It looks like I will need to audit a variety of events and configure the logging of those events. I can easily enable the kernel features but I don't know where to get the utilities (auditd, auditctl) in a form suitable for installation on Slackware 12.x. Most of my systems run 12.1 at present, a few run 12.2. I'm comfortable building stuff from source, it just isn't clear to me where to find these utilities.

Anyone care to offer a little guidance? Anyone else use these?

It's my impression that auditd is part of the whole SELinux package, which might be more than you want to bite off and chew. You could try alien on the ubuntu package, I suppose: http://packages.ubuntu.com/gutsy-updates/admin/auditd

As for the source, since it's a userspace utility it'll probably be here:
http://userspace.selinuxproject.org/trac/wiki/Releases

Hope that helps, I really don't have a clue.

Thanks! That link to selinux might come in handy depending on how much of the infrastructure I really need. It looks like I might be able to work with the source code package from http://people.redhat.com/sgrubb/audit/ for the most basic parts of the package. My first attempt to find the source of this code took me to a site in Austria, and it wasn't clear to me where the home base of auditd actually was.

But I'll begin to explore that selinux site to see if there are other bits that I need to run. As a longtime Slackware user, I prefer things to be simple, but sometimes more stuff must be added ;-)