使用 gzexe 快速加密解密文件内容

时间:2024-03-12 10:16:07

            使用 gzexe 快速加密解密文件内容

                                      作者:尹正杰

版权声明:原创作品,谢绝转载!否则将追究法律责任。

 

 

 

 

 

一.使用sshpass工具编写远程管理脚本

1>.安装依赖包

[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# yum -y install sshpass
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                                                                                                                                        | 3.6 kB  00:00:00     
extras                                                                                                                                                                                      | 3.4 kB  00:00:00     
updates                                                                                                                                                                                     | 3.4 kB  00:00:00     
(1/2): extras/7/x86_64/primary_db                                                                                                                                                           | 187 kB  00:00:00     
(2/2): updates/7/x86_64/primary_db                                                                                                                                                          | 3.3 MB  00:00:01     
Resolving Dependencies
--> Running transaction check
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                           Arch                                             Version                                                 Repository                                        Size
===================================================================================================================================================================================================================
Installing:
 sshpass                                           x86_64                                           1.06-2.el7                                              extras                                            21 k

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total download size: 21 k
Installed size: 38 k
Downloading packages:
sshpass-1.06-2.el7.x86_64.rpm                                                                                                                                                               |  21 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : sshpass-1.06-2.el7.x86_64                                                                                                                                                                       1/1 
  Verifying  : sshpass-1.06-2.el7.x86_64                                                                                                                                                                       1/1 

Installed:
  sshpass.x86_64 0:1.06-2.el7                                                                                                                                                                                      

Complete!
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# yum -y install sshpass

2>.编写脚本

[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# cat /usr/local/bin/clientServer.sh 
#!/bin/bash
#@author :yinzhengjie
#blog:http://www.cnblogs.com/yinzhengjie
#EMAIL:y1053419035@qq.com

host=$1
passwd="yinzhengjie"

sshpass  -p ${passwd} ssh root@${host} -o StrictHostKeyChecking=no
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# cat /usr/local/bin/clientServer.sh 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/clientServer.sh      
-rw-r--r--. 1 root root 199 Mar 21 11:11 /usr/local/bin/clientServer.sh
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# chmod +x /usr/local/bin/clientServer.sh 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/clientServer.sh      
-rwxr-xr-x. 1 root root 199 Mar 21 11:11 /usr/local/bin/clientServer.sh
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# chmod +x /usr/local/bin/clientServer.sh

3>.测试脚本

[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# cat /etc/hosts | grep yinzhengjie
172.30.1.101 node101.yinzhengjie.org.cn
172.30.1.102 node102.yinzhengjie.org.cn
172.30.1.103 node103.yinzhengjie.org.cn
172.30.1.104 node104.yinzhengjie.org.cn
172.30.1.105 node105.yinzhengjie.org.cn
172.30.1.106 node106.yinzhengjie.org.cn
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# cat /etc/hosts | grep yinzhengjie
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# clientServer.sh node102.yinzhengjie.org.cn
Last login: Thu Mar 21 11:07:53 2019 from 172.30.1.101
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# who
root     pts/0        2019-03-21 11:13 (172.30.1.101)
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# exit 
logout
Connection to node102.yinzhengjie.org.cn closed.
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# clientServer.sh node102.yinzhengjie.org.cn
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# clientServer.sh node103.yinzhengjie.org.cn
Last login: Tue Mar 19 13:50:35 2019 from 172.30.1.2
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# who
root     pts/0        2019-03-21 11:13 (172.30.1.101)
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# exit 
logout
Connection to node103.yinzhengjie.org.cn closed.
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# clientServer.sh node103.yinzhengjie.org.cn

 

二.为脚本加密(使用 gzexe 快速加密解密文件内容)

  上面我们通过脚本的确是可以远程登陆服务器,细心的小伙伴会发现以上脚本很缺乏安全感,就是密码是都一样才可以使用该脚本!而且在文件中编写脚本的话密码是明文方式保存,稍微会点Linux的人看到后可能会做坏事!因此,我们需要对脚本进行加密操作,这样别人拿到后就没法看到脚本的真实内容啦~

1>.加密脚本

[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# cd /usr/local/bin/
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 4
-rwxr-xr-x. 1 root root 199 Mar 21 11:24 clientServer.sh
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat clientServer.sh 
#!/bin/bash
#@author :yinzhengjie
#blog:http://www.cnblogs.com/yinzhengjie
#EMAIL:y1053419035@qq.com

host=$1
passwd="yinzhengjie"

sshpass  -p ${passwd} ssh root@${host} -o StrictHostKeyChecking=no
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# gzexe clientServer.sh 
clientServer.sh:         20.1%
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 8
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh            #它是加密后的脚本
-rwxr-xr-x. 1 root root 199 Mar 21 11:24 clientServer.sh~            #之前的脚本内容被写入到该文件中啦!
[root@node101.yinzhengjie.org.cn /usr/local/bin]#
[root@node101.yinzhengjie.org.cn /usr/local/bin]# gzexe clientServer.sh 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 8
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh
-rwxr-xr-x. 1 root root 199 Mar 21 11:24 clientServer.sh~
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat clientServer.sh
#!/bin/sh
skip=44

tab=\'   \'
nl=\'
\'
IFS=" $tab$nl"

umask=`umask`
umask 77

gztmpdir=
trap \'res=$?
  test -n "$gztmpdir" && rm -fr "$gztmpdir"
  (exit $res); exit $res
\' 0 1 2 3 5 10 13 15

