The /etc/security/audit_warn script generates mail to notify the administrator of audit incidents that might need attention. You can customize the script and you can send the mail to an account other than root.
Before You Begin
The root role can perform every task in this procedure.
If administrative rights are distributed in your organization, note the following:
An administrator who is assigned the solaris.admin.edit/etc/security/audit_warn authorization can modify the alias.
An administrator with the Mail Management rights profile can run the newaliases command.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
For example:
#ADDRESS=audit_warn # standard alias for audit alerts ADDRESS=audadmin # role alias for audit alerts
In the following sample /etc/mail/aliases entry, the root and audadmin email accounts were added as members of the audit_warn email alias.
audit_warn: root,audadmin
$ pfexec newaliases /etc/mail/aliases: 14 aliases, longest 10 bytes, 156 bytes total