Automated maintenance of the system with shell scripts is simple, convenient and portable.
But shell scripts are read-write and are likely to leak sensitive information, such as usernames, passwords, paths, IP, and so on.
Similarly, sensitive information is also disclosed when a shell script is run.
How do I encrypt a script without affecting the script?
First, the SHC method
SHC is a tool for encrypting shell scripts. Its role is to convert the shell script into an executable binary file, which is a good solution to the above problem.
Yum Installation:
Yum-y Install SHC
Compile and install:
wget Http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgztar XVFZ shc-3.8.7.tgzcd shc-3.8.7make
Verifying that the SHC is properly installed
[Email protected] shc-3.8.7]#./SHC-VSHC Parse (-f): No source file SPECIFIEDSHC USAGE:SHC [-E Date] [-M addr] [-I iopt] [-X CMND] [-L lopt] [-rvdtcah]-F Script
Create a sample shell script
< = $max ; start++)) Do echo-e $RANDOMdone
Add executable permissions to Scripts
[Email protected] shc-3.8.7]# chmod u+x random.sh
Execute the Sample script
[Email protected] shc-3.8.7]#./random.shhow Many random numbers do you want to generate?31423595557671
Using SHC to encrypt shell scripts
[Email protected] shc-3.8.7]#/shc-v-r-t-F RANDOM.SHSHC shll=bashshc [-I]=-CSHC [-x]=exec '%s ' "[email protected]" sh c [-L]=SHC opts=shc:cc random.sh.x.c-o random.sh.xshc:strip random.sh.xshc:chmod go-r random.sh.x
Two files will be generated after running, script-name.x and SCRIPT-NAME.X.C
Script-name.x is an executable binary file after encryption
SCRIPT-NAME.X.C is the original file that generated the script-name.x (C language)
[[email protected] shc-3.8.7]# ll random.sh*-rwxr-xr-x 1 root root 146 2 10:26 random.sh-rwx--x--x 1 root root 9424 2 random.sh.x-rw-r--r--1 root root 10080 2 random.sh.x.c
Execute the encrypted script
[Email protected] shc-3.8.7]#./random.sh.x How many random numbers does you want to generate?3289552148729513
Not perfect, only the full path to execute the SHC command or into the directory, add Global environment variable/etc/profile not in effect
Second, Gzexe
It is using the system comes with the Gzexe program, it is not only encrypted, while compressing the file
This encryption method is not a very safe approach, but can be used for general encryption purposes, can conceal the password in the script and other information.
How to use:
[[email protected] home]# gzexe random.sh random.sh: 20.5%
[email protected] home]# ll random.sh*-rwxr-xr-x 1 root root 953 2 10:45 random.sh-rwxr-xr-x 1 root root 146 aug< C4/>2 10:45 random.sh~
It will back up the original unencrypted file as file.sh~, while file.sh becomes the encrypted file
Reference Address:
http://lidao.blog.51cto.com/3388056/1914205
https://yq.aliyun.com/ziliao/65848
Encrypt a shell script