diff --git a/common/shlibs b/common/shlibs
index 1a3d34e5641..49cc3ea6f76 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3332,3 +3332,5 @@ libwx_gtk3u_gl-3.0.so.0 wxWidgets-gtk3-3.0.4_1
 libwx_gtk3u_stc-3.0.so.0 wxWidgets-gtk3-3.0.4_1
 libtepl-4.so.0 tepl-4.2.0_1
 libnomacsCore.so.3 nomacs-3.10.2_4
+libaudit.so.1 libaudit-2.8.4_1
+libauparse.so.0 libauparse-2.8.4_1
diff --git a/srcpkgs/audit/files/auditctl/conf b/srcpkgs/audit/files/auditctl/conf
new file mode 100644
index 00000000000..8e157c54bb2
--- /dev/null
+++ b/srcpkgs/audit/files/auditctl/conf
@@ -0,0 +1,9 @@
+# This option is used to determine if rules & watches should be deleted on
+# shutdown by loading the audit-stop file. This is beneficial in most cases
+# so that a watch doesn't linger on a drive that is being unmounted. If
+# set to no, it will NOT be cleaned up.
+AUDITD_CLEAN_STOP="no"
+
+# This option determines whether or not to call augenrules to compile the
+# audit rules from /etc/audit/rules.d. The default is "yes".
+USE_AUGENRULES="yes"
diff --git a/srcpkgs/audit/files/auditctl/finish b/srcpkgs/audit/files/auditctl/finish
new file mode 100755
index 00000000000..4d7cce3a0ce
--- /dev/null
+++ b/srcpkgs/audit/files/auditctl/finish
@@ -0,0 +1,13 @@
+#!/bin/sh -e
+
+# Remove watches so shutdown works cleanly
+
+test -f /etc/audit/audit-stop.rules || exit 0
+test ! -r ./conf || . ./conf
+
+case "$AUDITD_CLEAN_STOP" in
+	no|NO) exit 0 ;;
+	*) ;;
+esac
+
+exec auditctl -R /etc/audit/audit-stop.rules >/dev/null
diff --git a/srcpkgs/audit/files/auditctl/run b/srcpkgs/audit/files/auditctl/run
new file mode 100755
index 00000000000..64a2820eb21
--- /dev/null
+++ b/srcpkgs/audit/files/auditctl/run
@@ -0,0 +1,12 @@
+#!/bin/sh -e
+
+test ! -r ./conf || . ./conf
+
+case "$USE_AUGENRULES" in
+	no|NO) ;;
+	*) test ! -d /etc/audit/rules.d || augenrules >/dev/null ;;
+esac
+
+test ! -f /etc/audit/audit.rules || auditctl -R /etc/audit/audit.rules >/dev/null
+
+exec chpst -b auditctl pause
diff --git a/srcpkgs/audit/files/auditd/run b/srcpkgs/audit/files/auditd/run
new file mode 100755
index 00000000000..4b5c68a0bdb
--- /dev/null
+++ b/srcpkgs/audit/files/auditd/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec auditd -n
diff --git a/srcpkgs/audit/patches/musl.patch b/srcpkgs/audit/patches/musl.patch
new file mode 100644
index 00000000000..8e82fe33cfe
--- /dev/null
+++ b/srcpkgs/audit/patches/musl.patch
@@ -0,0 +1,158 @@
+Source: Hoshpak, based on earlier work by doughdemon
+Upstream: No
+Reason: musl compatibility
+From 81e3ac4db3e779f38e92cb9d9329db4cd76a8954 Mon Sep 17 00:00:00 2001
+From: Helmut Pozimski <helmut@pozimski.eu>
+Date: Fri, 21 Sep 2018 20:22:47 +0200
+Subject: [PATCH] conditionally switch to alternatives for strndupa and
+ rawmemchr for non-glibc libcs
+
+---
+ auparse/auparse.c   | 17 +++++++++++++----
