If you are looking to protect your BASH script from prying eyes, try encrypting it and then compiling it.

1st: Encrypting
1] obfsh – You will want this tool from http://www.comp.eonworks.com/scripts/obfuscate_shell_script-20011012.html
obfsh is quite flexible and can obfuscate any type of shell script. The
obfuscated script version is printed to stdo. The original script is not

Using obfsh options cleverly, one may fool more then just a casual intruder
or snooper, and certainly make understanding of the obfuscated script harder
and more time consuming.

Read some of the options first.

obfsh -h

You can vary the way it works.

So to encrypt it, take this tool and make your script hard to read.

obfsh -i -f script.sh > newfile_script.sh

2] ?(Another method is out there. Just have to find it again.)

2nd: Compile
Take your newly encrypted file from step 1 and use it here with the tool called shc.

Check your distro or goto http://www.datsi.fi.upm.es/~frosal/ and download shc (shc-3.8.9.tgz version of this posting).
Edit: After trying to get this to work smoothly, and failing to get “make” to work, I then tested version 3.8.7. This one ran “make” correctly and “make install”. I suggest using it instead. http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz

Use -r, this will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.

shc -r -f newfile_script.sh

3rd (optional): Specifying Expiration Date for Your Shell Script
This makes it so the compiled bash script will not run after the set date and will display a message instead.

shc -r -e 01/01/2015 -m "Expired on New Years Day." -f newfile_script.sh

If you get the following error messages upon give the shc command:

# shc -f cleanlog.sh
cleanlog.sh.x.c:108:22: error: sys/stat.h: No such file or directory
cleanlog.sh.x.c:109:23: error: sys/types.h: No such file or directory
cleanlog.sh.x.c:111:19: error: errno.h: No such file or directory
cleanlog.sh.x.c:112:19: error: stdio.h: No such file or directory
cleanlog.sh.x.c:113:20: error: stdlib.h: No such file or directory
cleanlog.sh.x.c:114:20: error: string.h: No such file or directory
cleanlog.sh.x.c:115:18: error: time.h: No such file or directory
cleanlog.sh.x.c:116:20: error: unistd.h: No such file or directory
cleanlog.sh.x.c: In function 'key_with_file':
cleanlog.sh.x.c:178: error: array type has incomplete element type
cleanlog.sh.x.c:179: error: array type has incomplete element type
cleanlog.sh.x.c:185: warning: incompatible implicit declaration of built-in function 'memset'

then install the following packages:

# apt-get install gcc libc6-dev

Last but not the least. There is no guarantee that this utility will provide you a very strong security protection. Experienced users or hackers who have sufficient knowledge about “gdb” or other debugger tools can decrypt your shell script(when using shc alone). Although it does provide a good starting point to encrypt (hide) shell scripts from “regular” users if you are a system administrator.

 6,490 total views,  2 views today

As if we didn’t have enough with crotchbombs and the TSA, the FAA is now saying that “[passenger networking] may result in security vulnerabilities” exposing flight systems to hackers. But, how serious is this danger?

The FAA says that their airworthiness tests “do not contain adequate or appropriate safety standards for these design features.” So basically, it seems that there’s a grey area for now, leaving the responsibility to the airplane manufacturers. They gave these guidelines to Boeing, but that’s about it:

1. Boeing must ensure electronic system security protection for the aircraft control domain and airline information domain from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.

2. Boeing must ensure that electronic system security threats from external sources are identified and assessed, and that effective electronic system security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.

In theory, the flight systems and passenger networks on the Boeing 747-8 and the ever-delayed Dreamliner are separated. But Vijay Takanti, VP for Security for Exostar (which is partially owned by Boeing, according to Runway Girl Mary Kirby), says that “there is some crossover and [the industry] is trying very hard to make sure the number of crossover points are very limited.”

What does Takanti mean with “crossovers points”? And why don’t just keep both networks separated to avoid any potential hacking nightmares? That would fix any potential security breaches, right?

It seems that this may not be the case, which is what the FAA is hinting at in their guidelines: The mere existence of two networks in a plane—one accessible by the passengers—is a security hole in itself. The FAA says that Boeing should find a way to prevent “access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.

That’s the key. While it could be quite difficult to do, tampering with the networking systems inside the plane is a possibility during the maintenance stage. And, if history has taught us anything, any security system can be broken, no matter how well engineered it is. Add to this the fact that planes are now being connected to the internet itself, and you have the potential ingredients for some remote hackers to do something bad.

As they admit themselves, the FAA doesn’t have regulations for these inflight networking systems. This makes me a bit nervous. It is not that their regulations or tests could make things hacker-proof—nothing is hacker-proof—but the idea of leaving this responsibility to private companies is not good enough, as demonstrated in recent times.

The only 100% secure option is this: Fly without any kind of passenger networking. But then again, would you live without your newly-acquired habit of viewing YouTube cat videos during flights? Would you sacrifice your inflight mail or your web browsing, like you have already sacrificed your dignity at the security checkpoint? Should we stop running our always-connected lives because of a remote security threat?

Maybe we need to update the True Odds of Airborne Terror Attack chart. Maybe there’s nothing to worry about. Do terrorist have the resources to coordinate a sophisticated attack like this, and take control of a plane in any meaningful or dangerous way? Given their crotchbomb plans, probably not. But I don’t want to find out, FAA. Let’s nail all these issues before they become a real problem. [Runway GirlPhoto by Jeff McNeill]

 757 total views