diff --git a/bin/hardening/4.1.1.2_halt_when_audit_log_full.sh b/bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
index dd3468c..8818652 100755
--- a/bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
+++ b/bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
@@ -15,7 +15,7 @@ HARDENING_LEVEL=4
 DESCRIPTION="Disable system on audit log full."
 
 FILE='/etc/audit/auditd.conf'
-OPTIONS='space_left_action=email action_mail_acct=root admin_space_left_action=halt'
+OPTIONS=''
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
@@ -76,6 +76,15 @@ check_config() {
     :
 }
 
+create_config() {
+    cat << EOF
+# shellcheck disable=2034
+status=audit
+# Put here the conf for auditd
+OPTIONS='space_left_action=email action_mail_acct=root admin_space_left_action=halt'
+EOF
+}
+
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
     . /etc/default/cis-hardening
diff --git a/tests/hardening/4.1.1.2_halt_when_audit_log_full.sh b/tests/hardening/4.1.1.2_halt_when_audit_log_full.sh
index 60c1a0d..833c220 100644
--- a/tests/hardening/4.1.1.2_halt_when_audit_log_full.sh
+++ b/tests/hardening/4.1.1.2_halt_when_audit_log_full.sh
@@ -10,6 +10,8 @@ test_audit() {
 
     describe Correcting situation
     sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    # to avoid error during auditd installation in 4.1.1.2, only necessary during tests
+    sed  -i "s/OPTIONS='/OPTIONS='space_left=100 admin_space_left=50 /" /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh || true
 
     describe Checking resolved state