Skip Navigation Links | |
Exit Print View | |
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions
14. Managing and Mounting Files in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
The following list summarizes what is required to enable and configure Trusted Extensions at your site. Tasks that are covered elsewhere are cross-referenced.
Read.
Read the first five chapters of Part II, Administration of Trusted Extensions.
Understand site security requirements.
Prepare.
Decide the root password.
Decide the PROM or BIOS security level.
Decide the PROM or BIOS password.
Decide if attached peripherals are permitted.
Decide if access to remote printers is permitted.
Decide if access to unlabeled networks is permitted.
Enable Trusted Extensions. See Enabling the Trusted Extensions Service and Logging In.
Install the Oracle Solaris OS.
Load the Trusted Extensions packages.
Enable svc:/system/labeld, the Trusted Extensions service.
Reboot.
(Optional) Customize the global zone. See Setting Up the Global Zone in Trusted Extensions.
If using a DOI different from 1, set the DOI in the /etc/system file and in every security template.
Verify and install your site's label_encodings file.
Reboot.
Add labeled zones. See Creating Labeled Zones.
Configure two labeled zones automatically.
Configure your labeled zones manually.
Create labeled workspace.
Configure the LDAP naming service. See Chapter 5, Configuring LDAP for Trusted Extensions (Tasks).
Create either a Trusted Extensions proxy server or a Trusted Extensions LDAP server. The files naming service requires no configuration.
Configure interfaces and routing for the global zone and for labeled zones. See Configuring the Network Interfaces in Trusted Extensions.
Configure the network. See Labeling Hosts and Networks (Tasks).
Identify single-label hosts and limited-range hosts.
Determine the labels to apply to incoming data from unlabeled hosts.
Customize the security templates.
Assign individual hosts to security templates.
Assign subnets to security templates.
Perform further configurations.
Configure network connections for LDAP.
Assign the LDAP server or proxy server to the cipso host type in all security templates.
Assign LDAP clients to the cipso host type in all security templates.
Make the local system a client of the LDAP server.
Configure local users and local administrative roles. See Creating Roles and Users in Trusted Extensions.
Create the Security Administrator role.
Create a local user who can assume the Security Administrator role.
Create other roles and possibly other local users to assume these roles.
Create home directories at every label that the user can access. See Creating Centralized Home Directories in Trusted Extensions.
Create home directories on an NFS server.
Create local ZFS home directories that can be encrypted.
(Optional) Prevent users from reading their lower-level home directories.
Configure printing. See Configuring Labeled Printing (Task Map).
Configure devices. See Handling Devices in Trusted Extensions (Task Map).
Assign the Device Management profile or the System Administrator profile to a role.
To make devices usable, do one of the following:
Per system, make devices allocatable.
Assign the Allocate Device authorization to selected users and roles.
Configure Oracle Solaris features.
Configure auditing.
Configure system security values.
Enable particular LDAP clients to administer LDAP.
Configure users in LDAP.
Configure network roles in LDAP.
Mount and share file systems. See Chapter 14, Managing and Mounting Files in Trusted Extensions.