diff --git i/audisp/plugins/af_unix/af_unix.conf w/audisp/plugins/af_unix/af_unix.conf
index 081dcb67..df995a65 100644
--- i/audisp/plugins/af_unix/af_unix.conf
+++ w/audisp/plugins/af_unix/af_unix.conf
@@ -6,7 +6,7 @@
 
 active = no
 direction = out
-path = /sbin/audisp-af_unix
+path = /usr/bin/audisp-af_unix
 type = always
-args = 0640 /var/run/audispd_events
+args = 0640 /run/audispd_events
 format = string
diff --git i/audisp/plugins/ids/audisp-ids.conf w/audisp/plugins/ids/audisp-ids.conf
index ce5521c4..2d509025 100644
--- i/audisp/plugins/ids/audisp-ids.conf
+++ w/audisp/plugins/ids/audisp-ids.conf
@@ -3,7 +3,7 @@
 
 active = no
 direction = out
-path = /usr/sbin/audisp-ids
+path = /usr/bin/audisp-ids
 type = always 
 args = 1
 format = string
diff --git i/audisp/plugins/remote/au-remote.conf w/audisp/plugins/remote/au-remote.conf
index d75e6b64..73814875 100644
--- i/audisp/plugins/remote/au-remote.conf
+++ w/audisp/plugins/remote/au-remote.conf
@@ -5,7 +5,7 @@
 
 active = no
 direction = out
-path = /sbin/audisp-remote
+path = /usr/bin/audisp-remote
 type = always
 #args =
 format = string
diff --git i/audisp/plugins/statsd/au-statsd.conf w/audisp/plugins/statsd/au-statsd.conf
index a1fd4be3..3aa2174d 100644
--- i/audisp/plugins/statsd/au-statsd.conf
+++ w/audisp/plugins/statsd/au-statsd.conf
@@ -3,7 +3,7 @@
 
 active = no
 direction = out
-path = /sbin/audisp-statsd
+path = /usr/bin/audisp-statsd
 type = always 
 # args =
 format = string
diff --git i/audisp/plugins/syslog/syslog.conf w/audisp/plugins/syslog/syslog.conf
index e8aebdfe..ab12489b 100644
--- i/audisp/plugins/syslog/syslog.conf
+++ w/audisp/plugins/syslog/syslog.conf
@@ -8,7 +8,7 @@
 
 active = no
 direction = out
-path = /sbin/audisp-syslog
+path = /usr/bin/audisp-syslog
 type = always 
 args = LOG_INFO
 format = string
diff --git i/audisp/plugins/zos-remote/audispd-zos-remote.conf w/audisp/plugins/zos-remote/audispd-zos-remote.conf
index f1c0bbda..c53cd83d 100644
--- i/audisp/plugins/zos-remote/audispd-zos-remote.conf
+++ w/audisp/plugins/zos-remote/audispd-zos-remote.conf
@@ -8,7 +8,7 @@
 
 active = no
 direction = out
-path = /sbin/audispd-zos-remote
+path = /usr/bin/audispd-zos-remote
 type = always 
 args = /etc/audit/zos-remote.conf
 format = string
diff --git i/init.d/audit-rules.service w/init.d/audit-rules.service
index a891ba12..c40ab369 100644
--- i/init.d/audit-rules.service
+++ w/init.d/audit-rules.service
@@ -11,7 +11,7 @@ Documentation=man:auditctl(8) https://github.com/linux-audit/audit-documentation
 
 [Service]
 Type=oneshot
-ExecStart=/sbin/augenrules --load
+ExecStart=/usr/bin/augenrules --load
 
 # By default we don't clear the rules on exit. To enable this, uncomment the
 # next line after copying the file to /etc/systemd/system/audit-rules.service
diff --git i/init.d/auditd.service w/init.d/auditd.service
index 1833d84a..02a25344 100644
--- i/init.d/auditd.service
+++ w/init.d/auditd.service
@@ -21,7 +21,7 @@ Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
 [Service]
 Type=forking
 PIDFile=/run/auditd.pid
-ExecStart=/sbin/auditd
+ExecStart=/usr/bin/auditd
 Restart=on-failure
 # Do not restart for intentional exits. See EXIT CODES section in auditd(8).
 RestartPreventExitStatus=2 4 6