The /etc/security/audit_warn script generates mail to notify the administrator of audit incidents that might need attention. You can customize the script and you can send the mail to an account other than root.
If the perzone policy is set, the non-global zone administrator must configure the audit_warn email alias in the non-global zone.
Before You Begin
You must become an administrator who is assigned the solaris.admin.edit/etc/security/audit_warn authorization. By default, only the root role has this authorization. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
Choose one of the following options:
Replace the audit_warn email alias with another email account in the audit_warn script.
Change the audit_warn email alias in the ADDRESS line of the script to another address:
#ADDRESS=audit_warn # standard alias for audit alerts ADDRESS=audadmin # role alias for audit alerts
Redirect the audit_warn email to another mail account.
Add the audit_warn email alias to the appropriate mail aliases file. You could add the alias to the local /etc/mail/aliases file or to the mail_aliases database in the name service. The /etc/mail/aliases entry would resemble the following example if the root and audadmin email accounts were added as members of the audit_warn email alias:
audit_warn: root,audadmin
Then, run the newaliases command to rebuild the random access database for the aliases file.
# newaliases /etc/mail/aliases: 14 aliases, longest 10 bytes, 156 bytes total