If you are looking to protect your BASH script from prying eyes, try encrypting it and then compiling it.
1] obfsh – You will want this tool from http://www.comp.eonworks.com/scripts/obfuscate_shell_script-20011012.html
obfsh is quite flexible and can obfuscate any type of shell script. The
obfuscated script version is printed to stdo. The original script is not
Using obfsh options cleverly, one may fool more then just a casual intruder
or snooper, and certainly make understanding of the obfuscated script harder
and more time consuming.
Read some of the options first.
You can vary the way it works.
So to encrypt it, take this tool and make your script hard to read.
obfsh -i -f script.sh > newfile_script.sh
2] ?(Another method is out there. Just have to find it again.)
Take your newly encrypted file from step 1 and use it here with the tool called shc.
Check your distro or goto http://www.datsi.fi.upm.es/~frosal/ and download shc (shc-3.8.9.tgz version of this posting).
Edit: After trying to get this to work smoothly, and failing to get “make” to work, I then tested version 3.8.7. This one ran “make” correctly and “make install”. I suggest using it instead. http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
Use -r, this will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
shc -r -f newfile_script.sh
3rd (optional): Specifying Expiration Date for Your Shell Script
This makes it so the compiled bash script will not run after the set date and will display a message instead.
shc -r -e 01/01/2015 -m "Expired on New Years Day." -f newfile_script.sh
If you get the following error messages upon give the shc command:
# shc -f cleanlog.sh cleanlog.sh.x.c:108:22: error: sys/stat.h: No such file or directory cleanlog.sh.x.c:109:23: error: sys/types.h: No such file or directory cleanlog.sh.x.c:111:19: error: errno.h: No such file or directory cleanlog.sh.x.c:112:19: error: stdio.h: No such file or directory cleanlog.sh.x.c:113:20: error: stdlib.h: No such file or directory cleanlog.sh.x.c:114:20: error: string.h: No such file or directory cleanlog.sh.x.c:115:18: error: time.h: No such file or directory cleanlog.sh.x.c:116:20: error: unistd.h: No such file or directory cleanlog.sh.x.c: In function 'key_with_file': cleanlog.sh.x.c:178: error: array type has incomplete element type cleanlog.sh.x.c:179: error: array type has incomplete element type cleanlog.sh.x.c:185: warning: incompatible implicit declaration of built-in function 'memset' ..................... .....................
then install the following packages:
# apt-get install gcc libc6-dev
Last but not the least. There is no guarantee that this utility will provide you a very strong security protection. Experienced users or hackers who have sufficient knowledge about “gdb” or other debugger tools can decrypt your shell script(when using shc alone). Although it does provide a good starting point to encrypt (hide) shell scripts from “regular” users if you are a system administrator.
6,262 total views