没有合适的资源?快使用搜索试试~ 我知道了~
Oracle Solaris 10 Trusted Extensions Configuration Guide-176
需积分: 5 0 下载量 112 浏览量
2023-06-19
15:15:54
上传
评论
收藏 1.89MB PDF 举报
温馨提示
试读
176页
Oracle Solaris 10 Trusted Extensions Configuration Guide-176
资源推荐
资源详情
资源评论
Trusted Extensions Conguration Guide
Part No: 820–3508–15
April 2012
Copyright © 1994, 2012, Oracle and/or its aliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual
property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software,
unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you nd any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is
applicable:
U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or
documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specic supplemental regulations. As such, use, duplication, disclosure, modication, and adaptation of the programs, including any operating system,
integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the
programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently
dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall
be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its aliates disclaim any
liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its aliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered
trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro
Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and
its aliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation
and its aliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
Ce logiciel et la documentation qui l’accompagne sont protégés par les lois sur la propriété intellectuelle. Ils sont concédés sous licence et soumis à des restrictions
d’utilisation et de divulgation. Sauf disposition de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diuser, modier, breveter,
transmettre, distribuer, exposer, exécuter, publier ou acher le logiciel, même partiellement, sous quelque forme et par quelque procédé que ce soit. Par ailleurs, il est
interdit de procéder à toute ingénierie inverse du logiciel, de le désassembler ou de le décompiler, excepté à des ns d’interopérabilité avec des logiciels tiers ou tel que
prescrit par la loi.
Les informations fournies dans ce document sont susceptibles de modication sans préavis. Par ailleurs, Oracle Corporation ne garantit pas qu’elles soient exemptes
d’erreurs et vous invite, le cas échéant, à lui en faire part par écrit.
Si ce logiciel, ou la documentation qui l’accompagne, est concédé sous licence au Gouvernement des Etats-Unis, ou à toute entité qui délivre la licence de ce logiciel
ou l’utilise pour le compte du Gouvernement des Etats-Unis, la notice suivante s’applique:
U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or
documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specic supplemental regulations. As such, use, duplication, disclosure, modication, and adaptation of the programs, including any operating system,
integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the
programs. No other rights are granted to the U.S. Government.
Ce logiciel ou matériel a été développé pour un usage général dans le cadre d’applications de gestion des informations. Ce logiciel ou matériel n’est pas conçu ni n’est
destiné à être utilisé dans des applications à risque, notamment dans des applications pouvant causer des dommages corporels. Si vous utilisez ce logiciel ou matériel
dans le cadre d’applications dangereuses, il est de votre responsabilité de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesures
nécessaires à son utilisation dans des conditions optimales de sécurité. Oracle Corporation et ses aliés déclinent toute responsabilité quant aux dommages causés
par l’utilisation de ce logiciel ou matériel pour ce type d’applications.
Oracle et Java sont des marques déposées d’Oracle Corporation et/ou de ses aliés. Tout autre nom mentionné peut correspondre à des marques appartenant à
d’autres propriétaires qu’Oracle.
Intel et Intel Xeon sont des marques ou des marques déposées d’Intel Corporation. Toutes les marques SPARC sont utilisées sous licence et sont des marques ou des
marques déposées de SPARC International, Inc. AMD, Opteron, le logo AMD et le logo AMD Opteron sont des marques ou des marques déposées d’Advanced Micro
Devices. UNIX est une marque déposée d’The Open Group.
Ce logiciel ou matériel et la documentation qui l’accompagne peuvent fournir des informations ou des liens donnant accès à des contenus, des produits et des services
émanant de tiers. Oracle Corporation et ses aliés déclinent toute responsabilité ou garantie expresse quant aux contenus, produits ou services émanant de tiers. En
aucun cas, Oracle Corporation et ses aliés ne sauraient être tenus pour responsables des pertes subies, des coûts occasionnés ou des dommages causés par l’accès à
des contenus, produits ou services tiers, ou à leur utilisation.
