Ubuntu 22.04 Ensure audit=1 argument is present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline. ^/boot/loader/entries/ostree-2.*.conf ^/boot/loader/entries/ostree-1.*.conf ^options (.*)$ 1 ^(?:.*\s)?audit=1(?:\s.*)?$ ^/boot/loader/entries/ostree-2.*.conf ^options (.*)$ 1 ^(?:.*\s)?audit=1(?:\s.*)?$ ^/proc/cmdline ^BOOT_IMAGE(.*)$ 1 ^(?:.*\s)?audit=1(?:\s.*)?$