Extensions and the Oracle Solaris OS
- disablingHow to Remove Trusted Extensions From the System
- enablingInstalling and Enabling Trusted Extensions
- IPsec protectionsLabels for IPsec-Protected Exchanges
- man pages quick referenceList of Trusted Extensions Man Pages
- memory requirementsPlanning System Hardware and Capacity for Trusted Extensions
- networkingTrusted Networking
- planning configuration strategyForming an Install Team for Trusted Extensions
- planning forPlanning for Security in Trusted Extensions
- planning hardwarePlanning System Hardware and Capacity for Trusted Extensions
- planning networkPlanning Your Trusted Network
- preparing forResolving Security Issues Before Installing Trusted Extensions
- quick reference to administrationQuick Reference to Trusted Extensions Administration
- remote access to displayUsing Vino to Share a Desktop in a Test Environment
- results before configurationResults of Enabling Trusted Extensions From an Administrator's
Perspective
- similarities with Oracle Solaris auditingAuditing in Trusted Extensions
- similarities with Oracle Solaris OSSimilarities Between Trusted Extensions and the Oracle Solaris OS
- two-role configuration strategyForming an Install Team for Trusted Extensions
- Trusted Extensions configuration
- adding network databases to LDAP serverPopulate the Oracle Directory Server Enterprise Edition
- changing default DOI valueHow to Configure a Different Domain of Interpretation
- databases for LDAPConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- division of tasksInitial Setup Team Responsibilities
- evaluated configurationUnderstanding Your Site's Security Policy
- initial proceduresConfiguring Trusted Extensions
- initial setup team responsibilitiesInitial Setup Team Responsibilities
- labeled zonesCreating Labeled Zones
- LDAPConfiguring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System
- reboot to activate labelsLog In to Trusted Extensions
- remote systemsRemote Administration in Trusted Extensions
- task mapsConfiguration Roadmap for Trusted Extensions
- troubleshootingTroubleshooting Your Trusted Extensions Configuration
- Trusted Extensions menu
- Assume RoleHow to Enter the Global Zone in Trusted Extensions
- Trusted Extensions network
- adding zone-specific nscd daemonHow to Configure a Separate Name Service for
Each Labeled Zone
- enabling IPv6 for CIPSO packetsHow to Configure an IPv6 CIPSO Network in Trusted Extensions
- planningPlanning Your Trusted Network
- removing zone-specific nscd daemonRemoving a Name Service Cache From Each Labeled Zone
- trusted grab
- key combinationHow to Regain Control of the Desktop's
Current Focus
- trusted network
- 0.0.0.0/0 wildcard addressHow to Limit the Hosts That Can Be Contacted on the Trusted Network
- 0.0.0.0 tnrhdb entryHow to Limit the Hosts That Can Be Contacted on the Trusted Network
- conceptsTrusted Networking
- default labelingTrusted Extensions Accreditation Checks
- example of routingGateways in Trusted Extensions
- host typesHost Type and Template Name in Security Templates
- labels and MAC enforcementAbout the Trusted Network
- using templatesCreating Security Templates
- Trusted Path
- Device ManagerDevice Manager GUI
- trusted path attribute
- when availableRoles and Trusted Extensions
- trusted programs
- addingDeveloper Responsibilities When Creating Trusted
Programs
- definedEvaluating Software for Security
- trusted stripe
- moving panels to bottom of screenHow to Move Desktop Panels to the Bottom
of the Screen
- on multiheaded systemMultiheaded Systems and the Trusted Extensions Desktop
- warping pointer toForcing the Pointer to the Trusted Stripe
- TrustedExtensionsPolicy file
- descriptionUnique Trusted Extensions Security Features
- trustworthy programsEvaluating Software for Security
- tsol_separator.ps file
- configurable valuestsol_separator.ps Configuration
