Encrypting your shell script in linux using shc utility

-




Unix or Linux admin often used various shell script to perform automation in project or meaning to reduction in efforts. this is a very good practice for projects and in it helps admin a lot. But some time an admin dont want everyone to see what codes he used to write. A shell script normally a text file of a group of command sequence to perform specific task and hence it is very obvious that any one can read this test file and can find what is written in script and can understand the logic.

So here is an option if an admin dont want to show is codes to some one but want to give ability that some one can execute his script for performing the same task. shc is an option. shc encrypts the shell script and it turns into binary mode which cannot be read.

Lets understand how we can use it.

I have one script for getting VM ip's from my KVM host machine .

# vim getvmip
content of script is as bellow -

#!/bin/bash
VMMAC=$(virsh dumpxml $1 | grep "mac address" | awk -F\' '{ print $2}')
VMIP=$(arp -an | grep $VMMAC | awk '{print $2}' | cut -d "(" -f2 | cut -d ")" -f1 )
echo "Domain $1 ip is : $VMIP"

When i execute this script with any of vm ( KVM domain ) name it returns the guest VM IP.

# ./getvmip vmv1
Domain vmv1 ip is : 192.168.122.6

Now in order to encrypt my this script, i will install shc first in my centos 7 machine
i need gcc and make utility to be already there in order to compile this shc source.
Download the source

# wget https://github.com/neurobin/shc/archive/release.tar.gz
# tar xvf  release.tar.gz
# cd  shc-release
# ./configure
# make
# make install

Now i can use shc command to encrypt my code 
I will run bellow to encrypt this

# shc -v -r  -f  getvmip

And above will generate two file

getvmip.x and getvmip.x.c   where  getvmip.x is my executable binary file which i can reditribute to anyone and the same script will run there also ..

Cheers !!

Comments

Post a Comment

Popular posts from this blog

Running web ssh client on port 443 /80 with nginx as reverse proxy

-
Package used         : shellinabox , nginx Repository used        : epel-release Linux distro used    : Centos 7.6 nginx reverse proxy server ip : 192.168.1.65 shellinabox web ssh server ip : 192.168.1.111 login to web ssh server first install epel-repo # yum install epel-release -y install shellinabox package # yum -y install shellinabox start and enable shellinaboxd service # systemctl enable shellinaboxd && systemctl start shellinaboxd By default shellinaboxd service starts with ssl port 4200 for us to run this in a reverse proxy environment need to make this as insecure hence the encryption will be done by nginx to end user. edit file /etc/sysconfig/shellinabox  like bellow- USER=shellinabox GROUP=shellinabox CERTDIR=/var/lib/shellinabox PORT=4200 OPTS="--disable-ssl-menu -s /:LOGIN" OPTS="-t -s /:SSH:192.168.1.111" save file exit and restart service # systemctl restart shellinaboxd Now open firewall for listening port 4200 from nginx proxy server only #
Read more

Running cockpit behind nginx reverse proxy with nginx ssl and cockpit non ssl

-
Domain for web access to cockpit : cockpit.mylab.local cockpit server ip : 192.168.1.61 nginx server ip   : 192.168.1.65 Linux distro using is Centos 7.6 Login to cockpit server Create a file [root@repo ~]# vim /etc/cockpit/cockpit.conf content will be like [WebService] Origins = https://cockpit.mylab.local wss://cockpit.mylab.local ProtocolHeader = X-Forwarded-Proto AllowUnencrypted = true save and restart cockpit # systemctl restart cockpit now  login to your nginx webserver and install nginx # yum install nginx -y create a new file vim /etc/nginx/conf.d/cockpit.conf paste content as bellow server {     listen         80;     listen         443 ssl http2;     server_name    cockpit.mylab.local;     ssl_certificate /etc/ssl/certs/cockpit-selfsigned.crt;     ssl_certificate_key  /etc/ssl/private/cockpit-selfsigned.key;     location / {         proxy_pass http://192.168.1.61:9090;         proxy_set_header Host $host;         proxy_http_version 1.1;
Read more

Setup VOD streaming server with nginx using RTMP on Ubuntu 18.04

-
Install required packages for source code nginx build # apt-get install -y build-essential ca-certificates wget curl libpcre3 libpcre3-dev autoconf unzip automake libtool tar git libssl-dev zlib1g-dev uuid-dev lsb-release vim htop sysstat ufw fail2ban makepasswd libgd-dev libgeoip-dev -y create a directory # mkdir /usr/local/src/nginx/ # cd /usr/local/src/nginx/ download and extract nginx tar # wget -qO- http://nginx.org/download/nginx-1.14.2.tar.gz | tar zxf - clone nginx rtmp module # git clone https://github.com/arut/nginx-rtmp-module Download other modules - PCRE version 8.42 # wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz && tar xzvf pcre-8.42.tar.gz - zlib version 1.2.11 # wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz - OpenSSL version 1.1.0h # wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz && tar xzvf openssl-1.1.0h.tar.gz # cd nginx-1.14.2/ configure  nginx with modules and options # ./configure --add-modu
Read more