+ auparse/interpret.c |  4 ++++
+ src/auditd.c        |  7 ++++++-
+ src/ausearch-lol.c  | 16 ++++++++++++----
+ 4 files changed, 35 insertions(+), 9 deletions(-)
+
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index 69127b7..9e444f6 100644
+--- auparse/auparse.c
++++ auparse/auparse.c
+@@ -1126,10 +1126,19 @@ static int extract_timestamp(const char *b, au_event_t *e)
+ 	int rc = 1;
+ 
+         e->host = NULL;
+-	if (*b == 'n')
+-		tmp = strndupa(b, 340);
+-	else
+-		tmp = strndupa(b, 80);
++	#ifdef __GLIBC__
++		tmp = alloca(340);
++		if (*b == 'n')
++			tmp = strndupa(b, 340);
++		else
++			tmp = strndupa(b, 80);
++	#else
++		tmp = alloca(340);
++		if (*b == 'n')
++			tmp = strncpy(tmp, b, 340);
++		else
++			tmp = strncpy(tmp, b, 80);
++	#endif
+ 	ptr = audit_strsplit(tmp);
+ 	if (ptr) {
+ 		// Optionally grab the node - may or may not be included
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 4783d86..d779fc7 100644
+--- auparse/interpret.c
++++ auparse/interpret.c
+@@ -864,7 +864,11 @@ static const char *print_proctitle(const char *val)
+ 		// Proctitle has arguments separated by NUL bytes
+ 		// We need to write over the NUL bytes with a space
+ 		// so that we can see the arguments
++		#ifdef __GLIBC__
+ 		while ((ptr  = rawmemchr(ptr, '\0'))) {
++		#else
++		while (ptr < end) {
++		#endif
+ 			if (ptr >= end)
+ 				break;
+ 			*ptr = ' ';
+diff --git a/src/auditd.c b/src/auditd.c
+index 4939b5a..8ad08d8 100644
+--- src/auditd.c
++++ src/auditd.c
+@@ -224,7 +224,12 @@ static int extract_type(const char *str)
+ 	// ptr should be at 't'
+ 	ptr2 = strchr(ptr, ' ');
+ 	// get type=xxx in a buffer
+-	tptr = strndupa(ptr, ptr2 - ptr);
++	#ifdef __GLIBC__
++		tptr = strndupa(ptr, ptr2 - ptr);
++	#else
++		tptr = alloca(ptr2 - ptr);
++		tptr = strncpy(tptr, ptr, ptr2 - ptr);
++	#endif
+ 	// find =
+ 	str = strchr(tptr, '=');
+ 	if (str == NULL)
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index ec6f453..51e7696 100644
+--- src/ausearch-lol.c
++++ src/ausearch-lol.c
+@@ -160,10 +160,18 @@ static int extract_timestamp(const char *b, event *e)
+ 	char *ptr, *tmp, *tnode, *ttype;
+ 
+ 	e->node = NULL;
+-	if (*b == 'n')
+-		tmp = strndupa(b, 340);
+-	else
+-		tmp = strndupa(b, 80);
++	#ifdef __GLIBC__
++		if (*b == 'n')
++			tmp = strndupa(b, 340);
++		else
++			tmp = strndupa(b, 80);
++	#else
++		tmp = alloca(340);
++		if (*b == 'n')
++			tmp = strncpy(tmp, b, 340);
++		else
++			tmp = strncpy(tmp, b, 80);
++	#endif
+ 	ptr = audit_strsplit(tmp);
+ 	if (ptr) {
+ 		// Check to see if this is the node info
+-- 
+2.19.0
+
+From ca1590b95b3f786ca11f165656c31e525359e19c Mon Sep 17 00:00:00 2001
+From: Helmut Pozimski <helmut@pozimski.eu>
+Date: Fri, 21 Sep 2018 20:44:18 +0200
+Subject: [PATCH 2/2] replace usage of pthread_yield with sched_yield
+
+---