File
- customizing labeled printingLabeled Printer Output
- tsoljdsselmgr applicationRules When Changing the Level of Security
for Data
- txzonemgr scriptHow to Display Ready or Running Zones
- –c optionHow to Create a Default Trusted Extensions System
U
- /usr/bin/tsoljdsselmgr applicationRules When Changing the Level of Security
for Data
- /usr/lib/cups/filter/tsol_separator.ps fileLabeled Printer Output
- /usr/local/scripts/getmounts scriptHow to Display the Labels of Mounted
Files
- /usr/sbin/txzonemgr script
- How to Display Ready or Running Zones
- Zone Administration Utilities in Trusted Extensions
- Trusted Extensions Administrative
Tools
- How to Create a Default Trusted Extensions System
- /usr/share/gnome/sel_config filesel_config File
- unlabeled printing
- configuringReducing Printing Restrictions in Trusted Extensions
- updatehome command.copy_files and .link_files Files
- Upgrade DragNDrop or CutPaste Info authorizationHow to Create a Rights Profile for Convenient Authorizations
- Upgrade File Label authorizationHow to Create a Rights Profile for Convenient Authorizations
- upgrading labels
- configuring rules for selection confirmersel_config File
- useradd commandUsing the useradd Command to Create a Local User
- users
- accessing devices
- Device Protection With Trusted Extensions Software
- Device Protection With Trusted Extensions Software
- accessing printersLabels, Printers, and Printing
- adding local user with useraddUsing the useradd Command to Create a Local User
- assigning authorizations toSecurity Attribute Assignment to Users
in Trusted Extensions
- assigning labelsSecurity Attribute Assignment to Users
in Trusted Extensions
- assigning passwordsSecurity Attribute Assignment to Users
in Trusted Extensions
- assigning rightsSecurity Attribute Assignment to Users
in Trusted Extensions
- assigning roles toSecurity Attribute Assignment to Users
in Trusted Extensions
- authorizations forHow to Create a Rights Profile for Convenient Authorizations
- Change Password menu itemUnique Trusted Extensions Security Features
- Change Workspace Label menu itemUnique Trusted Extensions Security Features
- changing default privilegesSecurity Attribute Assignment to Users
in Trusted Extensions
- creatingAdministrator Responsibilities
for Users
- creating initial usersHow to Create Users Who Can Assume Roles in Trusted Extensions
- customizing environmentCustomizing the User Environment for Security
- deletion precautionsUser Deletion Practices
- labels of processesSession Range
- logging in to a failsafe sessionHow to Log In to a Failsafe Session
in Trusted Extensions
- modifying security defaultsHow to Modify Default User Label Attributes
- modifying security defaults for all usersHow to Modify policy.conf Defaults
- planning forDecisions to Make Before Creating
Users in Trusted Extensions
- preventing account lockingHow to Prevent Account Locking
for Users
- preventing from seeing others' processesModifying Every User's Basic Privilege Set
- printingLabels, Printers, and Printing
- removing some privilegesHow to Restrict a User's Set of
Privileges
- restoring control of desktop focusHow to Regain Control of the Desktop's
Current Focus
- security precautionsGroup Administration Practices
- security training
- Enforcement of Device Security in Trusted Extensions
- Group Administration Practices
- Security Requirements Enforcement
- Selection Manager dialog boxUnique Trusted Extensions Security Features
- session rangeSession Range
- setting up skeleton directoriesHow to Configure Startup Files for Users
in Trusted Extensions
- startup filesHow to Configure Startup Files for Users
in Trusted Extensions
- TrustedExtensionsPolicy fileUnique Trusted Extensions Security Features
- using .copy_files fileHow to Configure Startup Files for Users
in Trusted Extensions
