diff --git a/config/hooks/live/9996_auditd.chroot b/config/hooks/live/9996_auditd.chroot
index 1a7315e..0389da4 100644
--- a/config/hooks/live/9996_auditd.chroot
+++ b/config/hooks/live/9996_auditd.chroot
@@ -48,20 +48,20 @@ cat << EOF >| /etc/audit/rules.d/11-loginuid.rules
 EOF
 
 ############################################################### /etc/audit/rules.d/20-dont-audit.rules
-#cat << EOF >| /etc/audit/rules.d/20-dont-audit.rules
+cat << EOF >| /etc/audit/rules.d/20-dont-audit.rules
 ## This is for don't audit rules. We put these early because audit
-### is a first match wins system. Uncomment the rules you want.
+## is a first match wins system. Uncomment the rules you want.
 
 ## Cron jobs fill the logs with stuff we normally don't want
-#-a never,user -F subj_type=crond_t
+-a never,user -F subj_type=crond_t
 
 ## This prevents chrony from overwhelming the logs
-#-a never,exit -F arch=x86_64 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
+-a never,exit -F arch=x86_64 -S adjtimex -F auid=unset -F uid=chrony -F subj_type=chronyd_t
 
 ### This is not very interesting and wastes a lot of space if
 ### the server is public facing
-#-a always,exclude -F msgtype=CRYPTO_KEY_USER
-#EOF
+-a always,exclude -F msgtype=CRYPTO_KEY_USER
+EOF
 
 ############################################################### /etc/audit/rules.d/21-no32bit.rules
 cat << EOF >| /etc/audit/rules.d/21-no32bit.rules
@@ -75,8 +75,8 @@ EOF
 ############################################################### /etc/audit/rules.d/22-ignore-chrony.rules
 cat << EOF >| /etc/audit/rules.d/22-ignore-chrony.rules
 ## This rule suppresses the time-change event when chrony does time updates
--a never,exit -F arch=b64 -S adjtimex -F auid=unset -F uid=chrony -F subj_type=chronyd_t
--a never,exit -F arch=b32 -S adjtimex -F auid=unset -F uid=chrony -F subj_type=chronyd_t
+-a never,exit -F arch=b64 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
+-a never,exit -F arch=b32 -S adjtimex -F auid=unset -F uid=_chrony -F subj_type=chronyd_t
 EOF
 
 ############################################################### /etc/audit/rules.d/30-ospp-v42-1-create-failed.rules