diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/audit/audit-rules.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/audit/audit-rules.service
deleted file mode 100644
index 8c54802fb5..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/audit/audit-rules.service
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Description=Load Security Auditing Rules
-DefaultDependencies=no
-After=local-fs.target systemd-tmpfiles-setup.service
-Conflicts=shutdown.target
-Before=sysinit.target shutdown.target
-ConditionSecurity=audit
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/sbin/augenrules --load
-ExecStop=-/sbin/auditctl -D
-
-[Install]
-WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r6.ebuild
similarity index 96%
rename from sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r6.ebuild
index e0688455e7..a66ef091a8 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r5.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r6.ebuild
@@ -33,7 +33,7 @@ RDEPEND="
         >=app-shells/bash-5.2_p15-r2
         ntp? ( >=net-misc/ntp-4.2.8_p17 )
         policycoreutils? ( >=sys-apps/policycoreutils-3.6 )
-        audit? ( >=sys-process/audit-3.1.1 )
+        audit? ( >=sys-process/audit-4.0.1-r1 )
 "
 
 declare -A CORE_BASH_SYMLINKS
@@ -166,10 +166,7 @@ src_install() {
             # Upstream wants these to have restrictive perms.
             fperms 0640 "/etc/audit/rules.d/${name}"
         done
-        # Install a service that loads the rules (it's possibly
-        # something that a deamon does, but in our case the daemon is
-        # disabled by default).
-        systemd_dounit "${FILESDIR}/audit/audit-rules.service"
+        # Enable audit-rules.service by default.
         systemd_enable_service multi-user.target audit-rules.service
     fi