A compromised chroot environment is much easier to recover than a compromised host. A tarball of the directory is all that is necessary to rebuild the chroot structure. Make sure to use the --preserve option when creating the initial tarball. This is perhaps the easiest way to back up and recover the chroot directory.
# tar czvfp chroot.tar.gz /opt/chroot
chroot also lowers the number of logs, users, and processes that must be monitored . Although the initial creation of a chroot environment requires a lot of effort, ongoing administration is actually improved.
The administration of a chroot environment is no different from that of a service installed normally. As you define policies for the configuration, logging, and patching of services on the operating system, make sure to include specific policies for the chroot services.