diff --git a/bin/hardening/4.1.1.1_install_auditd.sh b/bin/hardening/4.1.1.1_install_auditd.sh
index b97f56c..375c34d 100755
--- a/bin/hardening/4.1.1.1_install_auditd.sh
+++ b/bin/hardening/4.1.1.1_install_auditd.sh
@@ -17,14 +17,27 @@ HARDENING_LEVEL=4
 # shellcheck disable=2034
 DESCRIPTION="Install auditd."
 
+PACKAGE="auditd"
+
 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    :
+    is_pkg_installed "$PACKAGE"
+    if [ "$FNRET" != 0 ]; then
+        crit "$PACKAGE is not installed!"
+    else
+        ok "$PACKAGE is installed"
+    fi
 }
 
 # This function will be called if the script status is on enabled mode
 apply() {
-    :
+    is_pkg_installed "$PACKAGE"
+    if [ "$FNRET" = 0 ]; then
+        ok "$PACKAGE is installed"
+    else
+        warn "$PACKAGE is absent, installing it"
+        apt_install "$PACKAGE"
+    fi
 }
 
 # This function will check config parameters required
diff --git a/tests/hardening/4.1.1.1_install_auditd.sh b/tests/hardening/4.1.1.1_install_auditd.sh
index f85b20d..a5243cb 100644
--- a/tests/hardening/4.1.1.1_install_auditd.sh
+++ b/tests/hardening/4.1.1.1_install_auditd.sh
@@ -7,5 +7,10 @@ test_audit() {
     # shellcheck disable=2154
     run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
-    # TODO fill comprehensive tests
+    ##################################################################
+    # For this test, we only check that it runs properly on a blank  #
+    # host, and we check root/sudo consistency. But, we don't test   #
+    # the apply function because it can't be automated or it is very #
+    # long to test and not very useful.                              #
+    ##################################################################
 }