One of the requirements is to use a system auditing tool to monitor and log all security-relevant events.
`auditd` allows to collect and store detailed information about system events, such as user login attempts, file modifications, and network connections
```
root@r14:/home/vyos# cat /etc/audit/auditd.conf
#
# This file controls the configuration of the audit daemon
#
local_events = yes
write_logs = yes
log_file = /var/log/audit/audit.log
log_group = adm
log_format = ENRICHED
flush = INCREMENTAL_ASYNC
freq = 50
max_log_file = 8
num_logs = 5
priority_boost = 4
name_format = NONE
##name = mydomain
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
verify_email = yes
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
use_libwrap = yes
##tcp_listen_port = 60
tcp_listen_queue = 5
tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
transport = TCP
krb5_principal = auditd
##krb5_key_file = /etc/audit/audit.key
distribute_network = no
q_depth = 2000
overflow_action = SYSLOG
max_restarts = 10
plugin_dir = /etc/audit/plugins.d
end_of_event_timeout = 2
```
Report
```
root@r14:/home/vyos# sudo aureport
Summary Report
======================
Range of time in logs: 04/03/2023 21:12:24.277 - 04/03/2023 21:28:30.093
Selected time for report: 04/03/2023 21:12:24 - 04/03/2023 21:28:30.093
Number of changes in configuration: 3
Number of changes to accounts, groups, or roles: 0
Number of logins: 1
Number of failed logins: 5
Number of authentications: 1
Number of failed authentications: 3
Number of users: 4
Number of terminals: 12
Number of host names: 2
Number of executables: 6
Number of commands: 4
Number of files: 0
Number of AVC's: 0
Number of MAC events: 0
Number of failed syscalls: 0
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of integrity events: 0
Number of virt events: 0
Number of keys: 0
Number of process IDs: 20
Number of events: 88
root@r14:/home/vyos#
```