Skip to ContentSun and Oracle Channel Sun How to Buy Log In

Solaris Trusted Extensions Reference Manual

이 책의 내용보기:

다른 언어
日本語

Contained Within

Solaris Trusted Extensions Collection

Find More Documentation

Featured Support Resources

PDF로 이 문서 다운로드 (937 KB)

System Administration Commands

add_allocatable(1M)

NAME

add_allocatable – add entries to allocation databases

Synopsis

/usr/sbin/add_allocatable [-f] [-s] [-d] -n name -t type -l device-list 
    [-a authorization] [-c clean] [-o key=value]

Description

add_allocatable creates new entries for user allocatable devices that are to be managed by the device allocation mechanism. add_allocatable can also be used to update existing entries of such devices.

add_allocatable can also create and update entries for non-allocatable devices, such as printers, whose label range is managed by the device allocation mechanism.

add_allocatable can be used in shell scripts, such as installation scripts for driver packages, to automate the administrative work of setting up a new device.

Use list_devices(1) to see the names and types of allocatable devices, their attributes, and device paths.

Options

-f

Force an update of an already-existing entry with the specified information. add_allocatable exits with an error if this option is not specified when an entry with the specified device name already exists.

-s

Turn on silent mode. add_allocatable does not print any error or warning messages.

-d

If this option is present, add_allocatable updates the system-supplied default attributes of the device type specified with -t.

-n name

Adds or updates an entry for device that is specified by name.

-t type

Adds or updates device entries that are of a type that are specified by type.

-l device-list

Adds or updates device paths to the device that is specified with -n. Multiple paths in device-list must be separated by white spaces and the list must be quoted.

-a authorization

Adds or updates the authorization that is associated with either the device that is specified with -n or with devices of the type that is specified with -t. When more than one authorization is specified, the list must be separated by commas and must be quoted. When the device is not allocatable, authorization is specified with an asterisk (*) and must be quoted. When the device is allocatable by any user, authorization is specified with the at sign (@) and must be quoted. Default authorization is '@'.

-c clean

Specifies the device_clean(5) program clean to be used with the device that is specified with -n or with devices of the type that is specified with -t. The default clean program is /bin/true.

-o key=value

Accepts a string of colon-separated key=value pairs for a device that is specified with -n or with devices of the type that is specified with -t. The following keys are currently interpreted by the system:

minlabel: The minimum label at which the device can be used.
maxlabel: The maximum label at which the device can be used.

Errors

When successful, add_allocate returns an exit status of 0 (true). add_allocate returns a nonzero exit status in the event of an error. The exit codes are as follows:

1: Invocation syntax error
2: Unknown system error
3: An entry already exists for the specified device. This error occurs only when the -f option is not specified.
4: Permission denied. User does not have DAC or MAC access record updates.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Interface Stability (Invocation)	Evolving
Interface Stability (Options)	Evolving
Interface Stability (Output)	Unstable

atohexlabel(1M)

NAME

atohexlabel – convert a human readable label to its internal text equivalent

Synopsis

/usr/sbin/atohexlabel [human-readable-sensitivity-label]

/usr/sbin/atohexlabel -c [human-readable-clearance]

Interface Level

This file is part of the Defense Intelligence Agency (DIA) Mandatory Access Control (MAC) policy. This file might not be applicable to other MAC policies that might be developed for future releases of Solaris Trusted Extensions software.

Description

atohexlabel converts a human readable label into an internal text representation that is safe for storing in a public object. If no option is supplied, the label is assumed to be a sensitivity label.

Internal conversions can later be parsed to their same value. This internal form is often hexadecimal. The converted label is written to the standard output file. If no human readable label is specified, the label is read from the standard input file. The expected use of this command is emergency repair of labels that are stored in internal databases.

Options

-c: Identifies the human readable label as a clearance.

Exit Status

The following exit values are returned:

0: On success.
1: On failure, and writes diagnostics to the standard error file.

Files

/etc/security/tsol/label_encodings: The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Stability Level	See `NOTES` below

Notes

The stability of the command output is Stable for systems with the same label_encodings file. The stability of the command invocation is Stable for systems that implement the DIA MAC policy.

