|
|  以 PDF 格式下載這本書 (2609 KB)
| | | |
| Numbers and Symbols |
|
| -o nobanner option to lp command (  ) |
| | | |
| A |
|
| access, See computer access |
|
| access policy |
| | devices ( ) |
| | Discretionary Access Control (DAC) ( ) ( ) |
| | Mandatory Access Control (MAC) ( ) |
|
| accessing |
| | Admin Editor action ( ) |
| | administrative tools ( ) |
| | audit records by label ( ) |
| | devices ( ) |
| | global zone ( ) |
| | home directories ( ) |
| | printers ( ) |
| | remote multilevel desktop ( ) |
| | Solaris Management Console ( ) |
| | trusted CDE actions ( ) |
| | ZFS dataset mounted in lower-level zone from higher-level zone ( ) |
|
| account locking, preventing ( ) |
|
| accounts |
| | See roles | |
| | See also users | |
|
| accreditation checks ( ) |
|
| accreditation ranges, label_encodings file ( ) |
|
| actions |
| | See also individual actions by name | |
| | adding new Trusted CDE actions ( ) |
| | Admin Editor ( ) |
| | Device Allocation Manager ( ) |
| | list of trusted CDE ( ) |
| | Name Service Switch ( ) |
| | Print Manager ( ) |
| | restricted by rights profiles ( ) |
| | use differences between CDE and Trusted CDE ( ) |
|
| add_allocatable command ( ) |
|
| Add Allocatable Device action ( ) |
|
| Admin Editor action ( ) |
| | opening ( ) |
|
| ADMIN_HIGH label ( ) |
|
| ADMIN_LOW label |
| | lowest label ( ) |
| | protecting administrative files ( ) |
|
| administering |
| | account locking ( ) |
| | assigning device authorizations ( ) |
| | audio device to play music ( ) |
| | auditing in Trusted Extensions ( ) |
| | changing label of information ( ) |
| | convenient authorizations for users ( ) |
| | device allocation ( ) |
| | device authorizations ( ) |
| | devices ( ) ( ) |
| | file systems |
| | | mounting ( ) |
| | | overview ( ) |
| | | troubleshooting ( ) |
| | files |
| | | backing up ( ) |
| | | restoring ( ) |
| | from the global zone ( ) |
| | hiding labels from users ( ) |
| | labeled printing ( ) |
| | LDAP ( ) |
| | mail ( ) |
| | multilevel ports ( ) |
| | network in Trusted Extensions ( ) |
| | network of users ( ) |
| | PostScript printing ( ) |
| | printing in Trusted Extensions ( ) |
| | printing interoperability with Trusted Solaris 8 ( ) |
| | quick reference for administrators ( ) |
| | remote host database ( ) |
| | remote host templates ( ) |
| | remotely ( ) |
| | remotely from command line ( ) |
| | remotely with dtappsession ( ) |
| | remotely with Solaris Management Console ( ) ( ) |
| | routes with security attributes ( ) |
| | serial line for login ( ) |
| | sharing file systems ( ) |
| | startup files for users ( ) |
| | Sun Ray printing ( ) |
| | system files ( ) |
| | third-party software ( ) |
| | timeout when relabeling information ( ) |
| | trusted network databases ( ) |
| | trusted networking ( ) |
| | unlabeled printing ( ) |
| | user privileges ( ) |
| | users ( ) ( ) |
| | zones ( ) |
| | zones from Trusted JDS ( ) |
|
| Administering Trusted Extensions Remotely (Task Map) ( ) |
|
| administrative actions |
| | See also actions | |
| | accessing ( ) |
| | in CDE ( ) |
| | in Trusted_Extensions folder ( ) |
| | list of trusted CDE ( ) |
| | naming services ( ) |
| | starting remotely ( ) ( ) |
| | trusted ( ) |
|
| administrative labels ( ) |
|
| administrative roles, See roles |
|
| Administrative Roles tool ( ) |
|
| administrative tools |
| | accessing ( ) |
| | commands ( ) |
| | description ( ) |
| | Device Allocation Manager ( ) |
| | in Trusted_Extensions folder ( ) |
| | label builder ( ) |
| | Labeled Zone Manager ( ) |
| | Solaris Management Console ( ) ( ) |
| | Trusted CDE actions ( ) |
| | txzonemgr script ( ) |
|
| allocate command ( ) |
|
| Allocate Device authorization ( ) ( ) ( ) ( ) |
|
| allocate error state, correcting ( ) |
|
| allocating, using Device Allocation Manager ( ) |
|
| Always Print Banner checkbox ( ) |
|
| applications |
| | evaluating for security ( ) |
| | installing ( ) |
| | trusted and trustworthy ( ) |
|
| assigning |
| | editor as the trusted editor ( ) |
| | privileges to users ( ) |
| | rights profiles ( ) |
|
| Assume Role menu item ( ) |
|
| assuming, roles ( ) |
|
| atohexlabel command ( ) ( ) |
|
| audio devices |
| | automatically starting an audio player ( ) |
| | preventing remote allocation ( ) |
|
| audit_class file, action for editing ( ) |
|
| Audit Classes action ( ) |
|
| audit classes for Trusted Extensions, list of new X audit classes ( ) |
|
| Audit Control action ( ) |
|
| audit_control file, action for editing ( ) |
|
| audit_event file ( ) |
|
| Audit Events action ( ) |
|
| audit events for Trusted Extensions, list of ( ) |
|
| audit policy in Trusted Extensions ( ) |
|
| audit records in Trusted Extensions, policy ( ) |
|
| Audit Review profile, reviewing audit records ( ) |
|
| Audit Startup action ( ) |
|
| audit_startup command, action for editing ( ) |
|
