A must-have for Linux! Use SHC encryption tool to protect shell script code security

It is very common to use scripts on Linux systems. However, due to the open nature of script code, sometimes scripts are maliciously modified, copied, and spread. To do this, we need a way to secure our script code. SHC is a very practical encryption tool that can help us encrypt shell scripts and protect the security of the code.

How to encrypt shell scripts in Linux environment? The shell script contains the password and you don't want someone else with execution permissions to view the shell script and get the password. You can install and use the shc tool. Ordinary users cannot read the encrypted shell script created by shc. SHC refers to: Shell Script Compiler (Shell Script Compiler).

environment

Centos8

Install shc

[root@localhost ~]# yum -y install shc

Create a shell script

Create a script file below:

[root@localhost ~]# vim welcome.sh

#!/bin/sh
echo "Welcome to linux world"

Use shc to encrypt the script file

As shown below, use shc to encrypt the welcome.sh script.

[root@localhost scripts]# shc -v -f welcome.sh 
shc shll=sh
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc   welcome.sh.x.c -o welcome.sh.x
shc: strip welcome.sh.x
shc: chmod ug=rwx,o=rx welcome.sh.x

• welcome.sh is the original unencrypted shell script
• welcome.sh.x is an encrypted shell script in binary format
• welcome.sh.x.c is the C source code of the welcome.sh file. Compile this C source code to create the encrypted welcome.sh.x file above.

You can use the file command to view the file type:

[root@localhost scripts]# file welcome.sh
welcome.sh: POSIX shell script, ASCII text executable
[root@localhost scripts]# file welcome.sh.x
welcome.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-

64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=35e0e2569eca90774e379d6fef51ad6fedf346f5, s

tripped
[root@localhost scripts]# file welcome.sh.x.c
welcome.sh.x.c: C source, ASCII text
[root@localhost scripts]# 

Execute the encrypted shell script

Now, let’s execute the encrypted Shell script and make sure it runs:

[root@localhost scripts]# ./welcome.sh.x 
Welcome to linux world

Specify the expiration time of the Shell script

With shc, you can also specify an expiration date. i.e. after this expiration date, when someone tries to execute the shell script, they will receive an error message. Create a new encrypted shell script using the shc -e option, specifying the expiration date. The expiration date is specified in dd/mm/yyyy format.

# 删除之前创建的.x , .x.c文件
[root@localhost scripts]# rm -rf welcome.sh.x*
# 创建带有过期时间的加密脚本
[root@localhost scripts]# shc -e 01/02/2021 -v -f welcome.sh 
shc shll=sh
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc   welcome.sh.x.c -o welcome.sh.x
shc: strip welcome.sh.x
shc: chmod ug=rwx,o=rx welcome.sh.x

In this example, if someone tries to execute the welcome.sh.x script file, it will prompt that it has expired.

[root@localhost scripts]# ./welcome.sh.x 
./welcome.sh.x: has expired!
Please contact your provider jahidulhamid@yahoo.com

If you want to specify a custom expiration message, you need to add the -m option.

[root@localhost scripts]# shc -e 01/02/2021 -m "Please contact admin@example.com!" -v -f welcome.sh 
shc shll=sh
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc   welcome.sh.x.c -o welcome.sh.x
shc: strip welcome.sh.x
shc: chmod ug=rwx,o=rx welcome.sh.x

Using the SHC tool can easily encrypt Shell scripts, effectively protecting the security of the scripts. This article explains how to use the SHC tool to encrypt shell scripts through examples, and also provides methods to solve some common problems. I hope this article can provide Shell script writers with an effective protection method to make script code more secure and reliable.

The above is the detailed content of A must-have for Linux! Use SHC encryption tool to protect shell script code security. For more information, please follow other related articles on the PHP Chinese website!