diff --git a/meta-citadel/recipes-kernel/citadel-kernel/files/defconfig b/meta-citadel/recipes-kernel/citadel-kernel/files/defconfig
index 9b43dc1..49db0f8 100644
--- a/meta-citadel/recipes-kernel/citadel-kernel/files/defconfig
+++ b/meta-citadel/recipes-kernel/citadel-kernel/files/defconfig
@@ -76,8 +76,11 @@ CONFIG_POSIX_MQUEUE=y
 CONFIG_POSIX_MQUEUE_SYSCTL=y
 # CONFIG_CROSS_MEMORY_ATTACH is not set
 CONFIG_FHANDLE=y
-# CONFIG_AUDIT is not set
+CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
 
 #
 # IRQ subsystem
@@ -865,6 +868,7 @@ CONFIG_NETFILTER_XT_MARK=y
 #
 # Xtables targets
 #
+# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
 # CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
 # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
 # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
@@ -5079,15 +5083,20 @@ CONFIG_ENCRYPTED_KEYS=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
-# CONFIG_SECURITY_PATH is not set
+CONFIG_SECURITY_PATH=y
 # CONFIG_INTEL_TXT is not set
 CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY=y
+# CONFIG_SECURITY_SELINUX is not set
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
 # CONFIG_SECURITY_LOADPIN is not set
 # CONFIG_INTEGRITY is not set
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
 CONFIG_XOR_BLOCKS=y