| Audit Tasks of the System Administrator ( ) |
|
| audit tokens for Trusted Extensions |
| | label token ( ) |
| | list of ( ) |
| | xatom token ( ) |
| | xclient token ( ) |
| | xcolormap token ( ) |
| | xcursor token ( ) |
| | xfont token ( ) |
| | xgc token ( ) |
| | xpixmap token ( ) |
| | xproperty token ( ) |
| | xselect token ( ) |
| | xwindow token ( ) |
|
| auditconfig command ( ) |
|
| auditing in Trusted Extensions |
| | additional audit events ( ) |
| | additional audit policies ( ) |
| | additional audit tokens ( ) |
| | additions to existing auditing commands ( ) |
| | differences from Solaris auditing ( ) |
| | reference ( ) |
| | roles for administering ( ) |
| | security administrator tasks ( ) |
| | system administrator tasks ( ) |
| | tasks ( ) |
| | X audit classes ( ) |
|
| auditreduce command ( ) |
|
| authorizations |
| | adding new device authorizations ( ) |
| | Allocate Device ( ) ( ) ( ) |
| | assigning ( ) |
| | assigning device authorizations ( ) |
| | authorizing a user or role to change label ( ) |
| | Configure Device Attributes ( ) |
| | convenient for users ( ) |
| | creating customized device authorizations ( ) |
| | creating local and remote device authorizations ( ) |
| | customizing for devices ( ) |
| | granted ( ) |
| | Print Postscript ( ) |
| | Print PostScript ( ) |
| | profiles that include device allocation authorizations ( ) |
| | Revoke or Reclaim Device ( ) ( ) |
| | solaris.print.nobanner ( ) |
| | solaris.print.ps ( ) |
|
| authorizing |
| | device allocation ( ) |
| | PostScript printing ( ) |
| | unlabeled printing ( ) |
|
| automount command ( ) |
| | | |
| B |
|
| Backing Up, Sharing, and Mounting Labeled Files (Task Map) ( ) |
|
| banner pages |
| | description of labeled ( ) |
| | difference from trailer page ( ) |
| | printing without labels ( ) |
| | typical ( ) |
|
| body pages |
| | description of labeled ( ) |
| | unlabeled for all users ( ) |
| | unlabeled for specific users ( ) |
| | | |
| C |
|
| cascade printing ( ) |
|
| CD-ROM drives |
| | accessing ( ) |
| | playing music automatically ( ) |
|
| CDE actions, See actions |
|
| Change Password menu item |
| | description ( ) |
| | using to change root password ( ) |
|
| changing |
| | IDLETIME keyword ( ) |
| | labels by authorized users ( ) |
| | rules for label changes ( ) |
| | security level of data ( ) |
| | Selection Confirmer defaults ( ) |
| | system security defaults ( ) |
| | user privileges ( ) |
|
| Check Encodings action ( ) |
|
| Check TN Files action ( ) |
|
| chk_encodings command ( ) |
| | action for invoking ( ) |
|
| choosing, See selecting |
|
| classification label component ( ) |
|
| clearances, label overview ( ) |
|
| Clone Zone action ( ) |
|
| colors, indicating label of workspace ( ) |
|
| commands |
| | executing with privilege ( ) |
| | troubleshooting networking ( ) |
| | trusted_edit trusted editor ( ) |
|
| commercial applications, evaluating ( ) |
|
| Common Tasks in Trusted Extensions (Task Map) ( ) |
|
| compartment label component ( ) |
|
| component definitions, label_encodings file ( ) |
|
| computer access |
| | administrator responsibilities ( ) |
| | restricting ( ) |
|
| Computers and Networks tool |
| | adding known hosts ( ) ( ) |
| | modifying tnrhdb database ( ) |
|
| Computers and Networks tool set ( ) |
|
| Configure Device Attributes authorization ( ) |
|
| Configure Selection Confirmation action ( ) |
|
| Configure Zone action ( ) |
|
| configuring |
| | audio device to play music ( ) |
| | auditing ( ) |
| | authorizations for devices ( ) |
| | devices ( ) |
| | labeled printing ( ) |
| | routes with security attributes ( ) |
| | serial line for login ( ) |
| | startup files for users ( ) |
| | trusted network ( ) |
|
| Configuring Labeled Printing (Task Map) ( ) |
|
| Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) ( ) |
|
| Configuring Trusted Network Databases (Task Map) ( ) |
|
| controlling, See restricting |
|
| .copy_files file |
| | description ( ) |
| | setting up for users ( ) ( ) |
| | startup file ( ) |
|
| Copy Zone action ( ) |
|
| Create LDAP Client action ( ) |
|
| creating |
| | authorizations for devices ( ) |
| | home directories ( ) |
|
| customizing |
| | device authorizations ( ) |
| | label_encodings file ( ) |
| | unlabeled printing ( ) |
| | user accounts ( ) |
|
| Customizing Device Authorizations in Trusted Extensions (Task Map) ( ) |
|
| Customizing User Environment for Security (Task Map) ( ) |
|
| cut and paste, and labels ( ) |
|
| cutting and pasting, configuring rules for label changes ( ) |
| | | |
| D |
|
| DAC, See discretionary access control (DAC) |
|
| databases |
| | devices ( ) |
| | in LDAP ( ) |
| | trusted network ( ) |
|
| datasets, See ZFS |
|
| deallocate command ( ) |
|
| deallocating, forcing ( ) |
|
| debugging, See troubleshooting |
|
| desktops |
| | accessing multilevel remotely ( ) |
