1 shell脚本是可读写的, 很有可能会泄露敏感信息, 如用户名,密码,IP等. 在shell脚本运行时会也泄露敏感信息. 比如数据库备份脚本,会提示
mysqldump: [Warning] Using a password on the command line interface can be insecure.
2 shc是一个加密shell脚本的工具, 它的作用是把shell脚本转换为一个可执行的二进制文件
#安装shc
sudo apt update
sudo apt-get install shc
3 加密脚本
#sudo shc -v -f mysqlbak.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc mysqlbak.sh.x.c -o mysqlbak.sh.x
shc: strip mysqlbak.sh.x
shc: chmod ug=rwx,o=rx mysqlbak.sh.x
#ll mysqlbak.sh*
-rw-r--r-- 1 root root 236 Jul 9 14:41 mysqlbak.sh
-rwxrwxr-x 1 root root 15376 Jul 9 15:08 mysqlbak.sh.x*
-rw-r--r-- 1 root root 18886 Jul 9 15:08 mysqlbak.sh.x.c
#file mysqlbak.sh.x 生成的文件动态链接形式
mysqlbak.sh.x: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=95ee0a550a0f7c90517bc225d84f9ba270d847ec,
for GNU/Linux 3.2.0, stripped
#生成静态链接的文件
sudo CFLAGS=-static shc -r -f mysqlbak.sh
# file mysqlbak.sh.x
mysqlbak.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=8455131ba83b65f38222023ffc7355a165d81a3e, for GNU/Linux 3.2.0, stripped