LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Encrypting Shell Scripts Print E-mail
User Rating:      How can I rate this item?
Source: Duane Dunston - Posted by Duane Dunston   
Article Index
Encrypting Shell Scripts
Page 2
Features Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output). There is a program called "shc" that can be used to add an extra layer of security to those shell scripts. SHC will encrypt shell scripts using RC4 and make an executable binary out of the shell script and run it as a normal shell script. This utility is great for programs that require a password to either encrypt, decrypt, or require a password that can be passed to a command line argument.

Download shc (http://www.datsi.fi.upm.es/~frosal/) and untar it:

tar -xzvf shc-X.X.tgz
cd shc-X.X/
make
make install

A binary named "shc" will be created along with some test programs. Let's give it a try.

Create a file called: "script.sh" and add the following contents:

############################### script.sh ##############################
#!/bin/sh

echo "I love Duane's articles and will send him a donation via PayPal."

############################### script.sh ##############################

Now run the command:

shc -f script.sh

The switch "-f" specifies the source script to encrypt. The above command will create two files: script.sh.x.c and script.sh.x.

The program "shc" creates C source code out of your shell script then encrypts it (script.sh.x.c). The encrypted shell script is: script.sh.x. Run that binary and see the output:

./script.sh.x
I love Duane's articles and will send him a donation via PayPal.

Now copy the original "script.sh" file to a floppy disk or some other system for backup or in case you need to edit it in the future. Then, delete it from the server and delete the "script.sh.x.c" file it creates.

Neat feature

You can also specify a time limit on the shell script so that it will no longer execute after a certain date and you can specify a custom message to echo back to the user. Run this command on the "script.sh" file we created earlier in this tut:

shc -e 09/10/2004 -m "Dude it is too late to run this script." -f script.sh
./script.sh.x
./script.sh.x has expired!
Dude it is too late to run this script.

In the above command the date October 9, 2004 is set as the expiration date (-e 09/10/2004) and the custom message was set to display to the user (-m "Dude it is too late to run this script.") when the binary is executed. Note the date format is dd/mm/yyyy.

Check out the man pages for more info on "shc". Remember that the binary is only encrypted on the local system. If you encrypt a script that transmits sensitive information in clear text across a network, you will need some other encrypted communication channel to transmit that information.


Duane Dunston received his B.A. and M.S. degrees from Pfeiffer University and he has his GSEC certification from SANS. Hey,Ann Curry"!

 

Comments
EngineerWritten by Neeraj Bundela on 2008-10-23 06:16:44
Hi , 
 
Do have some utility for Solaris also , please let me know ? 
 
Thanks 
Neeraj
engineerWritten by user on 2009-02-15 22:20:32
did what was stated in the article above. But when i ran the binary ./script.sh.x, i got::: ../script.sh.x: has expired! Please contact provider. 
 
Can anyone help? Thanks..

Only registered users can write comments.
Please login or register.

Powered by AkoComment!



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Canadians arrest a Heartbleed hacker
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.