Ubuntu 22.04 Ensure audit=1 option is configured in the 'options' line in /boot/loader/entries/*.conf. Make sure that newly installed kernels will retain this option, it should be configured in /etc/kernel/cmdline as well. ^/boot/loader/entries/.*.conf ^options (.*)$ 1 ^(?:.*\s)?audit=1(?:\s.*)?$ ^/etc/kernel/cmdline ^(.*)$ 1 ^(?:.*\s)?audit=1(?:\s.*)?$