120405@25097
Contents
Preface ...................................................................................................................................................13
1 Security Planning forTrusted Extensions ....................................................................................... 19
Planning for Security in Trusted Extensions .................................................................................... 19
Understanding Trusted Extensions ........................................................................................... 20
Understanding Your Site's Security Policy ............................................................................... 20
Planning Who Will Congure Trusted Extensions ................................................................. 21
Devising a Label Strategy ............................................................................................................ 21
Planning System Hardware and Capacity for Trusted Extensions ........................................ 22
Planning Your Trusted Network ................................................................................................ 22
Planning Your Labeled Zones in Trusted Extensions ............................................................. 23
Planning for Multilevel Access ................................................................................................... 25
Planning for the LDAP Naming Service in Trusted Extensions ............................................. 25
Planning for Auditing in Trusted Extensions ........................................................................... 26
Planning User Security in Trusted Extensions ......................................................................... 26
Devising a Conguration Strategy for Trusted Extensions .................................................... 27
Resolving Additional Issues Before Enabling Trusted Extensions ........................................ 29
Backing Up the System Before Enabling Trusted Extensions ................................................ 29
Results of Enabling Trusted Extensions From an Administrator's Perspective ........................... 30
2 Conguration Roadmap forTrusted Extensions ............................................................................ 31
Task Map: Preparing an Oracle Solaris System for Trusted Extensions ....................................... 31
Task Map: Preparing For and Enabling Trusted Extensions ......................................................... 31
Task Map: Conguring Trusted Extensions .................................................................................... 33
3 AddingTrusted Extensions Software to the Oracle Solaris OS (Tasks) .......................................37
Initial Setup Team Responsibilities ................................................................................................... 37
3
Installing or Upgrading the Oracle Solaris Operating System for Trusted Extensions .............. 38
▼ Install an Oracle Solaris System to Support Trusted Extensions ............................................ 38
▼ Prepare an Installed Oracle Solaris System for Trusted Extensions ...................................... 39
Collecting Information and Making Decisions Before Enabling Trusted Extensions ................ 41
▼ Collect System Information Before Enabling Trusted Extensions ........................................ 41
▼ Make System and Security Decisions Before Enabling Trusted Extensions ......................... 42
Enabling the Trusted Extensions Service ......................................................................................... 44
▼ Enable Trusted Extensions .........................................................................................................44
4 ConguringTrusted Extensions (Tasks) ..........................................................................................47
Setting Up the Global Zone in Trusted Extensions ......................................................................... 47
▼ Check and Install Your Label Encodings File ........................................................................... 48
▼ Enable IPv6 Networking in Trusted Extensions ...................................................................... 52
▼ Congure the Domain of Interpretation .................................................................................. 52
▼ Create ZFS Pool for Cloning Zones ........................................................................................... 54
▼ Reboot and Log In to Trusted Extensions ................................................................................. 55
▼ Initialize the Solaris Management Console Server in Trusted Extensions ............................ 56
▼ Make the Global Zone an LDAP Client in Trusted Extensions .............................................. 59
Creating Labeled Zones ...................................................................................................................... 62
▼ Run the txzonemgr Script ........................................................................................................... 63
▼ Congure the Network Interfaces in Trusted Extensions ....................................................... 64
▼ Name and Label the Zone ........................................................................................................... 68
▼ Install the Labeled Zone .............................................................................................................. 70
▼ Boot the Labeled Zone ................................................................................................................. 71
▼ Verify the Status of the Zone ....................................................................................................... 72
▼ Customize the Labeled Zone ...................................................................................................... 74
▼ Copy or Clone a Zone in Trusted Extensions ........................................................................... 75
Adding Network Interfaces and Routing to Labeled Zones ........................................................... 77
▼ Add a Network Interface to Route an Existing Labeled Zone ................................................. 77
▼ Add a Network Interface That Does Not Use the Global Zone to Route an Existing Labeled
Zone ............................................................................................................................................... 79
▼ Congure a Name Service Cache in Each Labeled Zone ......................................................... 83
Creating Roles and Users in Trusted Extensions ............................................................................. 84
▼ Create Rights Proles That Enforce Separation of Duty ......................................................... 85
▼ Create the Security Administrator Role in Trusted Extensions ............................................. 88
Contents
Trusted Extensions Conguration Guide • April 20124
▼ Create a Restricted System Administrator Role ....................................................................... 90
▼ Create Users Who Can Assume Roles in Trusted Extensions ................................................ 90
▼ Verify That the Trusted Extensions Roles Work ..................................................................... 93
▼ Enable Users to Log In to a Labeled Zone ................................................................................. 95
Creating Home Directories in Trusted Extensions ......................................................................... 95
▼ Create the Home Directory Server in Trusted Extensions ...................................................... 95
▼ Enable Users to Access Their Home Directories in Trusted Extensions ............................... 96
Adding Users and Hosts to an Existing Trusted Network .............................................................. 98
▼ Add an NIS User to the LDAP Server ........................................................................................ 98
Troubleshooting Your Trusted Extensions Conguration .......................................................... 100
netservices limited Was Run After Trusted Extensions Was Enabled ......................... 100
Cannot Open the Console Window in a Labeled Zone ......................................................... 100
Labeled Zone Is Unable to Access the X Server ...................................................................... 101
Additional Trusted Extensions Conguration Tasks ................................................................... 103
▼ How to Copy Files to Portable Media in Trusted Extensions ............................................... 103
▼ How to Copy Files From Portable Media in Trusted Extensions ......................................... 105
▼ How to Remove Trusted Extensions From the System ......................................................... 106
5 Conguring LDAP for Trusted Extensions (Tasks) ........................................................................ 107
Conguring an LDAP Server on a Trusted Extensions Host (Task Map) .................................. 107
Conguring an LDAP Proxy Server on a Trusted Extensions Host (Task Map) ....................... 108
Conguring the Sun Java System Directory Server on a Trusted Extensions System ............... 109
▼ Collect Information for the Directory Server for LDAP ....................................................... 109
▼ Install the Sun Java System Directory Server .......................................................................... 110
▼ Create an LDAP Client for the Directory Server .................................................................... 112
▼ Congure the Logs for the Sun Java System Directory Server .............................................. 114
▼ Congure a Multilevel Port for the Sun Java System Directory Server ................................ 115
▼ Populate the Sun Java System Directory Server ...................................................................... 116
Creating a Trusted Extensions Proxy for an Existing Sun Java System Directory Server ......... 119
▼ Create an LDAP Proxy Server ................................................................................................... 119
Conguring the Solaris Management Console for LDAP (Task Map) ....................................... 120
▼ Register LDAP Credentials With the Solaris Management Console ................................... 120
▼ Enable the Solaris Management Console to Accept Network Communications ............... 121
▼ Edit the LDAP Toolbox in the Solaris Management Console .............................................. 122
▼ Verify That the Solaris Management Console Contains Trusted Extensions
Contents
5
剩余175页未读,继续阅读
资源评论
weixin_40191861_zj
- 粉丝: 64
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功