How can i encrypt bash script source code? - bash

I want to execute my bash scripts normally but no body see my source codes.
How can i encrypt my bash script?
thanks a lot.

Bash is a pure interpreted language so the interpreter (bash) can only run it if it is clear text.
You can try to obfuscate the code:
How to minify/obfuscate a bash script
On the other hand, you can restrict which users access to that code using system privileges.

Sorry to wake up a "dead horse", just wanted to share what I have done using gpg. As mentioned earlier bash can only run it (the script) if it is in clear text.
encrypt the shell script with gpg:
gpg -c <your_bash_script.sh>
This will ask you for a passphrase and confirm it.
This will create an encrypted file with a .gpg extension. the default encryption is CAST5 if you want a more strict cipher add --cipher-algo "cipher_name" (check the man pages for details)
<your_bash_script.sh.gpg>
decrypt your shell script with gpg:
gpg -d <your_bash_script.sh.gpg>
This will prompt you for the passphrase assigned to the file and display its contents in the on the screen.
if you put it all together, you have:
gpg -d <your_bash_script.sh.gpg> | bash
You can even use gpg keys
Every time you edit your script, you edit the un-encrypted version of the script or pipe the output of the decryption to a file and re-encrypt it when done.

You could use shc. Here is an example. Not really sure if this is a great place to ask this question though. Doesn't seem super programming-related. Super User might be a better place for it. :)
http://www.thegeekstuff.com/2012/05/encrypt-bash-shell-script/

Other answers and comments have already said that encryption isn't feasible so I won't go into that. I don't think that path even addresses the problem you are trying to solve.
You haven't given a practical example of what you are trying to achieve, so the suggestions below may not be sufficient.
With almost any problem it's best to start of with the simplest approach first and add complexity as needed. First of all, you may not need to do anything at all! When you execute a shell script, the process list will only show the name of the shell executing the script (bash) and the name of the script. No-one will be able to see the contents of the script this way.
If that doesn't meet your needs then the next step would be to use standard file permissions to ensure that no-one can look at the contents of the file. ie. Remove read/write/execute permissions for group and other
chmod go-rwx <name of script>
If neither of these are enough, you will have to provide more details about what you are trying to do and what your concerns are.

I recommend you try submitting your script to this site if you wish to protect it from public view.
While many will disagree with the idea of hiding the source code of a script written in an interpreted language, i understand why there's a desire for this work.
As someone who has had his work stolen many times, I just dont care if "obfuscation" or "encryption" is a taboo. As long as my script is protected and it works as it did before encryption, I'm happy. Never again will I allow someone else to take credit for my work. And no, writing my script in a compiled language is not an option. I do not know how to.
Anyway, if you do not want to use the site mentioned above, try the latest version of shc. I believe they've updated it in github to address the many security concerns others have mentioned. Type the following into google "shc github" and you'll see a host of available options you can try out.

Related

How to chain alias commands in cmder

I love using aliases on my ubuntu server for repeated commands as they're a huge timesaver and they're absolutely irreplaceable for me now.
I've been using cmder a lot recently on Windows as it is the best console replacement for windows that I know of. It is a wonderful piece of software and I have almost all the basic bash commands including aliases.
However, I cannot find a way to chain multiple alias commands. I've tried delving into doskey at this link Microsoft DOSKEY and the macros without any luck.
So, basically I want to create multiple aliases. For e.g.
alias loginuser1='ssh -i ~/user1keyfile user1#$s'
alias mynewcloudserver='901.801.701.601'
and want to be able to login by typing:
loginuser1 mynewcloudserver
loginuser5 mytestingcloudserver
I have currently tried this:
loginuser1 mynewcloudserver
which produces this error:
ssh: Could not resolve hostname mynewcloudserver: no address associated with name
I get that this is because it is probably looking in my hosts file for mynewcloudserver and is unable to find an entry. I am able to login by doing this instead:
loginuser1 901.801.701.601
which brings us to my problem. I am unable to call one alias from another alias
I know the above might not be the best way to create those aliases, but I just want to understand the logic and how to chain aliases together in cmder which will open up a host of possibilities pun intended.
If anyone can help me out, that would be great.
The only option I've found is to create a myscript.sh file with the commands, and create an alias to call the file.
It may be helpful to include wait between commands if they need to finish before the next one runs.
The first time you run it, it may ask you which program to use. Choose Git for Windows.

Specify password file and shadow file to update in bash script

Hi i'm currently working on a bash script on ubuntu server where i have to specify the name of password and shadow file to update when adding user. I'm wondering how do you do it? Thanks in advance!
You've known adduser or other related command. The source code of those command may be written in C. So the simple way to know how to write it in shell script, you just need to transform C code. You can find all the things you mentioned in the question.
For me, this question is strange. Usually, shell script is used to contains a series of commands, not to solve a basic problem which is already solved.

Is there a safe way to modify another package's entry in the RPM database?

