has anyone noticed audit rules (and enabled status) not being reset when osquery shuts down and the watchdog is in use? https://github.com/osquery/osquery/pull/6096 mentions that the watchdog signal handlers were removed, so I suspect this is why?

Re: signal handler removal, I don’t have more context than what exists in the previous commits/PR. But perhaps there is an alternative for example using at_exit