diff --git a/benchmarks/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.md b/benchmarks/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.md
new file mode 100644
index 0000000000000000000000000000000000000000..592612f7c7305fe8ee8a5fb0247cc0bbdb3e9229
--- /dev/null
+++ b/benchmarks/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.md
@@ -0,0 +1,57 @@
+# 2.26 确保审计系统内存配置信息和磁盘配置信息相同
+
+## 安全等级
+
+- Level 1
+
+## 描述
+
+审计系统在磁盘上的系统配置信息可能和内存中的系统配置信息不相同。
+
+通过对审计系统磁盘配置信息和内存配置信息的一致性进行检查，保证审计系统正常运行。
+
+## 修复建议
+
+目标：确保内存中的配置信息和磁盘上存放的配置信息是一致的。
+
+1. 运行以下命令来合并和加载所有的规则：
+
+```bash
+# augenrules --load
+```
+
+2. 检查是否需要重启：
+
+```bash
+if [[ $(auditctl -s | grep "enabled") =~ "2" ]]; then
+	echo "Reboot required to load rules";
+fi
+```
+
+## 扫描检测
+
+目标：确保内存中的配置信息和磁盘上存放的配置信息是一致的。
+
+1. 检查`/etc/audit/rules.d`目录下的规则改动是否已合并至`/etc/audit/audit.rules`：
+
+```bash
+# augenrules --check
+
+/usr/sbin/augenrules: No change
+```
+
+如返回`Rules have changed and should be updated`则需执行`augenrules --load`命令来合并并加载所有规则。
+
+2. 在合并规则集之后，再次进行测试：
+
+```bash
+# augenrules --check | grep -Psiq "No\s+change" && echo 'pass' || echo 'fail'
+
+pass
+```
+
+如输出pass，则视为通过此项检查。
+
+## 参考
+
+- cis: <https://www.cisecurity.org/benchmark/aliyun_linux>
\ No newline at end of file
diff --git a/docs/summary-of-rules.md b/docs/summary-of-rules.md
index c97f4f0222f9f9ec489561dba19e255c71d43bd0..fc8c3052113787b09c8d33836f333a15324557f5 100644
--- a/docs/summary-of-rules.md
+++ b/docs/summary-of-rules.md
@@ -76,6 +76,7 @@
 | 2.23     | 2.23-ensure-that-events-that-modify-user-group-information-are-collected.md | 2.23 确保收集修改用户/组信息的事件                   | benchmarks/logging-and-auditing     | 3     |
 | 2.24     | 2.24-ensure-successful-and-unsuccessful-attempts-to-use-the-chsh-command-are-recorded.md | 2.24 确保记录成功或不成功使用chsh命令          | benchmarks/logging-and-auditing    | 3     |
 | 2.25     | 2.25-ensure-audit-logs-are-not-automatically-deleted.md | 2.25 确保审计日志不会自动删除          | benchmarks/logging-and-auditing    | 3     |
+| 2.26     | 2.26-ensure-the-running-and-on-disk-configuration-is-the-same.md | 2.26 确保审计系统内存配置信息和磁盘配置信息相同          | benchmarks/logging-and-auditing    | 1     |
 | 3.1      | 3.1-disable-http-server.md                                   | 3.1 禁用HTTP Server                                  | benchmarks/services                 | 1     |
 | 3.2      | 3.2-disable-ftp-server.md                                    | 3.2 禁用FTP Server                                   | benchmarks/services                 | 1     |
 | 3.3      | 3.3-disable-dns-server.md                                    | 3.3 禁用DNS Server                                   | benchmarks/services                 | 1     |
diff --git a/remediation-kits/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.sh b/remediation-kits/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.sh
new file mode 100644
index 0000000000000000000000000000000000000000..7352aba0285b101d60f6c16187cccdcf1b8ae815
--- /dev/null
+++ b/remediation-kits/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.sh
@@ -0,0 +1,5 @@
+augenrules --load
+
+if [[ $(auditctl -s | grep "enabled") =~ "2" ]]; then 
+    echo "Reboot required to load rules";
+fi
\ No newline at end of file
diff --git a/scanners/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.sh b/scanners/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.sh
new file mode 100644
index 0000000000000000000000000000000000000000..95b17a9b227b61641a7cac71b3d19d3d4c11dba4
--- /dev/null
+++ b/scanners/logging-and-auditing/2.26-ensure-the-running-and-on-disk-configuration-is-the-same.sh
@@ -0,0 +1,3 @@
+checkResult=$(augenrules --check)
+
+echo $checkResult | grep -Psiq "No\s+change" && echo 'pass' || echo 'fail'
\ No newline at end of file