Shell Scripting Encryption

Think of a long time not updated blog, today in the group to see the discussion about shell script encryption things.

Think about it too, we are writing scripts sometimes configure the relevant account and password things, so as long as the permission can see the information, very insecure, there is no normal operation of the file encryption. The following two features are broadly available:

1. Encrypt files to prevent others from seeing what I wrote.

2. can be sensitive to hidden knowledge points, such as scripts involving users and passwords, such as MySQL
   

   I deliberately searched, there are two ways to increase knowledge, so the verification, the process is as follows:

First Method (Gzexe): Based on ubuntu14.04

This type of encryption is not a very safe method, but it can be used for general encryption purposes. It is using the system comes with the Gzexe program, it not only encrypts, simultaneously compresses the file.

How to use: Gzexe file.sh it will back up the original unencrypted file as xx.sh~, while xx.sh becomes the encrypted file

[email protected]:~/test# lstest.sh[email protected]:~/test# cat test.sh #!/bin/ bashecho  ' Date ' [email protected]:~/test# sh test.sh mon jul 17  15:08:01 hkt 2017[email protected]:~/test# gzexe  test.sh test.sh:  25.0%[email protected]:~/test# lstest.sh  test.sh~[email protected]:~/test# sh  test.shMon Jul 17 15:08:14 HKT 2017[email protected]:~/test# sh  test.sh~mon jul 17 15:08:18 hkt 2017[email protected]:~/test# cat  test.sh~#!/bin/bashecho  ' Date ' [email protected]:~/test# cat test.sh#!/bin/bashskip=44tab= ' ' nl= ' ifs= '   $tab $nl ' umask= ' umask ' umask 77gztmpdir=trap  ' res=$?  test -n  ' $ Gztmpdir " && rm -fr " $gztmpdir "   (exit  $res); exit  $res '  0 1 2 3 5 10 13 15if type mktemp >/dev/null 2>&1; then   gztmpdir= ' Mktemp -dt ' else  gztmpdir=/tmp/gztmp$$; mkdir  $gztmpdirfi  | |  {  (exit 127),  exit 127; }gztmp= $gztmpdir/$0case $0 in-* | * /* ')  mkdir -p  "$gztmp"  && rm -r  "$gztmp";; */*)  gztmp= $gztmpdir/' basename  ' $ "';; esac | |  {  (exit 127); exit 127; }case  ' echo x | tail -n + 1 2>/dev/null '  inx)  tail_n=-n;; *)  tail_n=;; esacif tail  $tail _n + $skip  < "$"  | gzip -cd >  "$gztmp";  then  umask  $umask   chmod 700  $gztmp    (sleep 5;  rm -fr  "$gztmpdir")  2>/dev/null &   "$gztmp"  ${1+ "[email  Protected] "}; res=$?else  echo >&2  "Cannot decompress $0"    (exit 127); res=127fi;  exit  $res

At this point we can see that the test.sh file has been encrypted, but it does not affect the operation. At this point you delete the test.sh~ file, others will be completely invisible (you can not see, please delete it as appropriate).

[Email protected]:~/test# lstest.sh test.sh~[email protected]:~/test# rm test.sh~[email protected]:~/test# lstest.sh[ Email protected]:~/test# sh test.sh Mon Jul 15:10:36 HKT 2017

Recommended to use, on the one hand, the system comes with commands, to achieve the purpose, nobody idle crack your script, even if you want to crack, first enter your system again.

I am based on centos6.8 (ubuntu14.04 problem, no specific troubleshooting)

Method 2:SHC

SHC Common parameters

-E Date
Expiration date in dd/mm/yyyy format [None] (Specify expiration date)

-M message
Message to display upon expiration ["Please contact your provider"] (specify expiration prompt information)

-F Script_name
File name of the script to compile (specifies the path and file name of the shell to be compiled)

-R Relax Security.
Make a redistributable binary which executes on different systems running the same operat-ing system. (can be used in different systems of the same operating system Line

-V Verbose Compilation (details of compilation)

SHC is a professional tool for encrypting shell scripts. Its role is to transform the shell script into an executable binary file, this method is also a good solution to the script contains IP, password and so do not want to open the issue

Package DOWNLOAD Link:

http://www.datsi.fi.upm.es/~frosal/sources/

[[email protected] ~]# wget http://www.datsi.fi.upm.es/~frosal/sources/ shc-3.8.6.tgz--2017-07-17 15:23:39--  http://www.datsi.fi.upm.es/~frosal/sources/ shc-3.8.6.tgzresolving www.datsi.fi.upm.es... 138.100.9.22connecting to  Www.datsi.fi.upm.es|138.100.9.22|:80... connected. http request sent, awaiting response... 200 oklength: 35071  (34K)  [application/x-gzip]Saving to:  "Shc-3.8.6.tgz" 100%[=========================================== ==================================================================================>] 35,071       21.9K/s   in 1.6s    2017-07-17  15:23:46  (21.9 kb/s)  -  "Shc-3.8.6.tgz"  saved [35071/35071][[email protected ] ~]# tar xf shc-3.8.6.tgz [[email protected] ~]# mkdir -p / Usr/local/man/man1

This step is necessary, otherwise the installation process will be error, SHC will install the command into the/usr/local/bin/directory;

The help document is stored in the/usr/local/man/man1/directory, if the system does not have this directory, the installation will be error, you can create this directory and then perform the installation.

[[Email protected] ~]# CD Shc-3.8.6[[email protected] shc-3.8.6]# make install***installing SHC and Shc.1 on/usr/local*** Want to continue? Y #此时等待输入yinstall-C-S shc/usr/local/bin/install-c-M 644 shc.1/usr/local/man/man1/How to use:-f [email protected] test]# Cat Test.sh#!/bin/bashecho ' Date ' [[email protected] test]# shc-r-f test.shtest.sh.x.c:in function ' chkenv ': test.sh.x.c : 211:warning:cast from pointer to integer of different sizeyou has new mail in/var/spool/mail/root[[email protected] t est]# lstest.sh test.sh.x test.sh.x.c will generate two files, xx.x and xx.x.c after running.

Where xx.x is an executable binary that is encrypted and can be run with./xx.x, XX.X.C is the original file (c) that generated the xx.x.

Not recommended, need to be installed separately management, more trouble. If the security requirements are very high, it is possible to parameter.

This article is from the "Promise (Promise)" blog, please make sure to keep this source http://caimengzhi.blog.51cto.com/9787265/1948227

Shell Scripting Encryption