Install rbash as "restricted shell" to login into ssh console of SME Server
SME Server Hardening with a restricted shell called rbash
If you have enabled a user to login into the SME Server with ssh / Putty Tool the root filesystem can be browsed.
To prevent this root filesystem browsing use "rbash". This works not with TMUX and SCREEN Multiplexer!!! Cause Users can break out..
Remark: rbash is not 100% secure, Server should be never reachable to Consoles from Internet!!
1. Login as root on the SME Server to the ssh console
2. create a symlink for rbash to bash
mv /bin/bash /bin/orgbash chmod 700 /bin/orgbash chmod 700 /bin/sh chmod 700 /bin/csh $ln -s /bin/bash /bin/rbash
3. enable rbash by system setting /etc/shells
$echo '/bin/rbash' >> /etc/shells
4. set user shell to /bin/rbash
$chsh #set user shell to /bin/rbash
5. Disable "chsh" command for users
$chmod o= /bin/chsh
6. Login as user and test linux commands or try to break out!!