diff --git a/pkg/auditd/auditd.conf b/pkg/auditd/auditd.conf
index a9bf4c9db..e3a178b5d 100644
--- a/pkg/auditd/auditd.conf
+++ b/pkg/auditd/auditd.conf
@@ -9,7 +9,7 @@ flush = INCREMENTAL_ASYNC
 freq = 50
 priority_boost = 4
 disp_qos = lossy
-dispatcher = /sbin/audispd
+dispatcher = /usr/sbin/audispd
 name_format = NONE
 ##name = mydomain
 max_log_file_action = ROTATE
diff --git a/pkg/auditd/runaudit.sh b/pkg/auditd/runaudit.sh
index 3bf1b9e92..618497347 100755
--- a/pkg/auditd/runaudit.sh
+++ b/pkg/auditd/runaudit.sh
@@ -2,4 +2,4 @@
 
 # load the audit rules into the kernel
 auditctl -R /etc/audit/audit.rules
-exec /sbin/auditd -f
+exec /usr/sbin/auditd -f
diff --git a/test/cases/040_packages/033_auditd/check.sh b/test/cases/040_packages/033_auditd/check.sh
new file mode 100755
index 000000000..a040a6d92
--- /dev/null
+++ b/test/cases/040_packages/033_auditd/check.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+for i in $(seq 1 20); do
+	if grep "Init complete" /var/log/auditd.log 2>/dev/null; then
+		printf "auditd test suite PASSED\n" > /dev/console
+		/sbin/poweroff -f
+	fi
+	sleep 1
+done
+
+printf "auditd test suite FAILED\n" > /dev/console
+echo "contents of /var/log/auditd.log:" > /dev/console
+cat /var/log/auditd.log > /dev/console
+/sbin/poweroff -f
diff --git a/test/cases/040_packages/033_auditd/test.sh b/test/cases/040_packages/033_auditd/test.sh
new file mode 100644
index 000000000..14939169f
--- /dev/null
+++ b/test/cases/040_packages/033_auditd/test.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+# SUMMARY: Check that the auditd package works
+# LABELS:
+# REPEAT:
+
+set -e
+
+# Source libraries. Uncomment if needed/defined
+#. "${RT_LIB}"
+. "${RT_PROJECT_ROOT}/_lib/lib.sh"
+NAME=auditd
+
+clean_up() {
+	rm -rf ${NAME}-*
+}
+trap clean_up EXIT
+
+# Test code goes here
+linuxkit build -disable-content-trust -format kernel+initrd -name "${NAME}" test.yml
+RESULT="$(linuxkit run ${NAME})"
+echo "${RESULT}"
+echo "${RESULT}" | grep -q "suite PASSED"
+
+exit 0
diff --git a/test/cases/040_packages/033_auditd/test.yml b/test/cases/040_packages/033_auditd/test.yml
new file mode 100644
index 000000000..b5659047a
--- /dev/null
+++ b/test/cases/040_packages/033_auditd/test.yml
@@ -0,0 +1,30 @@
+kernel:
+  image: linuxkit/kernel:5.10.34
+  cmdline: "console=ttyS0 console=ttyAMA0"
+init:
+  - linuxkit/init:78fb57c7da07c4e43c3a37b27755581da087a3b6
+  - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
+  - linuxkit/containerd:cc02c2af9c928c2faeccbe4edc78bd297ad91866
+  - linuxkit/memlogd:9b0e8a5b3f67672234170d88833163caf7898984
+services:
+  - name: auditd
+    image: linuxkit/auditd:d777dd0fc555d81ecf55cfbcfa6053a983257246
+  - name: logwrite
+    image: linuxkit/logwrite:e64e0f06e485e3542b58f3517da3bc13f246d208
+  - name: test
+    image: alpine:3.11
+    binds:
+      - /check.sh:/check.sh
+      - /dev/console:/dev/console
+      - /var/log:/var/log
+    command: ["sh", "./check.sh"]
+    pid: host
+    capabilities:
+      - CAP_SYS_BOOT
+files:
+  - path: check.sh
+    source: ./check.sh
+trust:
+  org:
+    - linuxkit
+    - library