In a Trusted Solaris environment, audit directories, such as the /etc/security/audit/system_name directory and the files directory directly beneath it, should be protected at the label admin_high. Permissions should be 750.
admin_high