diff --git a/bash-3.2-audit.patch b/bash-3.2-audit.patch
deleted file mode 100644
index 48a1751..0000000
--- a/bash-3.2-audit.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-diff -up bash-4.2/config.h.in.audit bash-4.2/config.h.in
---- bash-4.2/config.h.in.audit	2013-01-31 16:26:16.857698992 +0100
-+++ bash-4.2/config.h.in	2013-01-31 16:26:16.876699255 +0100
-@@ -1131,6 +1131,14 @@
- 
- /* End additions for lib/intl */
- 
-+
-+/* Additions for lib/readline */
-+
-+/* Define if you have <linux/audit.h> and it defines AUDIT_USER_TTY */
-+#undef HAVE_DECL_AUDIT_USER_TTY
-+
-+/* End additions for lib/readline */
-+
- #include "config-bot.h"
- 
- #endif /* _CONFIG_H_ */
-diff -up bash-4.2/configure.in.audit bash-4.2/configure.in
---- bash-4.2/configure.in.audit	2013-01-31 16:26:16.858699005 +0100
-+++ bash-4.2/configure.ac	2013-01-31 16:26:16.877699269 +0100
-@@ -888,6 +888,8 @@ BASH_FUNC_DUP2_CLOEXEC_CHECK
- BASH_SYS_PGRP_SYNC
- BASH_SYS_SIGNAL_VINTAGE
- 
-+AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include <linux/audit.h>]])
-+
- dnl checking for the presence of certain library symbols
- BASH_SYS_ERRLIST
- BASH_SYS_SIGLIST
-diff -up bash-4.2/lib/readline/readline.c.audit bash-4.2/lib/readline/readline.c
---- bash-4.2/lib/readline/readline.c.audit	2013-01-31 16:26:16.871699185 +0100
-+++ bash-4.2/lib/readline/readline.c	2013-01-31 17:24:23.902744860 +0100
-@@ -55,6 +55,12 @@
- extern int errno;
- #endif /* !errno */
- 
-+#if defined (HAVE_DECL_AUDIT_USER_TTY)
-+#  include <sys/socket.h>
-+#  include <linux/audit.h>
-+#  include <linux/netlink.h>
-+#endif
-+
- /* System-specific feature definitions and include files. */
- #include "rldefs.h"
- #include "rlmbutil.h"
-@@ -301,7 +307,48 @@ rl_set_prompt (prompt)
-   rl_visible_prompt_length = rl_expand_prompt (rl_prompt);
-   return 0;
- }
--  
-+
-+#if defined (HAVE_DECL_AUDIT_USER_TTY)
-+/* Report STRING to the audit system. */
-+static void
-+audit_tty (char *string)
-+{
-+  struct sockaddr_nl addr;
-+  struct msghdr msg;
-+  struct nlmsghdr nlm;
-+  struct iovec iov[2];
-+  size_t size;
-+  int fd;
-+
-+  size = strlen (string) + 1;
-+  fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
-+  if (fd < 0)
-+    return;
-+  nlm.nlmsg_len = NLMSG_LENGTH (size);
-+  nlm.nlmsg_type = AUDIT_USER_TTY;
-+  nlm.nlmsg_flags = NLM_F_REQUEST;
-+  nlm.nlmsg_seq = 0;
-+  nlm.nlmsg_pid = 0;
-+  iov[0].iov_base = &nlm;
-+  iov[0].iov_len = sizeof (nlm);
-+  iov[1].iov_base = string;
-+  iov[1].iov_len = size;
-+  addr.nl_family = AF_NETLINK;
-+  addr.nl_pad = 0;
-+  addr.nl_pid = 0;
-+  addr.nl_groups = 0;
-+  msg.msg_name = &addr;
-+  msg.msg_namelen = sizeof (addr);
-+  msg.msg_iov = iov;
-+  msg.msg_iovlen = 2;
-+  msg.msg_control = NULL;
-+  msg.msg_controllen = 0;
-+  msg.msg_flags = 0;
-+  (void)sendmsg (fd, &msg, 0);
-+  close (fd);
-+}
-+#endif
-+
- /* Read a line of input.  Prompt with PROMPT.  An empty PROMPT means
-    none.  A return value of NULL means that EOF was encountered. */
- char *
diff --git a/bash-4.3-audit.patch b/bash-4.3-audit.patch
new file mode 100644
index 0000000..9270403
--- /dev/null
+++ b/bash-4.3-audit.patch
@@ -0,0 +1,12 @@
+diff --git a/lib/readline/rlconf.h b/lib/readline/rlconf.h
+--- a/lib/readline/rlconf.h
++++ b/lib/readline/rlconf.h
+@@ -64,7 +64,7 @@
+ 
+ /* Define this if you want to enable code that talks to the Linux kernel
+    tty auditing system. */
+-/* #define ENABLE_TTY_AUDIT_SUPPORT */
++#define ENABLE_TTY_AUDIT_SUPPORT
+ 
+ /* Defaults for the various editing mode indicators, inserted at the beginning
+    of the last (maybe only) line of the prompt if show-mode-in-prompt is on */
diff --git a/bash.spec b/bash.spec
index 479a928..85059ac 100644
--- a/bash.spec
+++ b/bash.spec
@@ -6,7 +6,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@@ -33,8 +33,6 @@ Patch103: bash-2.05a-interpreter.patch
 Patch104: bash-2.05b-debuginfo.patch
 # Pid passed to setpgrp() can not be pid of a zombie process.
 Patch105: bash-2.05b-pgrp_sync.patch
-# Enable audit logs
-Patch106: bash-3.2-audit.patch
 # Source bashrc file when bash is run under ssh.
 Patch107: bash-3.2-ssh_source_bash.patch
 # Use makeinfo to generate .texi file
@@ -93,6 +91,9 @@ Patch129: bash-5.1-mbrtowc.patch
 # 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform
 Patch130: bash-5.2-check-xform.patch
 
+# Enable audit logs
+Patch131: bash-4.3-audit.patch
+
 BuildRequires:  gcc
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
@@ -100,6 +101,7 @@ BuildRequires: autoconf, gettext
 # Required for bash tests
 BuildRequires: glibc-all-langpacks
 BuildRequires: make
+BuildRequires: audit-libs-devel
 Requires: filesystem >= 3
 Provides: /bin/sh
 Provides: /bin/bash
@@ -324,6 +326,10 @@ end
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
+* Wed Jan 24 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-7
+- Restore audit logs in bash-4.3 or newer versions
+  Resolves: RHEL-22619
+
 * Tue Nov 22 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-6
 - Add a null check in parameter_brace_transform() function
   Resolves: CVE-2022-3715