diff --git a/scripts/install.sh b/scripts/install.sh
new file mode 100644
index 0000000..b508d0b
--- /dev/null
+++ b/scripts/install.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+
+
+# install yay
+cd ~
+git clone https://aur.archlinux.org/yay.git
+cd yay
+makepkg -si
+cd ..
+sudo rm -rf yay
diff --git a/services/audit-framework/auditd/.auread-aliases b/services/audit-framework/auditd/.auread-aliases
new file mode 100644
index 0000000..69d97db
--- /dev/null
+++ b/services/audit-framework/auditd/.auread-aliases
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# aureport and ausearch
+
+alias aurepwk='aureport --start this-week'
+alias aurepwkv='aureport --start this-week --key --summary'
+
+# syscall audit rule for failure to open files due to EPERM with key field access
+
+# add to syscall.rules
+# -a always,exit -F arch=b64 -S open -S openat -F exit=-EPERM -k access
+
+# check which files have been attempted
+alias aurfilist='ausearch --start this-week -k access --raw | aureport --file --summary'
+
+# check the user accounts implicated 
+
+alias aurlusfi='ausearch --start this-week -k access --raw | aureport --user --summary'
+
+
diff --git a/services/audit-framework/auditd/auditd.conf b/services/audit-framework/auditd/auditd.conf
new file mode 100644
index 0000000..e69de29
diff --git a/services/audit-framework/auditd/auditd.rules b/services/audit-framework/auditd/auditd.rules
new file mode 100644
index 0000000..e69de29
diff --git a/services/audit-framework/auditd/rules.d/file.rules b/services/audit-framework/auditd/rules.d/file.rules
new file mode 100644
index 0000000..d595447
--- /dev/null
+++ b/services/audit-framework/auditd/rules.d/file.rules
@@ -0,0 +1,3 @@
+-w /etc/passwd -p rwxa
+-w /etc/sudoers -p rwxa
+-w /etc/nftables.conf -p rwxa
diff --git a/services/audit-framework/auditd/rules.d/syscalls.rules b/services/audit-framework/auditd/rules.d/syscalls.rules
new file mode 100644
index 0000000..697dd91
--- /dev/null
+++ b/services/audit-framework/auditd/rules.d/syscalls.rules
@@ -0,0 +1,4 @@
+
+-a entry,always -S chmod
+-a entry,always -S chown
+