I've run into the problem described in this question, where an old package was Obsoleted, and its %preun script is run with $1 = 0, resulting in undesirable behavior. I know this could be worked around by using -e + -i, as suggested in that answer, or the --nopreun flag, but it's difficult to get that information out to users who are accustomed to simply using -U.
I can't modify the existing %preun scripts in the wild. I don't see any way to run additional code from the new package after the old one's preun. I can't find any way to have my new package programmatically prevent the old %preun script from executing.
Is there any safe way to reach into the RPM database and remove a scriptlet for an existing package?
Jeff Johnson is absolutely correct that it should not be done. However it certainly can be done.
I have done this in an RPM at work, for distribution, but note, this was a contained semi-structured environment with no remote hands to all systems.
If you have remote hands access, take the "remove, install" path, and script that.
If you really feel you should be doing this, then these are the pointers. I'm not going to show you exactly how I did it because it was "work" and not mine to share. The concepts are mine :-)
First, back up the /var/lib/rpm/Packages file (cp /var/lib/rpm/Packages /var/tmp/Packages.bkp). Put it somehwere safe. Update your backup if any one else changes the system whilst you are working on your solution. MAke regular checks on the count of RPMs and test every which way from Sunday, after each change or step.
You will need to use the db_unload and db_load commands. For speed, you will need to use "s2p" to convert any shell sed patterns to perl. Then build a pipe which looks like this:
db_unload /var/tmp/Packages.bkp |perl -i -e "s2p converted string" |db_load /var/tmp/Packages.new
You can then attempt to test the Packages.new by copying ot over the original. Always run rpm --rebuilddb after manual changes. If you see any errors, restore the back up and rebuild the db again.
If you need to put it in an RPM, then convert it to Lua, and put it in the pretrans or posttrans scriptlet (%pretrans -p <lua>). The selection depends on the ordering you are trying to achieve. The Lua interpreter is built in to rpm, and so it will run OK during a new system install even if your RPM gets called somehow. I wrapped my "pipe" in a lua long string, and made it only execute if the system already exists. It does nothing otherwise. If you are thinking "that will never happen" then check out "Never say Never".
BTW you can completely stiff your RPM base and thus future administration of the system if you mess this up. If you do that, and have no backup or way out, it would be a hard way to learn that you are responsible for your own actions. Just saying that you have been warned!
No you cannot edit an rpmdb: the headers are protected
from change by a SHA1 or a digital signature.
Instead upgrade to a fixed version of the package using --nopreun
to prevent running the buggy script let.

Non-interactive command-line FTP client alternative to weex

I'm looking for a good non-interactive, command line FTP client to be run from a Rakefile. Like Weex, but better. Weex has different problems (for me):
It stores its config file in my home dir. I want the FTP config to be part of my project and weex doesn't have a --config-file option or something.
The behavior of ignoring files seems to be completely buggy. It doesn't remove files which it should, it doesn't let me specify relative paths, even though I do it according to the man page's instructions, etc. I've been struggling with it for an hour now and it is just completely inexplicable.
I tried running rsync over FTPFS/FUSE, but that is dead slow because FTP doesn't store mtimes, which makes rsync diff every file. Plus, there are some refresh problems and other bugs that cause access failure (http://bugs.gentoo.org/208168).
I'm stuck with FTP, unfortunately. Any help is appreciated.
Perhaps something from the ncftp suite (http://www.ncftp.com/ncftp/)? This has the ability to specify a config file of your choice and tools to operate non-interactively (ncftpget/ncftpput).
It doesn't appear to have ignore functionality, but hopefully this was helpful to you..
I've used lftp in the past with good results. It's installed by default in many distributions and offers pretty sophisticated functionality (including a couple ways to exclude files).
try sitecopy: http://www.manyfish.co.uk/sitecopy/
The trouble with lftp is that it is very slow for mirroring--which I suppose you want to do since you have been using weex.
Unfortunately, both weex and sitecopy have very limited proxy handling, so if you need to go through a HTTP proxy, lftp may still be your best bet.

How do I setup a default checkin comment for CVS?

How do I generate a default comment for cvs? I'd like every checkin comment to start with "Change #: " and be available for the user to edit.
I know this can be done globally in the repository. Can it also be done as a single user on the client side?
I am using command line cvs.
We already have verification that the checkin starts with "Change #: " and that a valid change number is provided. I'd like to default the checkin comment to "Change #: " to save developers some typing. How can this be done globally? Can it be done locally/client side?
Be cautious. You must also ensure that the default comment does not become a crutch. For example, you should validate that the defect number is valid (currently open, for example, as well as actually exists). Otherwise, the programmers will simply use the default comment as the only comment.
In my view, it would be better to put the effort into validating the comment than into providing a default. Tell the developers that their changes will be rejected unless the comments meet the requirements - and document what is expected (and accepted).
The questioner challenges "nicely said, but does not answer the question".
Fair enough. I don't really use CVS, so take what follows with a pinch of salt.
Looking at Karl Fogel's book "Open Source Development with CVS" (Coriolis, 1999), I don't see a good way to do it. There are 'commitinfo', 'loginfo' and 'verifymsg' files that all seem to specify programs that validate log messages, and the editor is launched when the user doesn't specify 'cvs ci -m"Why I committed this"' (or, 'cvs ci -F why' for a message in a file), but personally I always checkin with comments on the command line and would hate to have an editor launched for me. So, short of writing a wrapper for the cvs command (which would be moderately complex), I don't see a way in the book of doing what you request.
Hmmm...unless you override the user's definition of CVSEDITOR in a shell script wrapper for cvs with a program that creates the default message in the given file and then launches ${VISUAL:-${EDITOR:-vim}} instead. Ick, and likewise yuck! But, done carefully, it would work. Probably the hardest part is ensuring that the programmers use your script version of cvs instead of the binary.
You can use the rcsinfo file to specify a template to use for the check in.
See this page for details.
This is done server side, so you need your template files on your server.
Also, as noted above, you can override the template with your own check in comments on the CVS command line.

Resources