Preparing an Oracle Solaris System and Adding Trusted Extensions

The choice of Oracle Solaris installation options can affect the use and security of Trusted Extensions:

To properly support Trusted Extensions, you must install the underlying Oracle Solaris OS securely. For Oracle Solaris installation choices that affect Trusted Extensions, see Install an Oracle Solaris System Securely.
If you have been using the Oracle Solaris OS, check your current configuration against the requirements for Trusted Extensions. For factors that affect Trusted Extensions, see Prepare an Installed Oracle Solaris System for Trusted Extensions.

Install an Oracle Solaris System Securely

This task applies to fresh installations of Oracle Solaris. If you are upgrading, see Prepare an Installed Oracle Solaris System for Trusted Extensions.

When installing the Oracle Solaris OS, create a user account and the root role account.
In Trusted Extensions, you use the root role, as well as roles that you create, to configure the system.
When you first log in to Oracle Solaris, assign a password to the root role account.
1. Open a terminal window.
2. Assume the root role.
  At the prompt, provide a password that is different from your user account password.
```
% su -
Your password has expired. Create a new password.
Enter new password: Type a password for root
Retype the password: Retype the root password
#
```
  Assign a password of at least six alphanumeric characters. The password must be difficult to guess, thus reducing the chance of an adversary gaining unauthorized access by attempting to guess passwords.

Next Steps

This task applies to Oracle Solaris systems that have been in use, and on which you plan to run Trusted Extensions.

Before You Begin

You must be in the root role in the global zone.

If non-global zones are installed on your system, remove them.
The Trusted Extensions labeled brand is an exclusive brand of zones. Refer to the brands(5) and trusted_extensions(5) man pages.
If your system does not have a root password, create one.
Note - Users must not disclose their passwords to another person, as that person might then have access to the data of the user and will not be uniquely identified or accountable. Note that disclosure can be direct, through the user deliberately disclosing her/his password to another person, or indirect, for example, through writing it down, or choosing an insecure password. Oracle Solaris provides protection against insecure passwords, but cannot prevent a user from disclosing her or his password, or from writing it down.

Next Steps

Before You Begin

You must be assigned the Software Installation rights profile.

After logging in as the initial user, assume the root role in a terminal window.
```
% su -
Enter Password: Type root password
#
```
Download and install the Trusted Extensions package.
Use either the command line or the Package Manager GUI.
- In the terminal window, use the pkg install command.
```
$ pkg install system/trusted/trusted-extensions
```
  To install trusted locales, specify the short name for the locale. For example, the following command installs the Japanese locale:
```
$ pkg install system/trusted/locale/ja &
```
- In the terminal window, start the Package Manager GUI.
```
$ packagemanager &
```
  1. Select the Trusted Extensions packages.
    1. Show the categories in the Desktop (GNOME) category.
    2. Select the Trusted Extensions category.
    3. In the list of packages, click the checkbox for trusted-extensions.
    4. (Optional) In the list of packages, click the checkbox for any locales that you want to install.
  2. To add the packages, click the Install/Update icon.

Skip Navigation Links
Exit Print View
	Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library