Installing a BAS /EAL4+ system

RBAC is automatically enabled when this option is selected.

To set the BAS/EAL4+ option during a BOS installation, do the following:

In the Installation and Settings screen, select More Options.
Under More Options, select Yes for the BAS/EAL4+ option, and if you are using WPAR, select No for the TCB option. If you are using a customized bosinst.data file for a nonprompted installation, the TCB option can be set to Yes.

Disable remote root login for a BAS installation. To disable remote root login, run the following command after installation:

/usr/bin/chuser rlogin=false subgroups=SUADMIN root

Add administrative users to the SUADMIN group so they can su to root.

The Enable BAS and EAL4+ Technology option is available only under the following conditions:

The installation method is set to new and complete overwrite installation.
The English language is selected.
The 64-bit kernel is enabled.
The enhanced journaled file system (JFS2) is enabled.

When the Enable BAS and EAL4+ Technology option is set to Yes, the Trusted Computing Base option is also set to Yes, and the only valid Desktop choices are NONE or CDE.

If you are performing a non-prompted installation using a customized bosinst.data file, the INSTALL_TYPE field must be set to CC_EVAL and the following fields must be set as follows:

control_flow:
	CONSOLE = ???
	PROMPT = yes
	INSTALL_TYPE = CC_EVAL
	INSTALL_METHOD = overwrite
	TCB = yes
	DESKTOP = NONE or CDE
	ENABLE_64BIT_KERNEL = yes
	CREATE_JFS2_FS = yes
	ALL_DEVICES_KERNELS = no
	HTTP_SERVER_BUNDLE = no
	KERBEROS_5_BUNDLE = no
	SERVER_BUNDLE = no
	ALT_DISK_INSTALL_BUNDLE = no

locale:
	CULTURAL_CONVENTION = en_US or C
	MESSAGES = en_US or C

For more information about RBAC, see Role Based Access Control (RBAC).