One of the requirements is to use a system auditing tool to monitor and log all security-relevant events.
auditd allows to collect and store detailed information about system events, such as user login attempts, file modifications, and network connections
An operator must not have access to this log, will be extended when we return administrator and operator access user levels.
https://doc.opensuse.org/documentation/leap/security/html/book-security/cha-audit-setup.html
root@r14:/home/vyos# cat /etc/audit/auditd.conf # # This file controls the configuration of the audit daemon # local_events = yes write_logs = yes log_file = /var/log/audit/audit.log log_group = adm log_format = ENRICHED flush = INCREMENTAL_ASYNC freq = 50 max_log_file = 8 num_logs = 5 priority_boost = 4 name_format = NONE ##name = mydomain max_log_file_action = ROTATE space_left = 75 space_left_action = SYSLOG verify_email = yes action_mail_acct = root admin_space_left = 50 admin_space_left_action = SUSPEND disk_full_action = SUSPEND disk_error_action = SUSPEND use_libwrap = yes ##tcp_listen_port = 60 tcp_listen_queue = 5 tcp_max_per_addr = 1 ##tcp_client_ports = 1024-65535 tcp_client_max_idle = 0 transport = TCP krb5_principal = auditd ##krb5_key_file = /etc/audit/audit.key distribute_network = no q_depth = 2000 overflow_action = SYSLOG max_restarts = 10 plugin_dir = /etc/audit/plugins.d end_of_event_timeout = 2
Report
root@r14:/home/vyos# sudo aureport Summary Report ====================== Range of time in logs: 04/03/2023 21:12:24.277 - 04/03/2023 21:28:30.093 Selected time for report: 04/03/2023 21:12:24 - 04/03/2023 21:28:30.093 Number of changes in configuration: 3 Number of changes to accounts, groups, or roles: 0 Number of logins: 1 Number of failed logins: 5 Number of authentications: 1 Number of failed authentications: 3 Number of users: 4 Number of terminals: 12 Number of host names: 2 Number of executables: 6 Number of commands: 4 Number of files: 0 Number of AVC's: 0 Number of MAC events: 0 Number of failed syscalls: 0 Number of anomaly events: 0 Number of responses to anomaly events: 0 Number of crypto events: 0 Number of integrity events: 0 Number of virt events: 0 Number of keys: 0 Number of process IDs: 20 Number of events: 88 root@r14:/home/vyos#