| | logging in to a failsafe session ( ) |
| | workspace color changes ( ) |
|
| /dev/kmem kernel image file, security violation ( ) |
|
| developer responsibilities ( ) |
|
| device allocation |
| | authorizing ( ) |
| | overview ( ) |
| | preventing File Manager display ( ) |
| | profiles that include allocation authorizations ( ) |
|
| Device Allocation Manager |
| | administrative tool ( ) |
| | description ( ) |
| | use by administrators ( ) |
|
| device-clean scripts |
| | adding to devices ( ) |
| | requirements ( ) |
|
| device databases, action for editing ( ) |
|
| devices |
| | access policy ( ) |
| | accessing ( ) |
| | adding customized authorizations ( ) |
| | adding device_clean script ( ) |
| | administering ( ) |
| | administering with Device Allocation Manager ( ) |
| | allocating ( ) |
| | automatically starting an audio player ( ) |
| | configuring devices ( ) |
| | configuring serial line ( ) |
| | creating new authorizations ( ) |
| | in Trusted Extensions ( ) |
| | policy defaults ( ) |
| | preventing remote allocation of audio ( ) |
| | protecting ( ) |
| | protecting nonallocatable ( ) |
| | reclaiming ( ) |
| | setting label range for nonallocatable ( ) |
| | setting policy ( ) |
| | setting up audio ( ) |
| | troubleshooting ( ) |
| | using ( ) |
|
| dfstab file |
| | action for editing ( ) |
| | for public zone ( ) |
|
| differences |
| | administrative interfaces in Trusted Extensions ( ) |
| | between Trusted Extensions and Solaris auditing ( ) |
| | between Trusted Extensions and Solaris OS ( ) |
| | defaults in Trusted Extensions ( ) |
| | extending Solaris interfaces ( ) |
| | limited options in Trusted Extensions ( ) |
|
| directories |
| | accessing lower-level ( ) |
| | authorizing a user or role to change label of ( ) |
| | mounting ( ) |
| | sharing ( ) |
|
| discretionary access control (DAC) ( ) |
|
| diskettes, accessing ( ) |
|
| displaying |
| | labels of file systems in labeled zone ( ) |
| | status of every zone ( ) |
|
| DOI, remote host templates ( ) |
|
| dominance of labels ( ) |
|
| Downgrade DragNDrop or CutPaste Info authorization ( ) |
|
| Downgrade File Label authorization ( ) |
|
| downgrading labels, configuring rules for selection confirmer ( ) |
|
| DragNDrop or CutPaste without viewing contents authorization ( ) |
|
| dtappsession command ( ) |
|
| dtsession command, running updatehome ( ) |
|
| dtterm terminal, forcing the sourcing of .profile ( ) |
|
| dtwm command ( ) |
| | | |
| E |
|
| Edit Encodings action ( ) |
|
| editing |
| | system files ( ) |
| | using trusted editor ( ) |
|
| enabling |
| | DOI different from 1 ( ) |
| | keyboard shutdown ( ) |
|
| /etc/default/kbd file, how to edit ( ) |
|
| /etc/default/login file, how to edit ( ) |
|
| /etc/default/passwd file, how to edit ( ) |
|
| /etc/default/print file ( ) |
|
| /etc/dfs/dfstab file ( ) |
|
| /etc/dfs/dfstab file for public zone ( ) |
|
| /etc/dt/config/sel_config file ( ) ( ) |
|
| /etc/hosts file ( ) ( ) |
|
| /etc/motd file, action for editing ( ) |
|
| /etc/nsswitch.conf file ( ) |
|
| /etc/resolv.conf file ( ) |
|
| /etc/rmmount.conf file ( ) ( ) |
|
| /etc/security/audit_class file ( ) |
|
| /etc/security/audit_control file ( ) |
|
| /etc/security/audit_event file ( ) |
|
| /etc/security/audit_startup file ( ) |
|
| /etc/security/policy.conf file |
| | defaults ( ) |
| | enabling PostScript printing ( ) |
| | how to edit ( ) |
| | modifying ( ) |
|
| /etc/security/tsol/label_encodings file ( ) |
|
| evaluating programs for security ( ) |
|
| exporting, See sharing |
| | | |
| F |
|
| failsafe session, logging in ( ) |
|
| fallback mechanism |
| | for remote hosts ( ) |
| | in tnrhdb ( ) |
| | using for network configuration ( ) |
|
| File Manager, preventing display after device allocation ( ) |
|
| file systems |
| | mounting in global and labeled zones ( ) |
| | NFS mounts ( ) |
| | NFSv3 ( ) |
| | sharing ( ) |
| | sharing in global and labeled zones ( ) |
|
| files |
| | accessing from dominating labels ( ) |
| | authorizing a user or role to change label of ( ) |
| | backing up ( ) |
| | .copy_files ( ) ( ) ( ) |
| | editing with trusted editor ( ) |
| | /etc/default/kbd ( ) |
| | /etc/default/login ( ) |
| | /etc/default/passwd ( ) |
| | /etc/default/print ( ) |
| | /etc/dfs/dfstab ( ) |
| | /etc/dt/config/sel_config ( ) |
| | /etc/motd ( ) |
| | /etc/nsswitch.conf ( ) |
| | /etc/resolv.conf ( ) |
| | /etc/rmmount.conf ( ) |
| | /etc/security/audit_class ( ) |
| | /etc/security/audit_control ( ) |
| | /etc/security/audit_event ( ) |
| | /etc/security/audit_startup ( ) |
| | /etc/security/policy.conf ( ) ( ) ( ) |
| | /etc/security/tsol/label_encodings ( ) |
| | getmounts ( ) |
| | getzonelabels ( ) |
| | .gtkrc-mine ( ) |
| | .link_files ( ) ( ) ( ) |
| | loopback mounting ( ) |
| | office-install-directory/VCL.xcu ( ) |
| | policy.conf ( ) |
| | PostScript ( ) |
