audit_user

In most cases, the audit_user map is created from the /etc/security/audit_user file. A typical line looks like this:

user_name:always_audit_flags:never_audit_flags

For example:

root:lo:no
wily:lo,am:io,cl
kris:lo,ex,+fc,-fr,-fa:io,cl

For the audit_user map, entries are defined like this:

  • Key is the user name: root
  • Value takes the following format: user_name:always_audit_flags:never_audit_flags

If you create an audit_user map in Active Directory, you must include the key as part of the value. For example:

  • Key: root
  • Value: root:lo:no

This map is only applicable for Solaris.