SunOS 5.10 Last Revised 31 Aug 2005

chk_encodings(1M)

NAME

chk_encodings – check the label encodings file syntax

Synopsis

/usr/sbin/chk_encodings [-a] [-c maxclass] [pathname]

Interface Level

Description

chk_encodings checks the syntax of the label-encodings file that is specified by pathname. With the -a option, chk_encodings also prints a semantic analysis of the label-encodings file that is specified by pathname. If pathname is not specified, chk_encodings checks and analyzes the /etc/security/tsol/label_encodings file.

If label-encodings file analysis was requested, whatever analysis can be provided is written to the standard output file even if errors were found.

Options

-a: Provide a semantic analysis of the label encodings file.
-c maxclass: Accept a maximum classification value of maxclass (default 255) in the label encodings file CLASSIFICATIONS section.

Errors

When successful, chk_encodings returns an exit status of 0 (true) and writes to the standard output file a confirmation that no errors were found in pathname. Otherwise, chk_encodings returns an exit status of nonzero (false) and writes an error diagnostic to the standard output file.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Stability Level	Mixed. See `NOTES` below

Files

/etc/security/tsol/label_encodings: The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.

Notes

The stability of the syntactic checking is considered standard and controlled by DIA document DDS-2600-6216-93, Compartmented Mode Workstation Labeling: Encodings Format, September 1993. The stability of the command output is undefined. The stability of the command invocation is stable for systems that implement the DIA MAC policy.

SunOS 5.10 Last Revised 16 Mar 2006

hextoalabel(1M)

NAME

hextoalabel – convert an internal text label to its human readable equivalent

Synopsis

/usr/sbin/hextoalabel [internal-text-sensitivity-label]

/usr/sbin/hextoalabel -c [internal-text-clearance]

Interface Level

Description

hextoalabel converts an internal text label into its human readable equivalent and writes the result to the standard output file. This internal form is often hexadecimal. If no option is supplied, the label is assumed to be a sensitivity label.

If no internal text label is specified, the label is read from the standard input file. The expected use of this command is emergency repair of labels that are stored in internal databases.

Options

-c: Identifies the internal text label as a clearance.

Exit Status

The following exit values are returned:

0: On success.
1: On failure, and writes diagnostics to the standard error file.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Stability Level	See `NOTES` below

Files

/etc/security/tsol/label_encodings: The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.

Notes

The stability of the command output is Stable for systems with the same label_encodings file. The stability of the command invocation is Stable for systems that implement the DIA MAC policy.

SunOS 5.10 Last Revised 31 Aug 2005

remove_allocatable(1M)

NAME

remove_allocatable – remove entries from allocation databases

Synopsis

/usr/sbin/remove_allocatable  [-f] -n name

/usr/sbin/remove_allocatable  [-f] [-d] -t dev-type

Description

remove_allocatable removes entries of user allocatable devices from the device allocation mechanism. remove_allocatable also removes entries of some non-allocatable devices, such as printers, whose label range is managed by the mechanism.

Options

-d: Removes system-supplied default attributes of the device type that is specified with -t.
-f: Force the removal of an entry. remove_allocatable exits with an error if this option is not specified when an entry with the specified device name no longer exists.
-n name: Removes the entry for the device name.
-t dev-type: Removes devices of type dev-type.

Errors

When successful, remove_allocatable returns an exit status of 0 (true). remove_allocatable returns a nonzero exit status in the event of an error. The exit codes are as follows:

1: Invocation syntax error
2: Unknown system error
3: Device name or dev-type not found. This error occurs only when the -f option is not specified.
4: Permission denied. User does not have DAC or MAC access to database.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Interface Stability (Invocation)	Evolving
Interface Stability (Options)	Evolving
Interface Stability (Output)	Not an interface

smtnrhdb(1M)

NAME

smtnrhdb – manage entries in the tnrhdb database

Synopsis

/usr/sadm/bin/smtnrhdb subcommand [auth_args] -- subcommand_args]

Description

The smtnrhdb command adds, modifies, deletes, and lists entries in the tnrhdb database.

smtnrhdb subcommands are:

add: Adds a new entry to the tnrhdb database. To add an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
delete: Deletes an entry from the tnrhdb database. To delete an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
list: Lists all entries in the tnrhdb database. To list an entry, the administrator must have the solaris.network.host.read and solaris.network.security.read authorizations.
modify: Modifies an entry in the tnrhdb database. To modify an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.

