Recently I was working on a bash script for automating a SSH/Telnet process. The code I developed worked fine, however I spent quite a lot of time on how to secure my code. I didn't want anyone to tamper/alter my code, well that was easy, I just needed to change permissions via Chmod, but I also wanted that no one should be able to see my bash script since I worked very hard on it :) I wasn’t able to find a proper solution, there were couple of solutions available but they were PRO solutions i-e they were costing, I wanted a free solution.
The conclusion of my digging on this issue was that there isn’t any free solution to this, but there are few workarounds with which you can hide your source to some extend. I will explain these workaround in detail below:
First, little description about how to use Chmod to edit permissions of your bash script, following is a nicely complied tutorial I found on internet about Chmod with examples:
Syntax
* chmod [OPTION]... MODE[,MODE]... FILE...
* chmod [OPTION]... OCTAL-MODE FILE...
* chmod [OPTION]... --reference=RFILE FILE...
* -c, --changes like verbose but report only when a change is made
* --no-preserve-root do not treat `/' specially (the default)
* --preserve-root Fail to operate recursively on `/'
* -f, --silent, --quiet suppress most error messages
* -v, verbose output a diagnostic for every file processed
* --reference=RFILE use RFILE's mode instead of MODE values
* -R, --recursive change files and directories recursively
* --help display this help and exit
* --version output version information and exit
Permissions:
* u - User who owns the file.
* g - Group that owns the file.
* o - Other.
* a - All.
* r - Read the file.
* w - Write or edit the file.
* x - Execute or run the file as a program.
Numeric Permissions:
CHMOD can also to attributed by using Numeric Permissions:
* 400 read by owner
* 040 read by group
* 004 read by anybody (other)
* 200 write by owner
* 020 write by group
* 002 write by anybody
* 100 execute by owner
* 010 execute by group
* 001 execute by anybody
Examples:
The above numeric permissions can be added to set a certain permission, for example, a common HTML file on a Unix server to be only viewed over the Internet would be:
chmod 644 file.htmThis gives the file read/write by the owner and only read by everyone else (-rw-r--r--).
Files such as scripts that need to be executed need more permissions. Below is another example of a common permission given to scripts, this is most comenly used in bash scripting
chmod 755 file.cgiThis would be the following 400+040+004+200+020+100+010+001 = 775 where you are giving all the rights but the capability for anyone to edit your file.cgi (-rwxr-xr-x).
Finally, another common CHMOD permission is 666, as shown below, which is read and write by everyone.
chmod 666 file.txtHow to Hide the Code
Now the tricky part, how to hide the bash script code, well I came to find only two workarounds for this:
- Encrypt the Code with dummy cipher data
You can encrypt your source code by entering dummy cipher data in it i-e followed by Hash(#), as # is treated as a comment in bash script, but I will not advice this workaround, as it’s a manual/tiring process and people can identify original code with little bit of concentration on pattern of cipher data :)
- Hide the bash code file
The best thing I found in the end was to hide the bash code/script file, following if the process to do so:
Just rename the file followed by a dot(.)
Example:
mv telnet .telnet*I used move command, since I didn’t want to retain original file.
Now .telnet would not be listed in the directory along with other files when you list the files in the directory with “ls” command, but if you type “ls –a” i-e list all files in the directory then the files with dot(.) prefix would also be visible, so you have to count on your luck in this workaround, but some thing is better then nothing, so I used this one :)
If anyone has any other better solution, please do share.
