Encrypt a shell script

Automated maintenance of the system with shell scripts is simple, convenient and portable.
But shell scripts are read-write and are likely to leak sensitive information, such as usernames, passwords, paths, IP, and so on.
Similarly, sensitive information is also disclosed when a shell script is run.
How do I encrypt a script without affecting the script?

First, the SHC method

SHC is a tool for encrypting shell scripts. Its role is to convert the shell script into an executable binary file, which is a good solution to the above problem.

Yum Installation:

Yum-y Install SHC

Compile and install:

wget Http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgztar XVFZ shc-3.8.7.tgzcd shc-3.8.7make

Verifying that the SHC is properly installed

[Email protected] shc-3.8.7]#./SHC-VSHC Parse (-f): No source file SPECIFIEDSHC USAGE:SHC [-E Date] [-M addr] [-I iopt] [-X CMND] [-L lopt] [-rvdtcah]-F Script

Create a sample shell script

< = $max ; start++)) Do  echo-e $RANDOMdone

Add executable permissions to Scripts

[Email protected] shc-3.8.7]# chmod u+x random.sh

Execute the Sample script

[Email protected] shc-3.8.7]#./random.shhow Many random numbers do you want to generate?31423595557671

Using SHC to encrypt shell scripts

[Email protected] shc-3.8.7]#/shc-v-r-t-F RANDOM.SHSHC shll=bashshc [-I]=-CSHC [-x]=exec '%s ' "[email protected]" sh c [-L]=SHC opts=shc:cc  random.sh.x.c-o random.sh.xshc:strip random.sh.xshc:chmod go-r random.sh.x

Two files will be generated after running, script-name.x and SCRIPT-NAME.X.C
Script-name.x is an executable binary file after encryption
SCRIPT-NAME.X.C is the original file that generated the script-name.x (C language)

[[email protected] shc-3.8.7]# ll random.sh*-rwxr-xr-x 1 root root   146  2 10:26 random.sh-rwx--x--x 1 root root  9424  2 random.sh.x-rw-r--r--1 root root 10080  2 random.sh.x.c

Execute the encrypted script

[Email protected] shc-3.8.7]#./random.sh.x How many random numbers does you want to generate?3289552148729513

Not perfect, only the full path to execute the SHC command or into the directory, add Global environment variable/etc/profile not in effect

Second, Gzexe

It is using the system comes with the Gzexe program, it is not only encrypted, while compressing the file

This encryption method is not a very safe approach, but can be used for general encryption purposes, can conceal the password in the script and other information.

How to use:

[[email protected] home]# gzexe random.sh random.sh:     20.5%

[email protected] home]# ll random.sh*-rwxr-xr-x 1 root root 953  2 10:45 random.sh-rwxr-xr-x 1 root root 146 aug< C4/>2 10:45 random.sh~

It will back up the original unencrypted file as file.sh~, while file.sh becomes the encrypted file

Reference Address:

http://lidao.blog.51cto.com/3388056/1914205

https://yq.aliyun.com/ziliao/65848

Encrypt a shell script