Which file is primarily used to track the usage of authorization systems?

The file used to track the usage of authorization systems is the one located at /var/log/secure. This log file logs security-related events, including authentication attempts and authorization failures, as well as other security-related messages. This includes logs related to user logins, both successful and failed, as well as sudo command usage, making it an essential file for monitoring access and ensuring the security of the system.

The other files mentioned serve different purposes. For example, /var/log/messages holds general log messages from various system services, which may not be specifically related to authorization. /etc/services contains network services and their corresponding port numbers, and does not track authorization events at all. /var/log/kernel logs information related to the kernel messages and hardware events, which are also not focused on user authorization or security events. Thus, /var/log/secure is the appropriate choice for tracking the usage of authorization systems.