Use this procedure to audit administrative commands, system access, and other significant events as specified by your site security policy.
Before You Begin
You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
# usermod -K audit_flags=cusa:no username
# rolemod -K audit_flags=cusa:no rolename
The audit classes that the cusa meta-class includes are listed in the /etc/security/audit_class file.
# auditconfig -setpolicy +argv
# auditconfig -setpolicy +arge
An alternative to this procedure is to audit all successful or failed events that use privilege. For information, see New Feature – Per-Privilege Logging of Audit Events.