+ audisp/plugins/zos-remote/zos-remote-queue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c
+index 8071dca..d5e30dd 100644
+--- audisp/plugins/zos-remote/zos-remote-queue.c
++++ audisp/plugins/zos-remote/zos-remote-queue.c
+@@ -77,7 +77,7 @@ retry:
+         pthread_mutex_unlock(&queue_lock);
+     } else {
+         pthread_mutex_unlock(&queue_lock);
+-        pthread_yield(); /* Let dequeue thread run to clear queue */
++        sched_yield(); /* Let dequeue thread run to clear queue */
+         retry_cnt++;
+         goto retry;
+     }
+-- 
+2.19.0
+
+From 5c52c6c662f0a3ab3b2f7a45024ef7aee9a6999d Mon Sep 17 00:00:00 2001
+From: Helmut Pozimski <helmut@pozimski.eu>
+Date: Fri, 21 Sep 2018 21:24:56 +0200
+Subject: [PATCH 3/3] change stdint include to import in auditswig.i to
+ accomodate compilation on musl
+
+---
+ bindings/swig/src/auditswig.i | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
+index 356a5ab..8ad09da 100644
+--- bindings/swig/src/auditswig.i
++++ bindings/swig/src/auditswig.i
+@@ -41,6 +41,6 @@ typedef unsigned __u32;
+ typedef unsigned uid_t;
+ %include "/usr/include/linux/audit.h"
+ #define __extension__ /*nothing*/
+-%include "/usr/include/stdint.h"
++%import "/usr/include/stdint.h"
+ %include "../lib/libaudit.h"
+ 
+-- 
+2.19.0
+
diff --git a/srcpkgs/audit/template b/srcpkgs/audit/template
new file mode 100644
index 00000000000..9f0dc744431
--- /dev/null
+++ b/srcpkgs/audit/template
@@ -0,0 +1,102 @@
+# Template file for 'audit'
+pkgname=audit
+version=2.8.4
+revision=1
+build_style=gnu-configure
+configure_args="--libdir=/usr/lib --enable-shared=audit --enable-gssapi-krb5
+ --with-apparmor --with-libcap-ng --with-python --with-python3"
+hostmakedepends="automake libtool pkg-config intltool
+ swig python-setuptools python3-setuptools"
+makedepends="mit-krb5-devel libldap-devel libapparmor-devel libcap-ng-devel
+ python-devel python3-devel"
+make_dirs="/var/log/audit 0700 root root"
+short_desc="Linux Security Auditing Framework"
+maintainer="Cameron Nemo <camerontnorman@gmail.com>"
+license="GPL-2.0-or-later, LGPL-2.0-or-later"
+homepage="https://people.redhat.com/sgrubb/audit"
+distfiles="${homepage}/${pkgname}-${version}.tar.gz"
+checksum=a410694d09fc5708d980a61a5abcb9633a591364f1ecc7e97ad5daef9c898c38
+
+if [ "$CROSS_BUILD" ]; then
+	pre_configure() {
+		sed -i "s;^PYINCLUDEDIR=.*;PYINCLUDEDIR=${XBPS_CROSS_BASE}/usr/include/python${py2_ver};" configure
+	}
+fi
+
+post_install() {
+	vinstall rules/10-base-config.rules 644 etc/audit/rules.d
+	vmkdir usr/share/examples/audit/rules.d
+	vcopy "rules/*" usr/share/examples/audit/rules.d
+	rm -rf "${DESTDIR}/etc/rc.d"
+	rm -rf "${DESTDIR}/etc/sysconfig"
+	vsv auditd
+	vsv auditctl
+}
+
+libaudit-common_package() {
+	noarch=yes
+	short_desc+=" - Library common files"
+	pkg_install() {
+		vmove etc/libaudit.conf
