Audit for Slackware
The Linux Auditing System is a kernel subsystem the allows the
kernel to record events of interest to intrusion detection systems,
such as file access attempts, specific system calls, or custom events
generated by trusted system binaries like login or sshd. The audit
package provides the tools to configure the audit system, and to
collect and process its output.
To collect audit events, your kernel must have the audit system
enabled, which is present in the stock Slackware kernels.
The audit package has no other dependencies. However, certain audit
events of interest, such as failed login attempts from /bin/login,
password changes, etcetera are generated by their respective binaries
using libaudit. If your site policy requires auditing those events,
some reconfiguration and/or patching may be required.