diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
index 64e8dde853e..2d3d2aa44df 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
@@ -12,12 +12,17 @@
 
 {{% set rx_end = "(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$" %}}
 
+{{%- set exec_start_directive = 'ExecStartStop' %}}
+{{%- if product in ["rhel10"] %}}
+{{%- set exec_start_directive = 'ExecStart' %}}
+{{%- endif %}}
+
 - name: Service facts
   ansible.builtin.service_facts:
 
 - name: Check the rules script being used
   ansible.builtin.command:
-    grep '^ExecStartPost' /usr/lib/systemd/system/auditd.service
+    grep '^{{{ exec_start_directive }}}' /usr/lib/systemd/system/auditd.service
   register: check_rules_scripts_result
   changed_when: false
   failed_when: false