+		vmove usr/share/man/man5/libaudit.conf.5
+	}
+}
+
+libaudit_package() {
+	short_desc+=" - Library"
+	depends="libaudit-common-${version}_${revision}"
+	pkg_install() {
+		vmove "usr/lib/libaudit.so.*"
+	}
+}
+
+libaudit-devel_package() {
+	short_desc+=" - Library development files"
+	depends="libaudit-${version}_${revision}"
+	pkg_install() {
+		vmove usr/include/libaudit.h
+		vmove usr/lib/libaudit.a
+		vmove usr/lib/libaudit.so
+		vmove usr/lib/pkgconfig/audit.pc
+		vmove usr/share/aclocal/audit.m4
+		vmove "usr/share/man/man3/audit*"
+		vmove usr/share/man/man3/get_auditfail_action.3
+		vmove usr/share/man/man3/set_aumessage_mode.3
+	}
+}
+
+libauparse_package() {
+	short_desc+=" - Parsing Library"
+	pkg_install() {
+		vmove "usr/lib/libauparse.so.*"
+	}
+}
+
+libauparse-devel_package() {
+	short_desc+=" - Parsing Library development files"
+	depends="libauparse-${version}_${revision}"
+	pkg_install() {
+		vmove "usr/include/auparse*.h"
+		vmove usr/lib/libauparse.a
+		vmove usr/lib/libauparse.so
+		vmove usr/lib/pkgconfig/auparse.pc
+		vmove "usr/share/man/man3/auparse*"
+		vmove "usr/share/man/man3/ausearch*"
+	}
+}
+
+python-audit_package() {
+	short_desc+=" - Python bindings"
+	pycompile_module="audit"
+	pkg_install() {
+		vmove "usr/lib/python2*"
+	}
+}
+
+python3-audit_package() {
+	short_desc+=" - Python3 bindings"
+	pycompile_module="audit"
+	pkg_install() {
+		vmove "usr/lib/python3*"
+	}
+}
diff --git a/srcpkgs/libaudit b/srcpkgs/libaudit
new file mode 120000
index 00000000000..ba33219b36f
--- /dev/null
+++ b/srcpkgs/libaudit
@@ -0,0 +1 @@
+audit
\ No newline at end of file
diff --git a/srcpkgs/libaudit-common b/srcpkgs/libaudit-common
new file mode 120000
index 00000000000..ba33219b36f
--- /dev/null
+++ b/srcpkgs/libaudit-common
@@ -0,0 +1 @@
+audit
\ No newline at end of file
diff --git a/srcpkgs/libaudit-devel b/srcpkgs/libaudit-devel
new file mode 120000
index 00000000000..ba33219b36f
--- /dev/null
+++ b/srcpkgs/libaudit-devel
@@ -0,0 +1 @@
+audit
\ No newline at end of file
diff --git a/srcpkgs/libauparse b/srcpkgs/libauparse
new file mode 120000
index 00000000000..ba33219b36f
--- /dev/null
+++ b/srcpkgs/libauparse
@@ -0,0 +1 @@
+audit
\ No newline at end of file
diff --git a/srcpkgs/libauparse-devel b/srcpkgs/libauparse-devel
new file mode 120000
index 00000000000..ba33219b36f
--- /dev/null
+++ b/srcpkgs/libauparse-devel
@@ -0,0 +1 @@
+audit
\ No newline at end of file
diff --git a/srcpkgs/python-audit b/srcpkgs/python-audit
new file mode 120000
index 00000000000..ba33219b36f
--- /dev/null
+++ b/srcpkgs/python-audit
@@ -0,0 +1 @@
+audit
\ No newline at end of file
diff --git a/srcpkgs/python3-audit b/srcpkgs/python3-audit
new file mode 120000
index 00000000000..ba33219b36f
--- /dev/null
+++ b/srcpkgs/python3-audit
@@ -0,0 +1 @@
+audit
\ No newline at end of file