Options

The smtnrhdb authentication arguments, auth_args, are derived from the smc arg set. These arguments are the same regardless of which subcommand you use. The smtnrhdb command requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After rebooting the Solaris Management Console server, the first smc connection can time out, so you might need to retry the command.

The subcommand-specific options, subcommand_args, must be preceded by the -- option.

`auth_args`

The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user might be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain.

-D | --domain domain

Specifies the default domain that you want to manage. The syntax of domain=type:/host_name/domain_name, where type is dns, ldap, or file; host_name is the name of the server; and domain_name is the name of the domain you want to manage.

If you do not specify this option, the Solaris Management Console assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis; this option specifies the domain for all other tools.

-H | --hostname host_name:port

Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the Solaris Management Console connects to the local host on port 898.

-l | --rolepassword role_password

Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to supply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.

-p | --password password

Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.

-r | --rolename role_name

Specifies a role name for authentication. If you do not specify this option, no role is assumed.

-u | --username user_name

Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.

--

This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.

`subcommand_args`

Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.

-h: Displays the command's usage statement.
-H hostname: Specifies the name of the host. For the list subcommand, the hostname argument is not specified. This is not required if the ipaddress subcommand argument is specified.
-i ipaddress: Specifies the IP address of the host. This is not required if the hostname subcommand argument is specified.
-n templatename: Specifies the name of the template.
-p prefixlen: Specifies the prefix length (in bits) of a wildcard representation of the IP address. The prefix is the left-most portion of the IP address.
-w ipaddress-wildcard: Specifies the IP address of the subnet using a wildcard.

One of the following sets of arguments must be specified for subcommand add:

-H hostname -n templatename |
-i ipaddress -n templatename |
-w ipaddress-wildcard -n templatename [ -p prefixlen ] |
-h

One of the following sets of arguments must be specified for subcommand modify:

-H hostname -n templatename |
-i ipaddress -n templatename |
-w ipaddress-wildcard -n templatename [ -p prefixlen ] |
-h

One of the following sets of arguments must be specified for subcommand delete:

-H hostname |
-i ipaddress |
-w ipaddress-wildcard [ -p prefixlen ] |
-h

The subcommand list takes the following argument:
-h

Examples

Example 1 Specifying the Template Name for a Wildcard IP Address

The admin role specifies the template name, cipso_lan, for a series of hosts that use the IP address wildcard 192.168.113.0 on the local file system. Since no authorization arguments were specified, the administrator connects to port 898 of the local host on the local server with the file domain type, which are the defaults. The administrator is prompted for the admin password.

$ usr/sadm/bin/smtnrhdb add -- -w 192.168.113.0 -n cipso_lan

Example 2 Deleting an Entry in the `tnrhdb` Database

The admin role connects to port 898 (which happens to be the default) of the LDAP server and deletes a host entry from the database by specifying its IP address, 192.168.113.8. Since the domain was not specified, the file domain type and local server are used by default. The administrator is prompted for the admin password.

/usr/sadm/bin/smtnrhdb delete \
-D ldap:/example.domain -i 192.168.113.8

Exit Status

The following exit values are returned:

0: Successful completion.
1: Invalid command syntax. A usage message displays.
2: An error occurred while executing the command. An error message displays.

Files

The following files are used by the smtnrhdb command:

/etc/security/tsol/tnrhdb: Trusted network remote-host database. See tnrhdb(4).

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWmgts

smtnrhtp(1M)

NAME

smtnrhtp – manage entries in the trusted network template database

Synopsis

/usr/sadm/bin/smtnrhtp subcommand [auth_args] -- [subcommand_args]

Description

The smtnrhtp command adds, modifies, deletes, and lists entries in the tnrhtp database.

smtnrhtp subcommands are:

add: Adds a new entry to the tnrhtp database. To add an entry, the administrator must have the solaris.network.security.read and solaris.network.security.write authorizations.
modify: Modifies an entry in the tnrhtp database. To modify an entry, the administrator must have the solaris.network.security.read and solaris.network.security.write authorizations.
delete: Deletes an entry from tnrhtp database. To delete an entry, the administrator must have the solaris.network.security.read and solaris.network.security.write authorizations.
list: Lists entries in the tnrhtp database. To list an entry, the administrator must have the solaris.network.security.read authorizations.

