Trusted Solaris Operating System - Technical FAQs

Question

How do I set up auditing of remote access from an unlabeled host?

Answer

You set up auditing of remote users the same way you set it up for local users.

In Trusted Solaris 2.5.1, the audit user ID (AUID) is obtained from the application. Default attributes supplied in the tnrhtp(4TSOL) template for an unlabeled host are not used. When anyone uses ftp(1), telnet(1), or rlogin(1) from an unlabeled host, the user enters a username while logging in. When anyone uses rcp(1) or rsh(1), the application passes the username from the remote host to the local host. The UID that is associated with the username in the Trusted Solaris system is used as the AUID.

See the Procedure. For definitions of unfamiliar terms, background information, and detailed procedures, go to manuals listed in Related Documentation.

Procedure

1. Assume the admin role.
2. Use the User Manager to create a user account for every user you want to be able to access the Trusted Solaris system from the unlabeled host.
3. Assume the secadmin role.
4. Use the User Manager to assign the desired security attributes to each account (for example, you should set the minimum and maximum label equal to the single label that is assigned to the host) and unlock the account.
5. Use the Database Manager to create an appropriate template in the tnrhtp(4TSOL) file to apply to the remote unlabeled host.
6. Specify the UID and other security attributes in the template.NOTE: Do not supply any values in the default audit fields.
7. Use the Database Manager to edit the tnrhdb(4TSOL) file and assign the template to the host's IP address.
8. Use the Audit Control action to specify the desired system-wide audit flags in the the audit_control(4TSOL) file.
9. Use the Audit User action to specify any desired audit flags for the users in the audit_user(4TSOL) file.

Related Documentation

Setting up a new user account requires understanding how administrative roles manage users, as described in the Trusted Solaris Administrator's Procedures manual, Chapter 3, "Managing User Accounts," and Chapter 5, "Using the User Manager to Set Up User and Role Accounts," especially the section titled, " Setting Up or Modifying a User or Role Account." Setting up trusted network database entries for an unlabeled host requires the knowledge described in Chapter 10, "Specifying Security Attributes in Trusted Network Databases," in the administrator's procedures manual. Setting up auditing requires the knowledge described in the Trusted Solaris Audit Administration manual.

Applies to Trusted Solaris Release

1.2, 2.5, 2.5.1