System configuration

Edit online

Certain steps must be taken by the ISSO and SA to properly configure the system. The ISSO is primarily responsible for managing security, while the SA is primarily responsible for daily administration.

The ISSO performs the following tasks:

Installs and configures the basic security functionality, including system auditing, accounting, and security for allocatable devices.
Edits the system startup scripts in the /etc/rc.mls and /etc/rc.mls.boot files to meet the site security policy.
Note: Any changes made to the system startup scripts are not part of the evaluated configuration and must be addressed before accrediting the system.
Configures the system-wide login parameters.
Configures the system-wide password parameters.
Configures the SL range for tty devices that allow users to log in to the SL ranges specified for the tty port. See the chsec command for more information.
Configures system device SLs for tape drives and floppy disk drives. See the setsecattr command for more information.
Configures the site-configurable security features of the system.
Note: Any changes made to the configurable security features are not part of the evaluated configuration and must be addressed before accrediting the system. Changing the default configuration settings can result in the system operating in a less-secure mode.
Configures the trusted security database for trusted boot and trusted recovery. See the trustchk command for more information.
Configures the user groups on the system.

The ISSO and SA work together to configure printers. The SA configures the printers for the system and the ISSO configures the SL range for the printers.