Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Solaris Trusted Extensions Administrator's Procedures
Previous Next

Secure Remote Administration in Trusted Extensions

By default, Trusted Extensions does not allow remote administration. Remote administration would present a significant security risk if users on remote untrusted systems could administer systems that are configured with Trusted Extensions. Therefore, systems are initially installed without the option of being remotely administered.

Until the network is configured, all remote hosts are assigned the admin_low security template. Therefore, the CIPSO protocol is not used or accepted for any connections. While in this initial state, systems are protected from remote attacks by several mechanisms. Mechanisms include netservices settings, default login policy, and PAM policy.

  • When the netservices Service Management Facility (SMF) profile is set to limited, no remote services except secure shell are enabled. However, the ssh service cannot be used for remote logins because of the login and PAM policies.

  • The root account cannot be used for remote logins because the default policy for CONSOLE in the /etc/default/login file prevents remote logins by root.

  • Two PAM settings also affect remote logins.

    The pam_roles module always rejects local logins from accounts of type role. By default, this module also rejects remote logins. However, the system can be configured to accept remote logins by specifying allow_remote in the system's pam.conf entry.

    Additionally, the pam_tsol_account module rejects remote logins into the global zone unless the CIPSO protocol is used. The intent of this policy is for remote administration to be performed by another Trusted Extensions system.

To enable remote login functionality, both systems must assign their peer to a CIPSO security template. If this approach is not practical, the network protocol policy can be relaxed by specifying the allow_unlabeled option in the pam.conf file. If either policy is relaxed, the default network template must be changed so that arbitrary machines cannot access the global zone. The admin_low template should be used sparingly, and the tnrhdb database should be modified so that the wildcard address does not default to the ADMIN_LOW label. For details, see Administering Trusted Extensions Remotely (Task Map) and How to Limit the Hosts That Can Be Contacted on the Trusted Network.

Previous Next

  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire