Idea/project: Filesystem "undo function"

I was wondering a couple times already if there is any solution to write a log/journal of all the changes made to a filesystem and to have a way to restore/undo to the last "sane state" in case a server gets hacked.

i.e.:
- server gets installed with distro x.y
- server runs for months and writes a log of all the changes made to its filesystem(s) - or better: transfers these logs to an other server somewhere else similar to how syslog does it.

in case server gets hacked or data gets ruined:
- no problem: just tell the server to use its logs and restore itself to its state n days ago, then reboot itself.

does anybody know of something like this? I think that could be really useful/doable to implement... OK there would be a huge overhead if a server gets many changes but it seems that getting hacked/making sure the data stays consistent is the biggest headache while maintaing servers (at least for me it is...)

 

 

 

 

Top