Installing the Trusted Solaris Operating Environment

Installation and configuration of the Trusted Solaris environment involves more than loading executable files, entering your site's data, and setting configuration variables; it requires considerable background for making decisions related to your site's security policies. Trusted Solaris provides a unique environment based on the following concepts:

• Superuser has been eliminated. No one can log in as or su to root.

• Users are limited to those applications necessary for performing their jobs.

• Capabilities formerly assigned to superuser are available to separate, discrete "roles" to be assigned to a limited number of users.

• In addition to UNIX permissions, access to data is controlled by special security tags called sensitivity labels which are assigned to users and objects (such as data files and directories).

• The ability to override security policy can be assigned to specific users and applications.

To familiarize yourself with the Trusted Solaris environment, you should at a minimum read the Trusted Solaris User's Guide and the Trusted Solaris Administration Overview. You should also be familiar with the rest of the documentation set, which is described in the "Trusted Solaris 7 Documentation Set". It is highly recommended that you attend a "Trusted Solaris for System Administrators" course, available from Sun Educational Services at http://suned.sun.com/catalog/index.html. Ask your Sun account representative to help you schedule it.

Before installing, you should read the Trusted Solaris Installation and Configuration manual thoroughly so that you can devise an installation strategy. Other useful information for the installation process is contained Solaris 7 Installation Collection. The manual, Solaris 7 8/99 Sun Hardware Platform Guide, contains important information in the following chapters:

• "Supported Sun Hardware" in Solaris 7 8/99 Sun Hardware Platform Guide

• "Updating the Flash PROM on the Ultra 1, Ultra 2, Ultra 450, and Sun Enterprise 450 Systems"

• "Updating the Flash PROM on the Sun Enterprise 3 x 00, 4 x 00, 5 x 00, and 6 x 00 Systems"

  ---

  Note -

  Ultra(TM) 1, 2, 450, and Sun Enterprise(TM) 450, 3x00, 4x00, 5x00, and 6x00 systems need a Flash PROM upgrade to enable 64 bit operations. The previous two chapters mentioned above describe how to do the upgrade if 64 bit operation is desired.

  ---

• "Installing the Solaris Operating Environment With the SPARCstorage Array" in Solaris 7 8/99 Sun Hardware Platform Guide

Do not use "Alternate Pathing 2.2 on the Sun Enterprise 10000 Server" and "Solaris 7 8/99 on the Sun Enterprise 10000 Server". Instead follow the instructions in Trusted Solaris 7 Installation and Configuration on the Sun Enterprise 10000.

Although there are a lot of similarities between installing the Trusted Solaris 7 and Solaris 7 operating environments there are major differences as well, such as:

• You cannot upgrade from a Solaris to a Trusted Solaris environment.

• The disk space requirements differ between the two products.

• Solaris Web Start installation is not supported.

The additional procedures required for a trusted system are provided in the Trusted Solaris Installation and Configuration with pointers to other relevant documentation.