| | preventing access from dominating labels ( ) |
| | relabeling privileges ( ) |
| | restoring ( ) |
| | sel_config file ( ) |
| | startup ( ) |
| | /usr/dt/config/sel_config ( ) ( ) |
| | /usr/lib/lp/postscript/tsol_separator.ps ( ) |
| | /usr/sbin/txzonemgr ( ) ( ) |
| | VCL.xcu ( ) |
|
| files and file systems |
| | mounting ( ) |
| | naming ( ) |
| | sharing ( ) |
|
| finding |
| | label equivalent in hexadecimal ( ) |
| | label equivalent in text format ( ) |
|
| Firefox, lengthening timeout when relabeling ( ) |
|
| floppies, See diskettes |
|
| floppy disks, See diskettes |
|
| Front Panel, Device Allocation Manager ( ) |
| | | |
| G |
|
| gateways |
| | accreditation checks ( ) |
| | example of ( ) |
|
| getlabel command ( ) |
|
| getmounts script ( ) |
|
| Getting Started as a Trusted Extensions Administrator (Task Map) ( ) |
|
| getzonelabels script ( ) |
|
| getzonepath command ( ) |
|
| global zone |
| | difference from labeled zones ( ) |
| | entering ( ) |
| | exiting ( ) |
| | remote login by users ( ) |
|
| GNOME ToolKit (GTK) library, lengthening timeout when relabeling ( ) |
|
| groups |
| | deletion precautions ( ) |
| | security requirements ( ) |
|
| .gtkrc-mine file ( ) |
| | | |
| H |
|
| Handling Devices in Trusted Extensions (Task Map) ( ) |
|
| Handling Other Tasks in the Solaris Management Console (Task Map) ( ) |
|
| hextoalabel command ( ) ( ) |
|
| hiding labels from users ( ) |
|
| home directories |
| | accessing ( ) |
| | creating ( ) |
|
| host types |
| | networking ( ) ( ) |
| | remote host templates ( ) |
| | table of templates and protocols ( ) |
|
| hosts |
| | assigning a template ( ) ( ) |
| | assigning to security template ( ) |
| | entering in network files ( ) |
| | networking concepts ( ) |
|
| hot key, regaining control of desktop focus ( ) |
| | | |
| I |
|
| icon visibility |
| | in the File Manager ( ) |
| | in the Workspace Menu ( ) |
|
| IDLECMD keyword, changing default ( ) |
|
| IDLETIME keyword, changing default ( ) |
|
| ifconfig command ( ) ( ) |
|
| importing, software ( ) |
|
| Initialize Zone for LDAP action ( ) |
|
| Install Zone action ( ) |
|
| interfaces |
| | assigning to security template ( ) |
| | verifying they are up ( ) |
|
| internationalizing, See localizing |
|
| interoperability, Trusted Solaris 8 and printing ( ) |
|
| IP addresses |
| | fallback mechanism in tnrhdb ( ) |
| | in tnrhdb database ( ) |
| | in tnrhdb file ( ) |
| | | |
| J |
|
| Java archive (JAR) files, installing ( ) |
| | | |
| K |
|
| key combinations, testing if grab is trusted ( ) |
|
| keyboard shutdown, enabling ( ) |
|
| kmem kernel image file ( ) |
| | | |
| L |
|
| label audit token ( ) |
|
| label_encodings file |
| | action for editing and checking ( ) |
| | contents ( ) |
| | reference for labeled printing ( ) |
| | source of accreditation ranges ( ) |
|
| label ranges |
| | restricting printer label range ( ) |
| | setting on frame buffers ( ) |
| | setting on printers ( ) |
|
| labeled printing |
| | banner pages ( ) |
| | body pages ( ) |
| | PostScript files ( ) |
| | removing label ( ) |
| | removing PostScript restriction ( ) |
| | Sun Ray clients ( ) |
| | without banner page ( ) ( ) |
|
| labeled zones, See zones |
|
| labels |
| | See also label ranges | |
| | authorizing a user or role to change label of data ( ) |
| | classification component ( ) |
| | compartment component ( ) |
| | configuring rules for label changes ( ) |
| | default in remote host templates ( ) |
| | described ( ) |
| | determining text equivalents ( ) |
| | displaying in hexadecimal ( ) |
| | displaying labels of file systems in labeled zone ( ) |
| | dominance ( ) |
| | downgrading and upgrading ( ) |
| | hiding from users ( ) |
| | of processes ( ) |
| | of user processes ( ) |
| | on printer output ( ) |
| | overview ( ) |
| | printing without page labels ( ) |
| | relationships ( ) |
| | repairing in internal databases ( ) |
| | troubleshooting ( ) |
| | well-formed ( ) |
|
| LDAP |
| | action for creating global zone clients ( ) |
| | displaying entries ( ) |
| | naming service for Trusted Extensions ( ) |
| | starting ( ) |
| | stopping ( ) |
| | troubleshooting ( ) |
| | Trusted Extensions databases ( ) |
|
| lengthening timeout, for relabeling ( ) |
|
| limiting, defined hosts on the network ( ) |
|
| .link_files file |
| | description ( ) |
| | setting up for users ( ) |
| | startup file ( ) |
|
| list_devices command ( ) |
|
| localizing, changing labeled printer output ( ) |
|
| login |
| | by roles ( ) |
| | configuring serial line ( ) |
| | remote by roles ( ) |
|
| logout, requiring ( ) |
| | | |
| M |
|
| MAC, See mandatory access control (MAC) |
|
| mail |
| | administering ( ) |
| | implementation in Trusted Extensions ( ) |
| | multilevel ( ) |
|
| man pages, quick reference for Trusted Extensions administrators ( ) |
|
| managing, See administering |
