Ubuntu 22.04.4 LTS (linux) 使用shc 加密 shell script

1 shell脚本是可读写的, 很有可能会泄露敏感信息, 如用户名,密码,IP等. 在shell脚本运行时会也泄露敏感信息. 比如数据库备份脚本,会提示

mysqldump: [Warning] Using a password on the command line interface can be insecure.

2 shc是一个加密shell脚本的工具, 它的作用是把shell脚本转换为一个可执行的二进制文件

#安装shc
sudo apt update
sudo  apt-get install  shc

3 加密脚本

#sudo  shc  -v  -f  mysqlbak.sh 
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc   mysqlbak.sh.x.c -o mysqlbak.sh.x
shc: strip mysqlbak.sh.x
shc: chmod ug=rwx,o=rx mysqlbak.sh.x
#ll  mysqlbak.sh*
-rw-r--r-- 1 root root   236 Jul  9 14:41 mysqlbak.sh
-rwxrwxr-x 1 root root 15376 Jul  9 15:08 mysqlbak.sh.x*
-rw-r--r-- 1 root root 18886 Jul  9 15:08 mysqlbak.sh.x.c
#file  mysqlbak.sh.x 生成的文件动态链接形式
mysqlbak.sh.x: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=95ee0a550a0f7c90517bc225d84f9ba270d847ec, 
for GNU/Linux 3.2.0, stripped

#生成静态链接的文件
sudo CFLAGS=-static  shc -r -f mysqlbak.sh
# file  mysqlbak.sh.x
mysqlbak.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=8455131ba83b65f38222023ffc7355a165d81a3e, for GNU/Linux 3.2.0, stripped