Add even more information about systemctl

Author: stevegrubb

README.md

@@ -84,7 +84,7 @@ The audit daemon is started by systemd. Some people run the "systemd-analyze sec
 ### Starting and Stopping the Daemon
 The systemctl application was designed to interact with systemd to control system services. It is designed to use dbus to talk to systemd which then works to carry out the command if the user is authorized to do so. This can create a problem on shutdown.
 
-Many people have to run in environments that require compliance to regulatory standards. One of these requirements is to record anyone's interaction with the audit trail. (See ![FAU_GEN1.1](https://www.niap-ccevs.org/static_html/protection-profile/469/OS%204.3%20PP/index.html#fau) clause "a" and "c" bullet point 2.) This means direct file access, changes to audit configuration, or starting/stopping the daemon. We can place watches on the files to meet the requirements. However, who stopped the daemon is trickier.
+Many people have to run in environments that require compliance to regulatory standards. One of these requirements is to record anyone's interaction with the audit trail. See ![FAU_GEN1.1](https://www.niap-ccevs.org/static_html/protection-profile/469/OS%204.3%20PP/index.html#fau) clause "a" and "c" bullet point 2. This means direct file access, changes to audit configuration, or starting/stopping the daemon. We can place watches on the files to meet the requirements. However, who stopped the daemon is trickier.
 
 Prior to systemd, people used sysvinit and then upstart. Both of those used a service command to wrap the need to send signals to the daemon to direct it to do something. SIGHUP meant reload the configuration. SIGTERM meant halt the daemon. To meet Common Criteria requirements, the Linux kernel notices any signal heading to the audit daemon and records the login uid of whoever sent it. When the audit daemon receives this signal, it querries the kernel so that it can create an event with this information.