Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
Like this article? We recommend

Summary

Trusted Solaris OE provides a unique solution to Service Providers who want to expand their customer services while minimizing the cost of hardware, administration, and total cost of ownership. Lightly loaded servers can be consolidated without exposing private customer data. It should not be surprising that the Trusted Solaris OE can provide the necessary containment. Although its history predates that of the Web, its features have always been designed to provide this kind of compartmented operation. While other technologies such as jails4 in Free BSD, and Trusted Linux6, offer partial solutions, the strength of Trusted Solaris OE lies in the consistency of its security policy. The ability to communicate at multiple labels while compartmentalizing communication with external hosts provides both flexibility and containment. Clients on remote hosts are subject to the MAC policy even though they are unaware of its existence.

Since Trusted Solaris OE provides complete binary compatibility with the Solaris OE, it is not necessary to rewrite or recompile applications to take advantage of these features. Although additional configuration files must be maintained, almost the entire configuration can be set up with graphical tools. As a convenience to the reader, the actual configuration files described in this article are available for download from the Sun BluePrints Web site. Several scripts are also provided to automate the setup of customer accounts and web servers.

Samples of the following databases discussed in this article are available from the Scripts and Tools page on the Sun BluePrints Web site (http://sun.com/blueprints/tools/tsolsp-scripts_license.html).

TABLE 4 Configuration Files and Scripts Available for Download

label_encodings

Definition of classifications and compartments

mkcustomer

Configures a customer account

mkwebserver

Configures a customer web server

apache

Init script to start Apache at multiple labels

http.conf

Sample web server configuration

apachectl

Apache control script called by apache (above)

suexec.c

Source code changes to suEXEC

Makefile

Makefile changes to compile suEXEC


For a more complete description of Trusted Solaris OE concepts take a look at the Administrative Overview section in the Trusted Solaris Answerbook at: http://docs.sun.com 7.

  • + Share This
  • 🔖 Save To Your Account