|
| Managing Devices in Trusted Extensions (Task Map) ( ) |
|
| Managing Printing in Trusted Extensions (Task Map) ( ) |
|
| Managing Software in Trusted Extensions (Tasks) ( ) |
|
| Managing Trusted Networking (Task Map) ( ) |
|
| Managing Users and Rights With the Solaris Management Console (Task Map) ( ) |
|
| Managing Zones (Task Map) ( ) |
|
| mandatory access control (MAC) |
| | enforcing on the network ( ) |
| | in Trusted Extensions ( ) |
|
| maximum labels, remote host templates ( ) |
|
| minimum labels, remote host templates ( ) |
|
| MLPs, See multilevel ports (MLPs) |
|
| modifying, sel_config file ( ) |
|
| motd file, action for editing ( ) |
|
| mounting |
| | file systems ( ) |
| | files by loopback mounting ( ) |
| | NFSv3 file systems ( ) |
| | overview ( ) |
| | troubleshooting ( ) |
| | ZFS dataset on labeled zone ( ) |
|
| Mozilla, lengthening timeout when relabeling ( ) |
|
| multiheaded system, trusted stripe ( ) |
|
| multilevel mounts, NFS protocol versions ( ) |
|
| multilevel ports (MLPs) |
| | administering ( ) |
| | example of NFSv3 MLP ( ) |
| | example of web proxy MLP ( ) |
|
| multilevel printing |
| | accessing by print client ( ) |
| | configuring ( ) |
| | Sun Ray clients ( ) |
| | | |
| N |
|
| Name Service Switch action ( ) ( ) |
|
| names of file systems ( ) |
|
| naming services |
| | actions for managing ( ) |
| | databases unique to Trusted Extensions ( ) |
| | LDAP ( ) |
|
| net_mac_aware privilege ( ) |
|
| netstat command ( ) ( ) ( ) |
|
| network, See trusted network |
|
| network databases |
| | action for checking ( ) |
| | description ( ) |
| | in LDAP ( ) |
|
| network packets ( ) |
|
| networking concepts ( ) |
|
| NFS mounts |
| | accessing lower-level directories ( ) |
| | in global and labeled zones ( ) |
|
| nonallocatable devices |
| | protecting ( ) |
| | setting label range ( ) |
|
| nsswitch.conf file, action for editing ( ) |
| | | |
| O |
|
| office-install-directory/VCL.xcu ( ) |
|
| OpenOffice, See StarOffice |
| | | |
| P |
|
| packages, accessing the media ( ) |
|
| passwords |
| | assigning ( ) |
| | Change Password menu item ( ) ( ) |
| | changing for root ( ) |
| | changing user passwords ( ) |
| | storage ( ) |
| | testing if password prompt is trusted ( ) |
|
| plabel command ( ) |
|
| policy.conf file |
| | changing defaults ( ) |
| | changing Trusted Extensions keywords ( ) |
| | defaults ( ) |
| | how to edit ( ) |
|
| PostScript |
| | enabling to print ( ) |
| | printing restrictions in Trusted Extensions ( ) |
|
| preventing, See protecting |
|
| Print Manager action, Always Print Banner checkbox ( ) |
|
| Print Postscript authorization ( ) ( ) ( ) |
|
| Print without Banner authorization ( ) ( ) |
|
| Print without Label authorization ( ) |
|
| printer output, See printing |
|
| printers, setting label range ( ) |
|
| printing |
| | adding conversion filters ( ) |
| | and label_encodings file ( ) |
| | authorizations for unlabeled output from a public system ( ) |
| | configuring for multilevel labeled output ( ) |
| | configuring for print client ( ) |
| | configuring for Sun Ray clients ( ) |
| | configuring labeled zone ( ) |
| | configuring labels and text ( ) |
| | configuring public print jobs ( ) |
| | in local language ( ) |
| | internationalizing labeled output ( ) |
| | interoperability with Trusted Solaris 8 ( ) |
| | labeling a Solaris print server ( ) |
| | localizing labeled output ( ) |
| | managing ( ) |
| | model scripts ( ) |
| | PostScript files ( ) |
| | PostScript restrictions in Trusted Extensions ( ) |
| | preventing labels on output ( ) |
| | public jobs from a Solaris print server ( ) |
| | removing PostScript restriction ( ) |
| | restricting label range ( ) |
| | using a Solaris print server ( ) |
| | without labeled banners and trailers ( ) ( ) |
| | without page labels ( ) ( ) |
|
| privileges |
| | changing defaults for users ( ) |
| | non-obvious reasons for requiring ( ) |
| | removing proc_info from basic set ( ) |
| | restricting users' ( ) |
| | when executing commands ( ) |
|
| proc_info privilege, removing from basic set ( ) |
|
| procedures, See tasks and task maps |
|
| processes |
| | labels of ( ) |
| | labels of user processes ( ) |
| | preventing users from seeing others' processes ( ) |
|
| profiles, See rights profiles |
|
| programs, See applications |
|
| protecting |
| | devices ( ) ( ) |
| | devices from remote allocation ( ) |
| | file systems by using non-proprietary names ( ) |
| | files at lower labels from being accessed ( ) |
| | from access by arbitrary hosts ( ) |
| | information with labels ( ) |
| | labeled hosts from contact by arbitrary unlabeled hosts ( ) |
| | nonallocatable devices ( ) |
| | | |
| R |
|
| real UID of root, required for applications ( ) |
|
| Reducing Printing Restrictions in Trusted Extensions (Task Map) ( ) |
|
| regaining control of desktop focus ( ) |
