It wouldn’t stop against volumetric attacks…

They’d still fully consume the WAN bearer regardless of Crowdsec protecting the endpoint. For that you need a scrubbing centre to dump the traffic onto.

deleted by creator

To be honest, considering the role they’re applying for, I would reject their job application too even if it occurred inside a sandboxed environment.

They should know exactly what rm -rf does. The fact they didn’t and they still arbitrary ran the command anyway… massive red flags. Could even say he failed to twart a social engineering attack.

Podman ftw!