Options

The smtnrhtp authentication arguments, auth_args, are derived from the smc arg set and are the same regardless of which subcommand you use. The smtnrhtp command requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After rebooting the Solaris Management Console server, the first smc connection can time out, so you might need to retry the command.

The subcommand-specific options, subcommand_args, must be preceded by the -- option.

`auth_args`

-D | --domain domain

-H | --hostname host_name:port

-l | --rolepassword role_password

-p | --password password

-r | --rolename role_name

Specifies a role name for authentication. If you do not specify this option, no role is assumed.

-u | --username user_name

Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.

--

This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.

`subcommand_args`

Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.

-h: Displays the command's usage statement.
-n templatename: Specifies the name of the template.
-t hosttype: Specifies the hosttype of the new host. Valid values are unlabeled and cipso.
-x doi=doi-value: Specifies the DOI value.
-x max=maximum-label: Specifies the maximum label. Values can be a hex value or string (such as admin_high).
-x min=minimum-label: Specifies the minimum label. Values can be a hex value or string (such as admin_low).
-x label=default-label: Specifies the default label when the host type is unlabeled. This option does not apply if hosttype is CIPSO. Values can be a hex value or string (such as admin_low).
-x slset=l1,l2,l3,l4: Specifies a set of sensitivity labels. You can specify up to four label values, separated by commas. Values can be a hex value or string (such as admin_low).

One of the following sets of arguments must be specified for subcommand add:
-n template name (
)
One of the following sets of arguments must be specified for subcommand modify:
-n template name (
)
Note: If the host type is changed, all options for the new host type must be specified.
One of the following sets of arguments must be specified for subcommand delete:
-n templatename | -h
The following argument can be specified for subcommand list:
-n templatename | -h

Examples

Example 1 Adding a New Entry to the Network Template Database

The admin role connects to port 898 of the LDAP server and creates the unlabeled_ntk entry in the tnrhtp database. The new template is assigned a host type of unlabeled, a domain of interpretation of 1, minimum label of public, maximum label of restricted, and a default label of needtoknow. The administrator is prompted for the admin password.

$ /usr/sadm/bin/smtnrhtp \
add -D ldap:directoryname -H servername:898 -- \
-n unlabeled_ntk -t unlabeled -x DOI=1 \
-x min=public -x max=restricted -x label="need to know"

Exit Status

The following exit values are returned:

0: Successful completion.
1: Invalid command syntax. A usage message displays.
2: An error occurred while executing the command. An error message displays.

Files

The following files are used by the smtnrhtp command:

/etc/security/tsol/tnrhtp: Trusted network remote-host templates. See tnrhtp(4).

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWmgts

smtnzonecfg(1M)

NAME

smtnzonecfg – manage entries in the zone configuration database for Trusted Extensions networking

Synopsis

/usr/sadm/bin/smtnzonecfg subcommand [auth_args] -- [subcommand_args]

Description

The smtnzonecfg command adds, modifies, deletes, and lists entries in the tnzonecfg database.

smtnzonecfg subcommands are:

add: Adds a new entry to the tnzonecfg database. To add an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
modify: Modifies an entry in the tnzonecfg database. To modify an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
delete: Deletes an entry from the tnzonecfg database. To delete an entry, the administrator must have the solaris.network.host.write and solaris.network.security.write authorizations.
list: Lists entries in the tnzonecfg database. To list an entry, the administrator must have the solaris.network.host.read and solaris.network.security.read authorizations.

Options

The smtnzonecfg authentication arguments, auth_args, are derived from the smc arg set and are the same regardless of which subcommand you use. The smtnzonecfg command requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After rebooting the Solaris Management Console server, the first smc connection can time out, so you might need to retry the command.

The subcommand-specific options, subcommand_args, must be preceded by the -- option.

`auth_args`

The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user can be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain.

-D | --domain domain

If you do not specify this option, the Solaris Management Console assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis. This option specifies the domain for all other tools.

-H | --hostname host_name:port

-l | --rolepassword role_password

-p | --password password

-r | --rolename role_name

Specifies a role name for authentication. If you do not specify this option, no role is assumed.

