首页 » ORACLE 9i-23ai » How to Encrypt Your Bash Shell Script on Linux Using SHC?(加密shell script)
How to Encrypt Your Bash Shell Script on Linux Using SHC?(加密shell script)
当需要写shell连接数据库取一些数据或备份等操作时,shell中可能包含数据库的用户密码等敏感信息,被一些不怀好意的人发现是你的灾难,出于安全的考虑需要对shell明文加密,使用shc 就可以把原shell编译为可执行程序(二进制),这样就无法再明文打开shell。
下面做个简单的测试:
[root@s19118 ~]# cat /etc/issue
Oracle Linux Server release 5.8
[root@s19118 ~]# uname -a
Linux s19118 2.6.32-300.10.1.el5uek #1 SMP Wed Feb 22 17:37:40 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
1. Download shc and install it
[root@s19118 ~]# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz --2013-06-18 16:32:08-- http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz Resolving www.datsi.fi.upm.es... 138.100.9.22 Connecting to www.datsi.fi.upm.es|138.100.9.22|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 20498 (20K) [application/x-gzip] Saving to: `shc-3.8.7.tgz' 100%[=======================================================>] 20,498 11.1K/s in 1.8s 2013-06-18 16:32:12 (11.1 KB/s) - `shc-3.8.7.tgz' saved [20498/20498] [root@s19118 ~]# tar zxvf shc-3.8.7.tgz shc-3.8.7/CHANGES shc-3.8.7/Copying shc-3.8.7/Makefile shc-3.8.7/match shc-3.8.7/pru.sh shc-3.8.7/shc-3.8.7.c shc-3.8.7/shc.1 shc-3.8.7/shc.README shc-3.8.7/shc.c shc-3.8.7/shc.html shc-3.8.7/test.bash shc-3.8.7/test.csh shc-3.8.7/test.ksh [root@s19118 ~]# cd shc-3.8.7 [root@s19118 shc-3.8.7]# ls CHANGES Copying Makefile match pru.sh shc.1 shc-3.8.7.c shc.c shc.html shc.README test.bash test.csh test.ksh [root@s19118 shc-3.8.7]# make [root@s19118 shc-3.8.7]# ./shc -v shc parse(-f): No source file specified shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
2. Encrypt A Shell Script Using shc
[root@s19118 shc-3.8.7]# ./test.bash
+ echo '$@ is '
$@ is
+ echo 'command line: ./test.bash '
command line: ./test.bash
+ echo 'hello world'
hello world
+ echo '[26053] PAUSED... Hit return!'
[26053] PAUSED... Hit return!
+ read DUMMY
+ exit 0
[root@s19118 shc-3.8.7]# cat test.bash
#!/bin/bash -x
echo "\$@ is $@"
echo "command line: $0 $*"
echo "hello world"
# Added
echo "[$$] PAUSED... Hit return!"
read DUMMY
exit 0
[root@s19118 shc-3.8.7]# ./shc -f test.bash
# 加密后生成两文件.x.c C源文件,.x可执行文件
-rw-r--r-- 1 root root 9905 Jun 18 16:39 test.bash.x.c
-rwx--x--x 1 root root 11840 Jun 18 16:39 test.bash.x
[root@s19118 shc-3.8.7]# strings test.bash.x|head
/lib64/ld-linux-x86-64.so.2
__gmon_start__
libc.so.6
sprintf
perror
fork
time
_exit
getpid
kill
[root@s19118 shc-3.8.7]# strings test.bash.x.c|head
#if 0
shc Version 3.8.7, Generic Script Compiler
Copyright (c) 1994-2009 Francisco Rosales
./shc -f test.bash
#endif
static char data [] =
#define opts_z 3
#define opts ((&data[0]))
"\266\246\304"
#define tst2_z 19
[root@s19118 shc-3.8.7]# file test.bash.x
test.bash.x: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), stripped
[root@s19118 shc-3.8.7]# file test.bash.x.c
test.bash.x.c: ASCII C program text
3. Execute the Encrypted Shell Script
[root@s19118 shc-3.8.7]# ./test.bash.x + echo '$@ is ' $@ is + echo 'command line: ./test.bash.x ' command line: ./test.bash.x + echo 'hello world' hello world + echo '[25194] PAUSED... Hit return!' [25194] PAUSED... Hit return! + read DUMMY + exit 0
4. Specifying Expiration Date for Your Shell Script
# 可以用shc 指定文件的过期时间,过了那个时间用户再调用执行文件会报错。 [root@s19118 shc-3.8.7]# rm test.bash.x* rm: remove regular file `test.bash.x'? yes rm: remove regular file `test.bash.x.c'? yes #日期格式是dd/mm/yyyy [root@s19118 shc-3.8.7]# ./shc -e 18/6/2013 -f test.bash [root@s19118 shc-3.8.7]# date Tue Jun 18 17:02:06 CST 2013 [root@s19118 shc-3.8.7]# ./test.bash.x ./test.bash.x: has expired! Please contact your provider [root@s19118 shc-3.8.7]# date -s "20130617" Mon Jun 17 00:00:00 CST 2013 [root@s19118 shc-3.8.7]# ./test.bash.x + echo '$@ is ' $@ is + echo 'command line: ./test.bash.x ' command line: ./test.bash.x + echo 'hello world' hello world + echo '[22106] PAUSED... Hit return!' [22106] PAUSED... Hit return! + read DUMMY
# 也可以定义过期后的提示信息使用-m 选项如下
[root@s19118 shc-3.8.7]# ./shc -e 18/6/2013 -m “Contact dba@anbob.com for new version of this script” -f test.bash
Notice:
通过shc加密后的文件并不是不可以解密。
微信扫一扫,打赏作者吧~
对不起,这篇文章暂时关闭评论。