- using .link_files fileHow to Configure Startup Files for Users
in Trusted Extensions
- using devicesUsing Devices in Trusted Extensions Task Map
- Using Devices in Trusted Extensions (Task Map)Using Devices in Trusted Extensions Task Map
- utadm command
- default Sun Ray server configurationConfiguring a Valid Initial Address for a Labeled Sun Ray Server
V
- verifying
- interface is upHow to Verify That a System's Interfaces
Are Up
- label_encodings fileHow to Check and Install Your Label Encodings
File
- roles are workingHow to Verify That the Trusted Extensions Roles
Work
- viewing Seeaccessing
- Vino
- sharing desktopsUsing Vino to Share a Desktop in a Test Environment
- virtual network computing (VNC) SeeXvnc systems running Trusted Extensions
W
- well-formed labelsLabel Ranges
- wildcard address Seefallback mechanism
- wire labelLabels for IPsec-Protected Exchanges
- workspaces
- color changesHow to Enter the Global Zone in Trusted Extensions
- colors indicating label ofWhat Labels Protect and Where Labels Appear
- global zoneRoles in Trusted Extensions
X
- X audit classesTrusted Extensions Audit Classes
- xatom audit tokenxatom Token
- xcolormap audit tokenxcolormap Token
- xcursor audit tokenxcursor Token
- xfont audit tokenxfont Token
- xgc audit tokenxgc Token
- xpixmap audit tokenxpixmap Token
- xproperty audit tokenxproperty Token
- xselect audit tokenxselect Token
- Xvnc
- accessing multilevel remotelyHow to Configure a Trusted Extensions System With Xvnc for Remote Access
- Xvnc systems running Trusted Extensions
- remote access to
- How to Configure a Trusted Extensions System With Xvnc for Remote Access
- Methods for Administering Remote Systems in Trusted Extensions
- xwindow audit tokenxwindow Token
Z
- zenity scriptHow to Create a Default Trusted Extensions System
- ZFS
- adding dataset to labeled zoneHow to Share a ZFS Dataset From
a Labeled Zone
- fast zone creation methodZone Creation in Trusted Extensions
- mounting dataset read-write on labeled zoneHow to Share a ZFS Dataset From
a Labeled Zone
- mounting datasets in Trusted ExtensionsMount Possibilities in Trusted Extensions
- multilevel datasets
- Mount Possibilities in Trusted Extensions
- How to Create and Share a Multilevel Dataset
- viewing mounted dataset read-only from higher-level zoneSharing and Mounting a ZFS Dataset From Labeled Zones
- zones
- adding nscd daemon to each labeled zoneHow to Configure a Separate Name Service for
Each Labeled Zone
- administeringManaging Zones
- creating MLPHow to Create a Multilevel Port
for a Zone
- creating MLP for NFSv3Configuring a Private Multilevel Port for NFSv3 Over udp
- creating secondaryHow to Create a Secondary Labeled Zone
- deciding creation methodPlanning Your Labeled Zones in Trusted Extensions
- deletingHow to Remove Trusted Extensions From the System
- displaying labels of file systemsDisplaying the Labels of File Systems in the restricted Zone
- displaying statusHow to Display Ready or Running Zones
- enabling login toHow to Enable Users to Log In to a Labeled
Zone
- for isolating labeled servicesHow to Create a Secondary Labeled Zone
- globalZones in Trusted Extensions
- global zone processes andGlobal Zone Processes and Labeled
Zones
- immutable and Trusted ExtensionsCreating Labeled Zones
- in Trusted ExtensionsManaging Zones in Trusted Extensions
- kernel and Trusted ExtensionsCreating Labeled Zones
- managingManaging Zones in Trusted Extensions
- net_mac_aware privilegeHow to NFS Mount Files in a Labeled Zone
- primaryPrimary and Secondary Labeled
Zones
- removing nscd daemon from labeled zonesRemoving a Name Service Cache From Each Labeled Zone
- secondaryPrimary and Secondary Labeled
Zones
- specifying labelsHow to Create Labeled Zones Interactively
- specifying namesHow to Create Labeled Zones Interactively
- txzonemgr scriptHow to Create a Default Trusted Extensions System