Configuring C-2 Level Security in Solaris
Home -> UNIX -> Solaris -> Security
From the computer of: indianboy 
(8 recipes)
Created: Nov 12, 2003
Add a comment
Add to: 
According to the Orange Book , the operating system security is evaluated and categorised into different levels such as D, C1, C2, B1 etc ... Normally all operating systems in the market tend to have the C1 level of security while Trusted Solaris 8 is B-level certified .While Solaris OE comes with C1 certification , It can be converted to C2 level certification with minimal effort .......
According to the Orange Book , the operating system security is evaluated and categorised into different levels such as D, C1, C2, B1 etc ...
Normally all operating systems in the market tend to have the C1 level of security while Trusted Solaris 8 is B-level certified .While Solaris OE comes with C1 certification .It can be converted to C2 level certification with minimal effort
Here are the steps for Configuring Solaris to C2 level security ...
cd /etc/security
There is a script in the directory bsmconv which when executed will convert the C1 level security to C2 level security.
./bsmconv
when this script is executed what actually happens is a comprehensive set of logging, log auditing and log monitoring tools are installed on the system which can be used for creating audit trails.
Note : The STOP+A keyboard abort facility will be disabled and for enabling it . the specific entry in the /etc/default/kbd file has to be commented out.
This is just the tip of the iceberg but this is just a jump off point to get started , there are some files to be edited in the /etc/security directory.
To Disable the C-2 Level security or BSM
1. cd /etc/security
2. Execute bsmunconv
./bsmunconv
I will be bringing about some examples for the same.
Note : BSM if configured incorrectly on production system can fill up you /var slice which may degrade system performance and worst case scenarios include rendering the system unusable .......
Subscribe to the Tech-Recipes Newsletter
You can get tips like this delivered in your email every week!
We will never, ever sell your email address or spam you.
Related recipes:
RBAC: Solaris Role Based Access Control basics
To log all Telnet , FTP Connections to a Solaris Machine
Change the Solaris telnet banner
Prevent Solaris users from changing file ownership (chown)
Adding BANNER information in Solaris ......
Solaris: create ssh keys for quick server logins
Sponsored links
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.Search
Tech Recipes
· Home
· Mac OS X
· Solaris
· Windows
· Programming
· UNIX
· Cisco
· MySQL
· Google
· Instant messaging
· Add recipes
· Leave feedback
· Recommend us
· RSS Syndication
Hot recipes
Make XP look like Windows Vista / Longhorn for free!
XP: Small, Free Way to Use and Mount Images (ISO files) Without Burning Them
Hacks to Beat Rapidshare Download Limits and Waiting Time
Vista: Should I Install 64-bit or 32-bit Version? (x64 vs x86)
How Do I Use or Open Bin, Cue, or ISO Files?
MySpace Hack: View Pictures and Comments on a Private Profile
SMS through E-Mail: Cingular, Nextel, Sprint, T-Mobile, Verizon, Virgin Mobile
MySpace: Hack to Dowload Any Song on Myspace
Who's Online
There are currently, 1811 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
Information
Wish to advertise with us?
All logos and trademarks in this site are property of their respective owner. The comments and forum posts are property of their posters, all the rest © 2003-2007 by QD Ideas, LLC.
Users of this site are legally bound by the Terms and conditions and Disclaimer. Do not use this web site if you do not agree with these policies.
The members, admins, and authors of this website respect your privacy.
Page Generation: 0.82 Seconds
Mon Sep 8 0:55:01 2008