-u | --username user_name

Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.

--

This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.

`subcommand_args`

Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.

-h

Displays the command's usage statement.

-n zonename

Specifies the zone name for the entry. This name is used when the zone is configured. zonename is case-sensitive. The specified zone name must be one of the configured zones on the system. The following command returns a list of configured zones:

/usr/sbin/zoneadm list -c

-l label

Specifies the label for the zone. This field is used to label the zone when the zone is booted.

-x policymatch=0|1

Specifies the policy match level for non-transport traffic. Only values of 0 (match the label) or 1 (be within the label range of the zone) are accepted. See tnzonecfg(4) for more detail. This subcommand argument is optional. If not specified, it will have a default value of 0.

-x mlpzone=“”|port/protocol

Specifies the multilevel port configuration entry for zone-specific IP addresses. Multiple port/protocol combinations are separated by a semi-colon. The empty string can be specified to remove all existing MLP zone values. This subcommand argument is optional.

-x mlpshared=“”|port/protocol

Specifies the multilevel port configuration entry for shared IP addresses. Multiple port/protocol combinations are separated by a semi-colon. The empty string can be specified to remove all existing MLP shared values. This subcommand argument is optional.

One of the following sets of arguments must be specified for subcommand add:

-n zonename -l label [-x policymatch=policy-match-level \
-x mlpzone=port/protocol;.... | -x mlpshared=port/protocol;.... ] 

-h

One of the following sets of arguments must be specified for subcommand modify:

-n zonename [-l label] [-x policymatch=policy-match-level \
-x mlpzone=port/protocol;.... | -x mlpshared=port/protocol;.... ] 

-h

One of the following arguments must be specified for subcommand delete:
-n zonename | -h
The following argument can be specified for subcommand list:
-n zonename | -h

Examples

Example 1 Adding a New Entry to the Zone Configuration Database

The admin role creates a new zone entry, public, with a label of public, a policy match level of 1, and a shared MLP port and protocol of 666 and TCP. The administrator is prompted for the admin password.

$ /usr/sadm/bin/smtnzonecfg add -- -n public -l public \
-x policymatch=1 -x mlpshared=666/tcp

Example 2 Modifying an Entry in the Zone Configuration Database

The admin role changes the public entry in the tnzonecfg database to needtoknow. The administrator is prompted for the admin password.

$ /usr/sadm/bin/smtnzonecfg modify -- -n public -l needtoknow

Example 3 Listing the Zone Configuration Database

The admin role lists the entries in the tnzonecfg database. The administrator is prompted for the admin password.

$ /usr/sadm/bin/smtnzonecfg list --

Exit Status

The following exit values are returned:

0: Successful completion.
1: Invalid command syntax. A usage message displays.
2: An error occurred while executing the command. An error message displays.

Files

The following files are used by the smtnzonecfg command:

/etc/security/tsol/tnzonecfg: Trusted zone configuration database. See tnzonecfg(4).

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWmgts

tnchkdb(1M)

NAME

tnchkdb – check file syntax of trusted network databases

Synopsis

/usr/sbin/tnchkdb  [-h path] [-t path] [-z path]

Description

tnchkdb checks the syntax of the tnrhtp(4), tnrhdb(4), and tnzonecfg(4) databases. By default, the path for each file is:

/etc/security/tsol/tnrhtp
/etc/security/tsol/tnrhdb
/etc/security/tsol/tnzonecfg

You can specify an alternate path for any or all of the files by specifying that path on the command line by using the -h (tnrhdb), -t (tnrhtp) and -z (tnzonecfg) options. The options are useful when testing a set of modified files before installing the files as new system databases.

All three database files are checked for integrity. tnchkdb returns an exit status of 0 if all of the files are syntactically and, to the extent possible, semantically correct. If one or more files have errors, then an exit status of 1 is returned. If there are command line problems, such as an unreadable file, an exit status of 2 is returned. Errors are written to standard error.

To avoid cascading errors, when there are errors in tnrhtp, the template names in tnrhdb are not validated.

tnchkdb can be run at any label, but the standard /etc/security/tsol files are visible only in the global zone.

