audit needs fsetid

syslog needs to be able to create a tcp_socket for off machine logging.

ssh transitioning dirrectly to auditctl needs additional privs.