diff --git a/openscap.changes b/openscap.changes
index 58efb29..ff4b040 100644
--- a/openscap.changes
+++ b/openscap.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar  5 12:39:51 UTC 2018 - meissner@suse.com
+
+- replace oscap-scan.init by oscap-scan.service, add a /usr/bin/oscap-scan
+  helper tool for this. (bsc#1083115)
+
 -------------------------------------------------------------------
 Thu Feb 22 13:41:36 UTC 2018 - meissner@suse.com
 
diff --git a/openscap.spec b/openscap.spec
index 52b03a9..0b95373 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -28,13 +28,14 @@ Name:           openscap
 Version:        1.2.16
 Release:        1.0
 Source:         https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
-Source1:        oscap-scan.init
 Source2:        sysconfig.oscap-scan
 # SUSE specific profile, based on yast2-security
 # checks.
 # Generated from http://gitorious.org/test-suite/scap
 Source3:        scap-yast2sec-xccdf.xml
 Source4:        scap-yast2sec-oval.xml
+Source5:        oscap-scan.service
+Source6:        oscap-scan.sh
 Url:            http://www.open-scap.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  doxygen
@@ -64,6 +65,7 @@ BuildRequires:  unixODBC-devel
 Summary:        A Set of Libraries for Integration with SCAP
 License:        LGPL-2.1+
 Group:          Development/Tools/Other
+BuildRequires:  systemd-rpm-macros
 
 %description
 OpenSCAP is a set of open source libraries providing an easier path for
@@ -142,7 +144,8 @@ The OpenSCAP Perl Library for easy integration with SCAP.
 Summary:        Openscap utilities
 Group:          System/Monitoring
 Requires:       %{name} = %{version}-%{release}
-PreReq:         %insserv_prereq %fillup_prereq
+PreReq:         %fillup_prereq
+%systemd_requires
 
 %description    utils
 The %{name}-utils package contains various utilities based on %{name} library.
@@ -196,13 +199,15 @@ find %{buildroot} -name "*.la" -delete
 rm %{buildroot}/usr/bin/scap-as-rpm
 
 mkdir -p $RPM_BUILD_ROOT%{_fillupdir}
-install -d -m 755 $RPM_BUILD_ROOT%{_initrddir}
-install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/oscap-scan
 install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_fillupdir}
 
 install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 install -m 644 %{SOURCE4}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 
+# specific local scan during boot script
+install -m 644 %{SOURCE5}  $RPM_BUILD_ROOT/%{_unitdir}/oscap-scan.service
+install -m 755 %{SOURCE6}  $RPM_BUILD_ROOT/%{_datadir}/oscap-scan
+
 # create symlinks to default content
 ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
 ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
@@ -300,10 +305,11 @@ ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/
 %defattr(-,root,root,-)
 %{_fillupdir}/sysconfig.oscap-scan
 %doc docs/oscap-scan.cron
-%{_initrddir}/oscap-scan
 %{_mandir}/man8/*
+%{_unitdir}/oscap-scan.service
 %{_bindir}/oscap
 %{_bindir}/oscap-vm
+%{_bindir}/oscap-scan
 %{_bindir}/oscap-ssh
 %{_bindir}/oscap-chroot
 # currently not shipped as it is still python2
diff --git a/oscap-scan.init b/oscap-scan.init
deleted file mode 100644
index 7943db4..0000000
--- a/oscap-scan.init
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/bin/sh
-#
-# oscap-scan:		OpenSCAP security scanner
-#
-# chkconfig: - 96 99
-# description:  This service runs OpenSCAP security scanner to check the \
-#		system settings. The program does not stay resident, \
-#		but rather runs once. The results of security audit are 
-#		stored in /var/log/oscap-scan.xml.log
-#
-# processname: /usr/bin/oscap
-# config: /etc/sysconfig/oscap-scan
-#
-# Return values according to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-### BEGIN INIT INFO
-# Provides: oscap-scan
-# Required-Start: $syslog $local_fs $network $remote_fs
-# Required-Stop: $syslog $local_fs $network $remote_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start:  3 5
-# Default-Stop: 0 1 6
-# Short-Description: OpenSCAP security scanner
-# Description:       This service runs OpenSCAP security scanner to check the
-#	system settings. The program does not stay resident,
-#	but rather runs once. The results of security audit are
-#	stored in /var/log/oscap-scan.xml.log
-### END INIT INFO
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-prog="oscap"
-
-# Source function library.
-. /etc/rc.status
-
-# Allow anyone to run status
-if [ "$1" = "status" ] ; then
-	exit 3
-fi
-
-# Check that we are root ... so non-root users stop here
-test $EUID = 0  ||  exit 4
-
-# Check config
-test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
-
-RETVAL=0
-
-start() {
-	test -x /usr/bin/oscap  || exit 5
-	# Now check that the sysconfig is found and has important things
-	# configured
-	test -f /etc/sysconfig/oscap-scan || exit 6
-	test x"$OPTIONS" != "x" || exit 6
-	echo  -n $"Starting $prog: "
-	$prog $OPTIONS
-	rc_status -v
-	ERR=$?
-	if [ $ERR -eq 0 ] ; then
-		sleep 1
-		logger "OpenSCAP security scan: PASS"
-	elif [ $ERR -eq 1 ] ; then
-		sleep 1
-		logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
-	else
-		sleep 1
-		logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
-	fi
-}
-
-
-# See how we were called.
-case "$1" in
-    start)
-	start
-	;;
-    restart)
-	start
-	;;
-    stop)
-	RETVAL=0;
-	;;
-    condrestart)
-	RETVAL=0;
-	;;
-    try-restart)
-	RETVAL=0;
-	;;
-    reload)
-	RETVAL=0;
-	;;
-    *)
-	echo $"Usage: $0 {start}"
-	RETVAL=2
-	;;
-esac
-exit $RETVAL
-
diff --git a/oscap-scan.service b/oscap-scan.service
new file mode 100644
index 0000000..d17e8cc
--- /dev/null
+++ b/oscap-scan.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenSCAP security scanner
+Wants=local-fs.target
+After=local-fs.target
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/sysconfig/oscap-scan
+ExecStart=/usr/bin/oscap $OPTIONS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/oscap-scan.sh b/oscap-scan.sh
new file mode 100644
index 0000000..949aa38
--- /dev/null
+++ b/oscap-scan.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+prog="oscap"
+
+# Check config
+test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
+
+RETVAL=0
+
+test -f /etc/sysconfig/oscap-scan || exit 6
+
+test x"$OPTIONS" != "x" || exit 6
+
+$prog $OPTIONS
+
+ERR=$?
+if [ $ERR -eq 0 ] ; then
+	logger "OpenSCAP security scan: PASS"
+elif [ $ERR -eq 1 ] ; then
+	logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
+else
+	logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
+fi
+
+exit 0