Options

-h [ path ]: Check path for proper tnrhdb syntax. If path is not specified, then check /etc/security/tsol/tnrhdb.
-t [ path ]: Check path for proper tnrhtp syntax. If path is not specified, then check /etc/security/tsol/tnrhtp.
-z [ path ]: Check path for proper tnzonecfg syntax. If path is not specified, then check /etc/security/tsol/tnzonecfg.

Examples

Example 1 Sample Error Message

The tnchkdb command checks for CIPSO errors. In this example, the admin_low template has an incorrect value of ADMIN_HIGH for its default label.

# tnchkdb
checking /etc/security/tsol/tnrhtp ...
tnchkdb: def_label classification 7fff is invalid for cipso labels:
line 14 entry admin_low
tnchkdb: def_label compartments 241-256 must be zero for cipso labels:
line 14 entry admin_low
checking /etc/security/tsol/tnrhdb ...
checking /etc/security/tsol/tnzonecfg ...

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Stability (Command Line)	Evolving
Stability (Output)	Unstable

Files

/etc/security/tsol/tnrhdb: Trusted network remote-host database
/etc/security/tsol/tnrhtp: Trusted network remote-host templates
/etc/security/tsol/tnzonecfg: Trusted zone configuration database

Notes

It is possible to have inconsistent but valid configurations of tnrhtp and tnrhdb when LDAP is used to supply missing templates.

SunOS 5.10 Last Revised 26 Jun 2006

tnctl(1M)

NAME

tnctl – configure Trusted Extensions network parameters

Synopsis

/usr/sbin/tnctl [-dfv] [-h host [/prefix] [:template]] [-m zone:mlp:shared-mlp]
 [-t template [:key=val [;key=val]]] [-HTz] file]

Description

tnctl provides an interface to manipulate trusted network parameters in the Solaris kernel.

As part of Solaris Trusted Extensions initialization, tnctl is run in the global zone by an smf(5) script during system boot. The tnctl command is not intended to be used during normal system administration. Instead, if a local trusted networking database file is modified without using the Solaris Management Console, the administrator first issues tnchkdb(1M) to check the syntax, and then refreshes the kernel copy with this command:

# svcadm restart svc:/network/tnctl

See WARNINGS about the risks of changing remote host and template information on a running system.

Options

-d

Delete matching entries from the kernel. The default is to add new entries.

When deleting MLPs, the MLP range must match exactly. MLPs are specified in the form:

port[-port]/protocol

Where port can be a number in the range 1 to 65535. or any known service (see services(4)), and protocol can be a number in the range 1 to 255, or any known protocol (see protocols(4)).

-f

Flush all kernel entries before loading the entries that are specified on the command line. The flush does not take place unless at least one entry parsed successfully.

-v

Turn on verbose mode.

-h host[/prefix][:template]

Update the kernel remote-host cache on the specified host or, if a template name is given, change the kernel's cache to use the specified template. If prefix is not specified, then an implied prefix length is determined according to the rules used for interpreting the tnrhdb(4). If -d is specified, then a template name cannot be specified.

-m zone:mlp:shared-mlp

Modify the kernel's multilevel port (MLP) configuration cache for the specified zone. zone specifies the zone to be updated. mlp and shared-mlp specify the MLPs for the zone-specific and shared IP addresses. The shared-mlp field is effective in the global zone only.

-t template[key=val[;key=val]]

Update the kernel template cache for template or, if a list of key=val pairs is given, change the kernel's cache to use the specified entry. If -d is specified, then key=val pairs cannot be specified. See tnrhtp(4) for the format of the entries.

-T file

Load all template entries in file into the kernel cache.

-H file

Load all remote host entries in file into the kernel cache.

-z file

Load just the global zone's MLPs from file into the kernel cache. To reload MLPs for a non-global zone, reboot the zone:

# zoneadm -z non-global zone reboot

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Stability Level	Unstable

Files

/etc/security/tsol/tnrhdb: Trusted network remote-host database
/etc/security/tsol/tnrhtp: Trusted network remote-host templates
/etc/security/tsol/tnzonecfg: Trusted zone configuration database
/etc/nsswitch.conf: Configuration file for the name service switch

Notes

The tnctl service is managed by the service management facility, smf(5), under the service identifier:

svc:/network/tnctl

The service's status can be queried by using svcs(1). Administrative actions on this service, such as refreshing the kernel cache, can be performed using svcadm(1M), as in:

svcadm refresh svc:/network/tnctl

Warnings

Changing a template while the network is up can change the security view of an undetermined number of hosts.