|
| regular users, See users |
|
| relabeling information ( ) |
|
| remote administration |
| | defaults ( ) |
| | methods ( ) |
|
| remote host templates |
| | assigning ( ) |
| | assigning to hosts ( ) |
| | creating ( ) |
| | tool for administering ( ) |
|
| remote hosts, using fallback mechanism in tnrhdb ( ) |
|
| Remote Login authorization ( ) |
|
| remote multilevel desktop, accessing ( ) |
|
| removable media, mounting ( ) |
|
| remove_allocatable command ( ) |
|
| removing, labels on printer output ( ) |
|
| repairing, labels in internal databases ( ) |
|
| resolv.conf file, action for editing ( ) |
|
| Restart Zone action ( ) |
|
| restoring control of desktop focus ( ) |
|
| restricting |
| | access to computer based on label ( ) |
| | access to devices ( ) |
| | access to global zone ( ) |
| | access to lower-level files ( ) |
| | access to printers with labels ( ) |
| | actions by rights profiles ( ) |
| | mounts of lower-level files ( ) |
| | printer access with labels ( ) |
| | printer label range ( ) |
| | remote access ( ) |
|
| Revoke or Reclaim Device authorization ( ) ( ) |
|
| rights, See rights profiles |
|
| rights profiles |
| | assigning ( ) |
| | controlling the use of actions ( ) |
| | Convenient Authorizations ( ) |
| | with Allocate Device authorization ( ) |
| | with device allocation authorizations ( ) |
| | with new device authorizations ( ) |
|
| Rights tool ( ) |
|
| rmmount.conf file ( ) ( ) |
|
| role workspace, global zone ( ) |
|
| roles |
| | administering auditing ( ) |
| | administering remotely ( ) ( ) |
| | assigning rights ( ) |
| | assuming ( ) ( ) |
| | creating ( ) |
| | leaving role workspace ( ) |
| | remote login ( ) |
| | role assumption from unlabeled host ( ) |
| | trusted application access ( ) |
| | workspaces ( ) |
|
| root UID, required for applications ( ) |
|
| route command ( ) ( ) |
|
| routing ( ) |
| | accreditation checks ( ) |
| | commands in Trusted Extensions ( ) |
| | concepts ( ) |
| | example of ( ) |
| | static with security attributes ( ) |
| | tables ( ) ( ) |
| | using route command ( ) |
| | | |
| S |
|
| scripts |
| | getmounts ( ) |
| | getzonelabels ( ) |
| | /usr/sbin/txzonemgr ( ) ( ) |
|
| secure attention, key combination ( ) |
|
| Security Administrator role |
| | administering network of users ( ) |
| | administering PostScript restriction ( ) |
| | administering printer security ( ) |
| | assigning authorizations to users ( ) |
| | audit tasks ( ) |
| | configuring a device ( ) |
| | configuring serial line for login ( ) |
| | creating Convenient Authorizations rights profile ( ) |
| | enabling unlabeled body pages from a public system ( ) |
| | enforcing security ( ) |
| | modifying window configuration files ( ) |
| | protecting nonallocatable devices ( ) |
|
| security administrators, See Security Administrator role |
|
| security attributes ( ) |
| | modifying defaults for all users ( ) |
| | modifying user defaults ( ) |
| | setting for remote hosts ( ) |
| | using in routing ( ) |
|
| security information, on printer output ( ) |
|
| security label set, remote host templates ( ) |
|
| security mechanisms |
| | extensible ( ) |
| | Solaris ( ) |
|
| security policy |
| | auditing ( ) |
| | training users ( ) |
| | users and devices ( ) |
|
| security templates, See remote host templates |
|
| Security Templates tool ( ) ( ) |
| | assigning templates ( ) |
| | modifying tnrhdb ( ) ( ) |
| | using ( ) |
|
| sel_config file ( ) |
| | action for editing ( ) |
| | configuring selection transfer rules ( ) |
|
| selecting, audit records by label ( ) |
|
| Selection Confirmer, changing defaults ( ) |
|
| Selection Manager |
| | changing timeout ( ) |
| | configuring rules for selection confirmer ( ) |
|
| serial line, configuring for logins ( ) |
|
| service management facility (SMF), Trusted Extensions service ( ) |
|
| session range ( ) |
|
| sessions, failsafe ( ) |
|
| Set Daily Message action ( ) |
|
| Set Default Routes action ( ) |
|
| Set DNS Servers action ( ) |
|
| setlabel command ( ) |
|
| Share Filesystems action ( ) |
|
| Share Logical Interface action ( ) |
|
| Share Physical Interface action ( ) |
|
| sharing, ZFS dataset from labeled zone ( ) |
|
| Shut Down Zone action ( ) |
|
| Shutdown authorization ( ) |
|
| similarities |
| | between Trusted Extensions and Solaris auditing ( ) |
| | between Trusted Extensions and Solaris OS ( ) |
|
| single-label operation ( ) |
|
| single-label printing, configuring for a zone ( ) |
|
| smtnrhdb command ( ) |
|
| smtnrhtp command ( ) |
|
| smtnzonecfg command ( ) |
|
| snoop command ( ) ( ) |
|
| software |
| | administering third-party ( ) |
| | importing ( ) |
| | installing Java programs ( ) |
|
| Solaris Management Console |
| | administering trusted network ( ) |
| | administering users ( ) |
| | Computers and Networks tool ( ) |
| | description of tools and toolboxes ( ) |
