Hi,
imagine you run apache in a jail. Someone breaks in.
Is it possible to detect the intrusion somehow (checksums on binaries, user counting), inform the admin via mail, shut down the jail, restore the last snapshot of the jails mountpoint and start it again** automatically?
** maybe with a new firewall rule that blocks the attackers IP for 12 hours.
Or is this science fiction?
imagine you run apache in a jail. Someone breaks in.
Is it possible to detect the intrusion somehow (checksums on binaries, user counting), inform the admin via mail, shut down the jail, restore the last snapshot of the jails mountpoint and start it again** automatically?
** maybe with a new firewall rule that blocks the attackers IP for 12 hours.
Or is this science fiction?