Introduction

1

The Solaris^(R) SHIELD^(TM) Basic Security Module (BSM) provides the security features defined as C2 in the Trusted Computer System Evaluation Criteria (TCSEC). The features provided by the BSM are the security auditing subsystem and a device allocation mechanism that provides the required object reuse characteristics for removable or assignable devices. C2 discretionary access control and identification and authentication features are provided by the standard Solaris system.

Enabling and disabling the BSM is described in Chapter 2, Installation. Topics covered include how to enable Solaris to use these additional security features, and how clients and servers interact in an enabled environment.

System management and configuration of the auditing subsystem are described in Chapter 3, Administering Auditing. Topics discussed include managing audit trail storage, determining global and per-user preselection, and setting site-specific configuration options.

Audit Trial analysis and post-processing is described in Chapter 4, Audit Trail Analysis. Topics discussed include overall audit record structure and formats, the praudit(1M) audit trail printing utility, and the auditreduce(1M) audit record selection and merging utility.

The allocation mechanism for removable or assignable devices is described in Chapter 5, Device Allocation. Topics discussed include setting up and administering allocatable device files and use of the allocate mechanism by non-privileged users.

Appendix A, Audit Record Descriptions, describes in detail the content of the audit records generated.

Appendix B, BSM Man Pages lists and describes the man pages added for the Solaris SHIELD Basic Security Module.