| | Security Templates tool ( ) ( ) |
| | starting ( ) |
| | toolboxes ( ) |
| | Trusted Network Zones tool ( ) |
|
| Solaris OS |
| | differences from Trusted Extensions ( ) |
| | differences from Trusted Extensions auditing ( ) |
| | similarities with Trusted Extensions ( ) |
| | similarities with Trusted Extensions auditing ( ) |
|
| solaris.print.nobanner authorization ( ) ( ) |
|
| solaris.print.ps authorization ( ) |
|
| solaris.print.unlabeled authorization ( ) |
|
| StarOffice, lengthening timeout when relabeling ( ) |
|
| Start Zone action ( ) |
|
| startup files, procedures for customizing ( ) |
|
| Stop-A, enabling ( ) |
|
| Sun Ray systems |
| | configuring network printer ( ) |
| | enabling initial contact between client and server ( ) |
| | preventing users from seeing others' processes ( ) |
|
| System Administrator role |
| | adding device_clean script ( ) |
| | adding print conversion filters ( ) |
| | administering printers ( ) |
| | audit tasks ( ) |
| | enabling music to play automatically ( ) |
| | preventing File Manager display ( ) |
| | reclaiming a device ( ) |
| | reviewing audit records ( ) |
|
| system files |
| | editing ( ) ( ) |
| | Solaris /etc/default/print ( ) |
| | Solaris policy.conf ( ) |
| | Trusted Extensions sel_config ( ) |
| | Trusted Extensions tsol_separator.ps ( ) |
| | | |
| T |
|
| tape devices, accessing ( ) |
|
| tar command ( ) |
|
| tasks and task maps |
| | Administering Trusted Extensions Remotely (Task Map) ( ) |
| | Audit Tasks of the Security Administrator ( ) |
| | Audit Tasks of the System Administrator ( ) |
| | Backing Up, Sharing, and Mounting Labeled Files (Task Map) ( ) |
| | Common Tasks in Trusted Extensions (Task Map) ( ) |
| | Configuring Labeled Printing (Task Map) ( ) |
| | Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) ( ) |
| | Configuring Trusted Network Databases (Task Map) ( ) |
| | Customizing Device Authorizations in Trusted Extensions (Task Map) ( ) |
| | Customizing User Environment for Security (Task Map) ( ) |
| | Getting Started as a Trusted Extensions Administrator (Task Map) ( ) |
| | Handling Devices in Trusted Extensions (Task Map) ( ) |
| | Handling Other Tasks in the Solaris Management Console (Task Map) ( ) |
| | Managing Devices in Trusted Extensions (Task Map) ( ) |
| | Managing Printing in Trusted Extensions (Task Map) ( ) |
| | Managing Software in Trusted Extensions (Tasks) ( ) |
| | Managing Trusted Networking (Task Map) ( ) |
| | Managing Users and Rights With the Solaris Management Console ( ) |
| | Managing Zones (Task Map) ( ) |
| | Reducing Printing Restrictions in Trusted Extensions (Task Map) ( ) |
| | Troubleshooting the Trusted Network (Task Map) ( ) |
| | Using Devices in Trusted Extensions (Tasks Map) ( ) |
|
| text label equivalents, determining ( ) |
|
| Thunderbird, lengthening timeout when relabeling ( ) |
|
| tnchkdb command |
| | action for checking ( ) |
| | description ( ) |
| | summary ( ) |
|
| tnctl command |
| | description ( ) |
| | summary ( ) |
| | updating kernel cache ( ) |
| | using ( ) |
|
| tnd command |
| | description ( ) |
| | summary ( ) |
|
| tninfo command |
| | description ( ) |
| | summary ( ) |
| | using ( ) ( ) |
|
| tnrhdb database |
| | 0.0.0.0 host address ( ) ( ) |
| | 0.0.0.0 wildcard address ( ) |
| | action for checking ( ) |
| | adding to ( ) |
| | configuring ( ) |
| | fallback mechanism ( ) ( ) |
| | tool for administering ( ) |
| | wildcard address ( ) |
|
| tnrhtp database |
| | action for checking ( ) |
| | adding to ( ) |
| | tool for administering ( ) |
|
| toolboxes, defined ( ) |
|
| tools, See administrative tools |
|
| Tools subpanel, Device Allocation Manager ( ) |
|
| trailer pages, See banner pages |
|
| translation, See localizing |
|
| troubleshooting |
| | failed login ( ) |
| | LDAP ( ) |
| | mounted file systems ( ) |
| | network ( ) |
| | reclaiming a device ( ) |
| | repairing labels in internal databases ( ) |
| | trusted network ( ) |
| | verifying interface is up ( ) |
| | viewing ZFS dataset mounted in lower-level zone ( ) |
|
| Troubleshooting the Trusted Network (Task Map) ( ) |
|
| trusted actions, in CDE ( ) |
|
| trusted applications, in a role workspace ( ) |
|
| trusted_edit trusted editor ( ) |
|
| trusted editor |
| | assigning your favorite editor ( ) |
| | starting ( ) |
|
| Trusted Extensions |
| | differences from Solaris auditing ( ) |
| | differences from Solaris OS ( ) |
| | man pages quick reference ( ) |
| | quick reference to administration ( ) |
| | similarities with Solaris auditing ( ) |
| | similarities with Solaris OS ( ) |
|
| Trusted Extensions DOI, enabling DOI different from 1 ( ) |
|
| Trusted_Extensions folder |
| | location ( ) |
| | using actions in ( ) |
| | using Admin Editor from ( ) |
|
| trusted grab, key combination ( ) |
|
| trusted network |
| | 0.0.0.0 tnrhdb entry ( ) |
