| 1. What is ibsh ? |
|
Iron Bars Shell (ibsh) is a free, open-source restricted system shell for Linux and Unix.
It is small, secure, and is based on a whole new perspective: DENY EVERYTHING!!
If something is needed, allow it. However, we think, allowing something
does not equal "let it come and pass through, whatever it does.".
Ibsh's mission is to deny access to important system files, sensitive commercial
data, to the users of the system! To employees of companies, to project members,
etc. If you read the statistics about companies being hacked, or information is
stolen, you find, that the offender is many times a disgruntled employee.
Employees, even without malicious purposes, cause many times system or network
failures. The goal of ibsh is: allow the least necessary access!
While ibsh's policy might sound very strict and restrictive, and allowing
certain services might sound like hard work, but it is not so. Security, control and
customization are values, equally important to us.
It's impossible to work on a completely restrictive system. It's impossible to govern
access, when it takes a lot of file creation and editing. Admins don't have time for
this. Also, allowing everybody the same programs could also cause problems.
Therefore, we try to keep a balance of these values. We want ibsh to be a
functional working environment, where employees can do their job, almost
transparently, but strictly security minded.
Go to top |
| 2. What's the difference between ibsh and other restricted or unrestricted shells ? |
|
First of all, ibsh is not menu based, as many restricted shells are. We don't want the
users to feel handcuffed. On the first look (except for the prompt), it looks like
a regular system shell. The working philosophy, policy and methods of ibsh
are very different from other restricted shells. We not only want to stop the user to
step outside her home directory. This is a very limited approach, we feel. The user
must not access (read, write to, execute) any files outside the home directory.
Since ibsh is a restricted shell, it can not possibly contain all the features, found
in regular shells like bash or ksh. For example: shell programming,
shell functions, editable, listable environmental variables, etc. It is also not our
goal to provide these. However certain services will be incorporated,
to add more comfort.
|
| 3. What operating systems does ibsh support ? |
|
We have tested ibsh on debian (woody, sarge) and netbsd. We are confident, that
it works on all posix systems. Ibsh contains no operating system- , or hardware
specific code.
Note: there have been problems getting ibsh compiled on sid (debian). In this
case, please download the binary release.
Go to top |
| 4. Any dependancies ? |
|
None.
Go to top |
| 5. What if i still can't compile ibsh, although my operating system is supported ? |
|
You are encouraged to download the binary release of ibsh. The binary
release labelled linux, also works on BSD. The package also contains the
source code.
Go to top |
| 6. Where can i download Iron Bars SHell ? |
|
Go to our website: http://ibsh.sourceforge.net , or to our project page:
http://sourceforge.net/projects/ibsh/ . You can access the download page there.
Go to top |
| 7. How do i install ibsh ? |
|
We didn't feel the need of a configure script, because ibsh is not as
complicated as apache or sendmail. To configure it, please take a look of
ibsh.h . This file contains all the system specific data, like directories, filenames .
If you would like to change any of these, do that in ibsh.h, but don't forget to update
the Makefile!
Please always read the INSTALL file, available in the tarball.
If no changes are needed (shouldn't in most cases):
# make ibsh # make ibsh_install Optionally, you can do a
# make clean
|
| 8. How do i uninstall ibsh ? |
|
# make ibsh_uninstall
Go to top |
| 9. Is ibsh translated ? |
|
Ibsh prints so little text, ( usually only a "Sorry, can't let you do that." ), that
we didn't make any translations, nor did we make any steps to make ibsh accept
translated text. If you would like to see messages in your language, please
write them in a textfile, and send it to us in email. Note however, that as long as
your operating system "speaks" english, as default, a translation to ibsh will
make very little change.
Go to top |