diff --git a/pkg/auditd/Dockerfile b/pkg/auditd/Dockerfile
index 5c6027d98..816b4f0fe 100644
--- a/pkg/auditd/Dockerfile
+++ b/pkg/auditd/Dockerfile
@@ -1,15 +1,7 @@
-FROM linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1 AS build
-RUN apk add abuild gcc git
-
-ADD build.sh /
-RUN adduser -D -G abuild builder && sudo -u builder /build.sh
-
-FROM linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1 AS mirror
-COPY --from=build /home/builder/*apk /
+FROM linuxkit/alpine:4584958639b2378246371fe219f33b270667e22e AS mirror
 
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
-RUN apk add --initdb -p /out alpine-baselayout busybox tini
-RUN apk add --allow-untrusted -p /out /*apk
+RUN apk add --initdb -p /out alpine-baselayout apk-tools audit busybox tini
 
 # Remove apk residuals. We have a read-only rootfs, so apk is of no use.
 RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
@@ -25,5 +17,3 @@ COPY audit.rules /etc/audit
 COPY runaudit.sh /usr/bin
 
 CMD ["/sbin/tini", "/usr/bin/runaudit.sh"]
-
-LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/log:/var/log"], "capabilities": ["CAP_AUDIT_CONTROL", "CAP_AUDIT_READ", "CAP_AUDIT_WRITE", "CAP_SYS_NICE"]}'
diff --git a/pkg/auditd/build.sh b/pkg/auditd/build.sh
deleted file mode 100755
index 57002aa08..000000000
--- a/pkg/auditd/build.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-AUDIT_HASH=59763dd8e587d1821f2d039b2bf446c3a31ea58e
-
-set -e
-
-cd /home/builder
-
-git clone https://github.com/alpinelinux/aports && cd aports && git checkout $AUDIT_HASH
-cd testing/audit
-
-abuild-keygen -a
-abuild -F -r
-
-find ~/packages
-cp ~/packages/testing/$(abuild -A)/*apk ~
diff --git a/pkg/auditd/build.yml b/pkg/auditd/build.yml
index 82454acfd..3388e2f64 100644
--- a/pkg/auditd/build.yml
+++ b/pkg/auditd/build.yml
@@ -1,2 +1,11 @@
 image: auditd
 network: true
+config:
+  pid: host
+  binds:
+    - /var/log:/var/log
+  capabilities:
+    - CAP_AUDIT_CONTROL
+    - CAP_AUDIT_READ
+    - CAP_AUDIT_WRITE
+    - CAP_SYS_NICE
diff --git a/tools/alpine/packages b/tools/alpine/packages
index 0d300913c..67f258660 100644
--- a/tools/alpine/packages
+++ b/tools/alpine/packages
@@ -4,6 +4,7 @@ alpine-keys
 apk-tools
 argp-standalone
 attr-dev
+audit
 autoconf
 automake
 bash
diff --git a/tools/alpine/versions.aarch64 b/tools/alpine/versions.aarch64
index c4b11353b..81b5e869b 100644
--- a/tools/alpine/versions.aarch64
+++ b/tools/alpine/versions.aarch64
@@ -1,13 +1,15 @@
-# linuxkit/alpine:dd9b3a4d8c6c7a21b8457aa3017d06eb97ed731c-arm64
+# linuxkit/alpine:9d29dc154440859d729ba864ffd67bb4c90e630d-arm64