SunOS 5.10 Last Revised 26 Jun 2006

tnd(1M)

NAME

tnd – trusted network daemon

Synopsis

/usr/sbin/tnd  [-p poll-interval]

Description

The tnd (trusted network daemon) initializes the kernel with trusted network databases and also reloads the databases on demand from an LDAP server and local files. tnd follows the order specified in the nsswitch.conf(4) file when loading configuration databases. tnd is started at the beginning of the boot process.

tnd loads two databases into the kernel: the remote host database, tnrhdb(4) and the remote-host template database, tnrhtp(4). These databases and their effect on the trusted network are described in their respective man pages. When the associated LDAP database or local databases are changed, tnd also updates the local kernel cache at the predetermined interval.

If a local trusted networking database file is modified, the administrator should run tnchkdb(1M) to check the syntax, and should also run svcadm refresh svc:/network/tnd to initiate an immediate database scan by tnd.

tnd is intended to be started from an smf(5) script and to run in the global zone. The following signals cause specific svcadm actions:

SIGHUP

Causes svcadm refresh svc:/network/tnd to be run.

Initiates a rescan of the local and LDAP tnrhdb and tnrhtp databases. tnd updates the kernel database with any changes found.

SIGTERM

Causes svcadm disable svc:/network/tnd to be run.

Terminates the tnd daemon. No changes are made to the kernel database.

Options

-p poll-interval: Set poll interval to poll-interval seconds. The default poll-interval is 1800 seconds (30 minutes).

Examples

Example 1 Changing the Poll Interval

The following command changes the polling interval to one hour, and puts this interval in the SMF repository. At the next boot, the tnd poll interval will be one hour.

# svccfg -s network/tnd setprop tnd/poll_interval=3600

The following command changes the polling interval, but does not update the repository. At the next boot, the tnd poll interval remains the default, 30 minutes.

# tnd -p 3600

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Stability Level (Command)	Stable
Stability Level (Service)	Project Private

Files

/etc/security/tsol/tnrhdb: Trusted network remote-host database
/etc/security/tsol/tnrhtp: Trusted network remote-host templates
/etc/security/tsol/tnzonecfg: Trusted zone configuration database
/etc/nsswitch.conf: Configuration file for the name service switch

Notes

The tnd service is managed by the service management facility, smf(5), under the service identifier:

svc:/network/tnd

The service's status can be queried by using svcs(1). Administrative actions on this service, such as requests to restart the daemon, can be performed using svcadm(1M), as in:

svcadm restart svc:/network/tnd

SunOS 5.10 Last Revised 26 Jun 2006

tninfo(1M)

NAME

tninfo – print kernel-level network information and statistics

Synopsis

/usr/sbin/tninfo [-h hostname] [-m zone-name] [-t template]

Description

tninfo provides an interface to retrieve and display kernel-level network information and statistics.

Options

-h hostname: Display the security structure for the specified host in the remote-host cache. The output should reflect what is specified in the tnrhdb database.
-m zone-name: Display the MLP configuration associated with the specified zone. The output should reflect what is specified in the tnzonecfg database.
-t template: Display the structure associated with the specified template. The output should reflect what is specified in the tnrhtp database.

Examples

Example 1 Displaying Remote Host Structures Cached in the Kernel

This example shows the remote host structures cached in the kernel. The output reflects the definition in the tnrhdb database.

# tninfo -h machine1
   IP address= 192.168.8.61
   Template = cipso

Example 2 Displaying Multilevel Ports for the Global Zone

This example shows the kernel-cached MLPs for the global zone. The output reflects the definition in the tnzonecfg database, plus any dynamically allocated MLPs. private indicates zone-specific MLPs.

# tninfo -m global
private:23/tcp;111/tcp;111/udp;515/tcp;2049/tcp;6000-6003/tcp;
        32812/tcp;36698/ip;38634/tcp;64365/ip
shared: 6000-6003/tcp

Example 3 Displaying the `cipso` Template Definition

This example shows the kernel-cached cipso template definition. The output reflects the definition in the tnrhtp database.