| | action for setting default routes ( ) |
| | administering with Solaris Management Console ( ) |
| | checking syntax of files ( ) |
| | concepts ( ) |
| | default labeling ( ) |
| | editing local files ( ) |
| | example of routing ( ) |
| | host types ( ) |
| | labels and MAC enforcement ( ) |
| | using templates ( ) |
|
| Trusted Network tools |
| | description ( ) |
| | using ( ) |
|
| Trusted Network Zones tool |
| | configuring a multilevel port ( ) |
| | configuring a multilevel print server ( ) |
| | creating a multilevel port ( ) |
| | description ( ) ( ) |
|
| trusted path attribute, when available ( ) |
|
| Trusted Path menu, Assume Role ( ) |
|
| trusted processes |
| | in the window system ( ) |
| | starting actions ( ) |
|
| trusted programs |
| | adding ( ) |
| | defined ( ) |
|
| trusted stripe |
| | on multiheaded system ( ) |
| | warping pointer to ( ) |
|
| trustworthy programs ( ) |
|
| tsol_separator.ps file |
| | configurable values ( ) |
| | customizing labeled printing ( ) |
| | | |
| U |
|
| unlabeled printing, configuring ( ) |
|
| updatehome command ( ) ( ) |
|
| Upgrade DragNDrop or CutPaste Info authorization ( ) |
|
| Upgrade File Label authorization ( ) |
|
| upgrading labels, configuring rules for selection confirmer ( ) |
|
| User Accounts tool ( ) |
|
| users |
| | accessing devices ( ) ( ) |
| | accessing printers ( ) |
| | assigning authorizations to ( ) |
| | assigning labels ( ) |
| | assigning passwords ( ) |
| | assigning rights ( ) |
| | assigning roles to ( ) |
| | authorizations for ( ) |
| | Change Password menu item ( ) |
| | changing default privileges ( ) |
| | creating ( ) |
| | customizing environment ( ) |
| | deletion precautions ( ) |
| | labels of processes ( ) |
| | lengthening timeout when relabeling ( ) |
| | logging in remotely to the global zone ( ) |
| | logging in to a failsafe session ( ) |
| | modifying security defaults ( ) |
| | modifying security defaults for all users ( ) |
| | planning for ( ) |
| | preventing account locking ( ) |
| | preventing from seeing others' processes ( ) |
| | printing ( ) |
| | removing some privileges ( ) |
| | restoring control of desktop focus ( ) |
| | security precautions ( ) |
| | security training ( ) ( ) ( ) |
| | session range ( ) |
| | setting up skeleton directories ( ) |
| | startup files ( ) |
| | using .copy_files file ( ) |
| | using .link_files file ( ) |
| | using devices ( ) |
|
| Using Devices in Trusted Extensions (Task Map) ( ) |
|
| /usr/dt/bin/trusted_edit trusted editor ( ) |
|
| /usr/dt/config/sel_config file ( ) ( ) |
|
| /usr/lib/lp/postscript/tsol_separator.ps file, labeling printer output ( ) |
|
| /usr/local/scripts/getmounts script ( ) |
|
| /usr/local/scripts/getzonelabels script ( ) |
|
| /usr/sbin/txzonemgr script ( ) ( ) |
|
| utadm command, default Sun Ray server configuration ( ) |
| | | |
| V |
|
| VCL.xcu file ( ) |
|
| verifying |
| | interface is up ( ) |
| | syntax of network databases ( ) |
|
| viewing, See accessing |
|
| virtual network computing (vnc), See Xvnc systems running Trusted Extensions |
| | | |
| W |
|
| well-formed labels ( ) |
|
| wildcard address, See fallback mechanism |
|
| window manager ( ) |
|
| window system, trusted processes ( ) |
|
| workspaces |
| | color changes ( ) |
| | colors indicating label of ( ) |
| | global zone ( ) |
| | | |
| X |
|
| X audit classes ( ) |
|
| xatom audit token ( ) |
|
| xc audit class ( ) |
|
| xclient audit token ( ) |
|
| xcolormap audit token ( ) |
|
| xcursor audit token ( ) |
|
| xfont audit token ( ) |
|
| xgc audit token ( ) |
|
| xp audit class ( ) |
|
| xpixmap audit token ( ) |
|
| xproperty audit token ( ) |
|
| xs audit class ( ) |
|
| xselect audit token ( ) |
|
| Xtsolusersession script ( ) |
|
| Xvnc systems running Trusted Extensions |
| | remote access to ( ) ( ) |
|
| xwindow audit token ( ) |
|
| xx audit class ( ) |
| | | |
| Z |
|
| ZFS |
| | adding dataset to labeled zone ( ) |
| | mounting dataset read-write on labeled zone ( ) |
| | viewing mounted dataset read-only from higher-level zone ( ) |
|
| /zone/public/etc/dfs/dfstab file ( ) |
|
| Zone Terminal Console action ( ) |
|
| zones |
| | action for cloning ( ) |
| | action for configuring ( ) |
| | action for copying ( ) |
| | action for initializing ( ) |
| | action for installing ( ) |
| | action for restarting ( ) |
| | action for sharing logical interface ( ) |
| | action for sharing physical interface ( ) |
| | action for shutting down ( ) |
| | action for starting ( ) |
| | action for viewing from console ( ) |
| | administering ( ) |
| | administering from Trusted JDS ( ) |
| | creating MLP ( ) |
| | creating MLP for NFSv3 ( ) |
| | displaying labels of file systems ( ) |
| | displaying status ( ) |
| | global ( ) |
| | in Trusted Extensions ( ) |
| | managing ( ) |
| | net_mac_aware privilege ( ) |
| | tool for labeling ( ) |
|