 # automatically generated list of installed packages
 abuild-3.1.0-r3
 alpine-baselayout-3.0.5-r2
 alpine-keys-2.1-r1
 alsa-lib-1.1.4.1-r2
-apk-tools-2.8.1-r1
+apk-tools-2.8.1-r2
 argp-standalone-1.3-r2
 attr-2.4.47-r6
 attr-dev-2.4.47-r6
+audit-2.7.7-r1
+audit-libs-2.7.7-r1
 autoconf-2.69-r0
 automake-1.15.1-r0
 bash-4.4.12-r2
@@ -23,7 +25,7 @@ btrfs-progs-4.13.2-r0
 btrfs-progs-dev-4.13.2-r0
 btrfs-progs-libs-4.13.2-r0
 build-base-0.5-r0
-busybox-1.27.2-r6
+busybox-1.27.2-r7
 busybox-initscripts-3.1-r2
 bzip2-1.0.6-r6
 ca-certificates-20171114-r0
@@ -264,7 +266,7 @@ vim-8.0.1359-r0
 wayland-libs-client-1.14.0-r2
 wayland-libs-cursor-1.14.0-r2
 wayland-libs-server-1.14.0-r2
-wireguard-tools-0.0.20171127-r0
+wireguard-tools-0.0.20171211-r0
 wireless-tools-30_pre9-r0
 wpa_supplicant-2.6-r8
 xfsprogs-4.14.0-r0
diff --git a/tools/alpine/versions.x86_64 b/tools/alpine/versions.x86_64
index 2c6a5a1a3..7f037ed54 100644
--- a/tools/alpine/versions.x86_64
+++ b/tools/alpine/versions.x86_64
@@ -1,13 +1,15 @@
-# linuxkit/alpine:d307c8a386fa3f32cddda9409b9687e191cdd6f1-amd64
+# linuxkit/alpine:4584958639b2378246371fe219f33b270667e22e-amd64
 # automatically generated list of installed packages
 abuild-3.1.0-r3
 alpine-baselayout-3.0.5-r2
 alpine-keys-2.1-r1
 alsa-lib-1.1.4.1-r2
-apk-tools-2.8.1-r1
+apk-tools-2.8.1-r2
 argp-standalone-1.3-r2
 attr-2.4.47-r6
 attr-dev-2.4.47-r6
+audit-2.7.7-r1
+audit-libs-2.7.7-r1
 autoconf-2.69-r0
 automake-1.15.1-r0
 bash-4.4.12-r2
@@ -23,7 +25,7 @@ btrfs-progs-4.13.2-r0
 btrfs-progs-dev-4.13.2-r0
 btrfs-progs-libs-4.13.2-r0
 build-base-0.5-r0
-busybox-1.27.2-r6
+busybox-1.27.2-r7
 busybox-initscripts-3.1-r2
 bzip2-1.0.6-r6
 ca-certificates-20171114-r0
@@ -116,7 +118,7 @@ libcap-2.25-r1
 libcap-ng-0.7.8-r1
 libcap-ng-dev-0.7.8-r1
 libcom_err-1.43.7-r0
-libcrypto1.0-1.0.2m-r0
+libcrypto1.0-1.0.2n-r0
 libcurl-7.57.0-r0
 libdrm-2.4.88-r0
 libedit-20170329.3.1-r3
@@ -163,7 +165,7 @@ libseccomp-2.3.2-r0
 libseccomp-dev-2.3.2-r0
 libsmartcols-2.31-r0
 libssh2-1.8.0-r2
-libssl1.0-1.0.2m-r0
+libssl1.0-1.0.2n-r0
 libstdc++-6.4.0-r5
 libtasn1-4.12-r2
 libtirpc-1.0.1-r2
@@ -212,8 +214,8 @@ openrc-0.24.1-r4
 openssh-keygen-7.5_p1-r7
 openssh-server-7.5_p1-r7
 openssh-server-common-7.5_p1-r7
-openssl-1.0.2m-r0
-openssl-dev-1.0.2m-r0
+openssl-1.0.2n-r0
+openssl-dev-1.0.2n-r0
 opus-1.2.1-r1
 ovmf-0.0.20170624-r0
 p11-kit-0.23.2-r2
@@ -272,7 +274,7 @@ vim-8.0.1359-r0
 wayland-libs-client-1.14.0-r2
 wayland-libs-cursor-1.14.0-r2
 wayland-libs-server-1.14.0-r2
-wireguard-tools-0.0.20171127-r0
+wireguard-tools-0.0.20171211-r0
 wireless-tools-30_pre9-r0
 wpa_supplicant-2.6-r8
 xfsprogs-4.14.0-r0