# tninfo -t cipso
=====================================
   Remote Host Template Table Entries:
   __________________________
   template: cipso
   host_type: CIPSO
   doi: 1
   min_sl: ADMIN_LOW
   hex: ADMIN_LOW
   max_sl: ADMIN_HIGH
   hex: ADMIN_HIGH

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Stability (Command Line)	Evolving
Stability (Output)	Unstable

Files

/etc/security/tsol/tnrhdb: Trusted network remote-host database
/etc/security/tsol/tnrhtp: Trusted network remote-host templates
/etc/security/tsol/tnzonecfg: Trusted zone configuration database

updatehome(1M)

NAME

updatehome – update the home directory copy and link files for the current label

Synopsis

/usr/bin/updatehome  [-cirs]

Description

updatehome reads the user's minimum-label copy and link-control files (.copy_files and .link_files). These files contain a list of files to be copied and symbolically linked from the user's minimum-label home directory to the user's home directory at the current label.

The Solaris Trusted Extensions dtsession program performs an updatehome whenever a newly labeled workspace is created so that the user's favorite files are available for use. For example, the user probably wants a symlink to such files as .profile, .login, .cshrc, .exrc, .mailrc, and ~/bin. The updatehome command provides a convenient mechanism for accomplishing this symlink. The user can add files to those to be copied (.copy_files) and to those to be symbolically linked (.link_files).

Options

-c: Replace existing home-directory copies at the current label. The default is to skip over existing copies.
-i: Ignore errors encountered. The default aborts on error.
-r: Replace existing home-directory copies or symbolic links at the current label. This option implies options -c and -s. The default is to skip over existing copies or symbolic links.
-s: Replace existing home-directory symbolic links at the current label. The default is to skip over existing symbolic links.

Return Values

Upon success, updatehome returns 0. Upon failure, updatehome returns 1 and writes diagnostic messages to standard error.

Examples

Example 1 A Sample `.copy_files` File

The files that are listed in .copy_files can be modified at every user's label.

.cshrc 
.mailrc 
.mozilla/bookmarks.html

Example 2 A Sample `.link_files` File

The files that are listed in .link_files can be modified at the lowest label. The changes propagate to the other labels that are available to the user.

~/bin
.mozilla/preferences
.xrc
.rhosts

Example 3 Updating the Linked and Copied Files

The .copy_files and .link_files were updated by the user at the minimum label. At a higher label, the user refreshes the copies and the links. No privileges are required to run the command.

% updatehome -r

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
Stability	Stable

Files

$HOME/.copy_files: List of files to be copied
$HOME/.link_files: List of files to be symbolically linked

이 책의 내용보기:

Contained Within

Find More Documentation

Featured Support Resources

System Administration Commands

add_allocatable(1M)

NAME

Synopsis

Description

Options

Errors

Attributes

See Also

atohexlabel(1M)

NAME

Synopsis

Interface Level

Description

Options

Exit Status

Files

Attributes

See Also

Notes

chk_encodings(1M)

NAME

Synopsis

Interface Level

Description

Options

Errors

Attributes

Files

See Also

Notes

hextoalabel(1M)

NAME

Synopsis

Interface Level

Description

Options

Exit Status

Attributes

Files

See Also

Notes

remove_allocatable(1M)

NAME

Synopsis

Description

Options

Errors

Attributes

See Also

smtnrhdb(1M)

NAME

Synopsis

Description

Options

auth_args

subcommand_args

Examples

Example 1 Specifying the Template Name for a Wildcard IP Address

Example 2 Deleting an Entry in the tnrhdb Database

Exit Status

Files

Attributes

See Also

smtnrhtp(1M)

NAME

Synopsis

Description

Options

auth_args

subcommand_args

Examples

Example 1 Adding a New Entry to the Network Template Database

Exit Status

Files

Attributes

`auth_args`

`subcommand_args`

Example 2 Deleting an Entry in the `tnrhdb` Database

`auth_args`

`subcommand_args`

`auth_args`

`subcommand_args`

Example 3 Displaying the `cipso` Template Definition

Example 1 A Sample `.copy_files` File

Example 2 A Sample `.link_files` File