What is Emotet Emotet is a multipurpose malware which is mainly distributed through spam mails. It was first spotted in 2014 and was designed to steal bank account details. Since then, there have been many different versions of the malware which include other functionalities such as malspam or delivery of other types of malware such as TrickBot or Ryuk. Emotet is back since early September, infecting devices through botnet attacks by sending out large quantities of emails.
We understand cybersecurity incidents as any event that can harm a system’s confidentiality, integrity or availability. Cyberattacks are becoming more frequent and powerful, and what we observe is that companies are becoming primarily concerned with understanding how to react when said attacks occur. But this approach might not be the best. The breaches take place when a threat can exploit a system through its vulnerabilities or lack of safeguards. Thus, a combined effort of prevention, monitoring, detection and response can help us better protect our organizations.
In this post we will cover the basics of Event Logging in Linux systems. We will talk about Syslog: Message structure, the most famous implementations and main configurations. We will also play with the inner workings of Linux logging using UNIX sockets, logger and syslog services. Let’s get to it! What is Syslog? Syslog is a standard (RFC5424) used for log management. This management can be local or remote. Do not confuse syslog standard with syslog applications like Syslog-ng, Rsyslog, Nxlog… In some of the most famous Linux distros like Ubuntu, Debian or Fedora, Rsyslog is installed by default.