Managing Auditing in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014

How to Configure the audit_warn Email Alias

The /etc/security/audit_warn script generates mail to notify the administrator of audit incidents that might need attention. You can customize the script and you can send the mail to an account other than root.

If the perzone policy is set, the non-global zone administrator must configure the audit_warn email alias in the non-global zone.

Before You Begin

You must become an administrator who is assigned the solaris.admin.edit/etc/security/audit_warn authorization. By default, only the root role has this authorization. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  • Configure the audit_warn email alias.

      Choose one of the following options:

    • Replace the audit_warn email alias with another email account in the audit_warn script.

      Change the audit_warn email alias in the ADDRESS line of the script to another address:

      #ADDRESS=audit_warn            # standard alias for audit alerts
      ADDRESS=audadmin               # role alias for audit alerts

      Note -  For information about the effects of modifying an audit configuration file, see Audit Configuration Files and Packaging.
    • Redirect the audit_warn email to another mail account.

      Add the audit_warn email alias to the appropriate mail aliases file. You could add the alias to the local /etc/mail/aliases file or to the mail_aliases database in the name space. The /etc/mail/aliases entry would resemble the following example if the root and audadmin email accounts were added as members of the audit_warn email alias:

      audit_warn: root,audadmin

      Then, run the newaliases command to rebuild the random access database for the aliases file.

      # newaliases
      /etc/mail/aliases: 14 aliases, longest 10 bytes, 156 bytes total