The /etc/security/audit_startup script automatically configures the auditing service when the system enters multiuser mode. The auditd daemon starts after the script performs the following tasks:
Configures the audit event-class mappings
Sets the audit policy options
For more information, see the audit_startup(1M) man page.