if type mktemp >/dev/null 2>&1; then
  gztmpdir=`mktemp -dt`
else
  gztmpdir=/tmp/gztmp$$; mkdir $gztmpdir
fi || { (exit 127); exit 127; }

gztmp=$gztmpdir/$0
case $0 in
-* | */*\'
\') mkdir -p "$gztmp" && rm -r "$gztmp";;
*/*) gztmp=$gztmpdir/`basename "$0"`;;
esac || { (exit 127); exit 127; }

case `echo X | tail -n +1 2>/dev/null` in
X) tail_n=-n;;
*) tail_n=;;
esac
if tail $tail_n +$skip <"$0" | gzip -cd > "$gztmp"; then
  umask $umask
  chmod 700 "$gztmp"
  (sleep 5; rm -fr "$gztmpdir") 2>/dev/null &
  "$gztmp" ${1+"$@"}; res=$?
else
  echo >&2 "Cannot decompress $0"
  (exit 127); res=127
fi; exit $res
7fe$ient%rver.sLZמpbC*]\'Y^v"B
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat clientServer.sh
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat clientServer.sh~
#!/bin/bash
#@author :yinzhengjie
#blog:http://www.cnblogs.com/yinzhengjie
#EMAIL:y1053419035@qq.com

host=$1
passwd="yinzhengjie"

sshpass  -p ${passwd} ssh root@${host} -o StrictHostKeyChecking=no
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]#
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat clientServer.sh~ 

2>.测试加密后的脚本

[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 8
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh
-rwxr-xr-x. 1 root root 199 Mar 21 11:24 clientServer.sh~
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cd
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# rm -f /usr/local/bin/clientServer.sh~
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/
total 4
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# clientServer.sh node102.yinzhengjie.org.cn
Last login: Thu Mar 21 11:13:48 2019 from 172.30.1.101
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# who
root     pts/0        2019-03-21 11:29 (172.30.1.101)
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# exit 
logout
Connection to node102.yinzhengjie.org.cn closed.
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# clientServer.sh node102.yinzhengjie.org.cn
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/
total 4
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# mv /usr/local/bin/clientServer.sh /usr/local/bin/goto
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/
total 4
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# mv /usr/local/bin/clientServer.sh /usr/local/bin/goto
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/
total 4
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# goto node103.yinzhengjie.org.cn
Last login: Thu Mar 21 11:13:59 2019 from 172.30.1.101
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# who
root     pts/0        2019-03-21 11:31 (172.30.1.101)
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# exit 
logout
Connection to node103.yinzhengjie.org.cn closed.
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# goto node103.yinzhengjie.org.cn

3>.解密脚本

[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# cd /usr/local/bin/
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 4
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto
[root@node101.yinzhengjie.org.cn /usr/local/bin]#
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto 
#!/bin/sh
skip=44

tab=\'   \'
nl=\'
\'
IFS=" $tab$nl"

umask=`umask`
umask 77

gztmpdir=
trap \'res=$?
  test -n "$gztmpdir" && rm -fr "$gztmpdir"
  (exit $res); exit $res
\' 0 1 2 3 5 10 13 15

if type mktemp >/dev/null 2>&1; then
  gztmpdir=`mktemp -dt`
else
  gztmpdir=/tmp/gztmp$$; mkdir $gztmpdir
fi || { (exit 127); exit 127; }

gztmp=$gztmpdir/$0
case $0 in
-* | */*\'
\') mkdir -p "$gztmp" && rm -r "$gztmp";;
*/*) gztmp=$gztmpdir/`basename "$0"`;;
esac || { (exit 127); exit 127; }

case `echo X | tail -n +1 2>/dev/null` in
X) tail_n=-n;;
*) tail_n=;;
esac
if tail $tail_n +$skip <"$0" | gzip -cd > "$gztmp"; then
  umask $umask
  chmod 700 "$gztmp"
  (sleep 5; rm -fr "$gztmpdir") 2>/dev/null &
  "$gztmp" ${1+"$@"}; res=$?
else
  echo >&2 "Cannot decompress $0"
  (exit 127); res=127
fi; exit $res
7fe$ient%rver.sLZמpbC*]\'Y^v"B
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 4
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# gzexe -d goto 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 8
-rwxr-xr-x. 1 root root 199 Mar 21 11:34 goto                #被解密后的脚本内容
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto~             #加密的文件内容
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]#
[root@node101.yinzhengjie.org.cn /usr/local/bin]# gzexe -d goto 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 8
-rwxr-xr-x. 1 root root 199 Mar 21 11:34 goto
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto~
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto
#!/bin/bash
#@author :yinzhengjie
#blog:http://www.cnblogs.com/yinzhengjie
#EMAIL:y1053419035@qq.com

host=$1
passwd="yinzhengjie"

sshpass  -p ${passwd} ssh root@${host} -o StrictHostKeyChecking=no
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]#
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# ll
total 8
-rwxr-xr-x. 1 root root 199 Mar 21 11:34 goto
-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto~
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# 
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto~
#!/bin/sh
skip=44

tab=\'   \'
nl=\'
\'
IFS=" $tab$nl"

umask=`umask`
umask 77

gztmpdir=
trap \'res=$?
  test -n "$gztmpdir" && rm -fr "$gztmpdir"
  (exit $res); exit $res
\' 0 1 2 3 5 10 13 15

if type mktemp >/dev/null 2>&1; then
  gztmpdir=`mktemp -dt`
else
  gztmpdir=/tmp/gztmp$$; mkdir $gztmpdir
fi || { (exit 127); exit 127; }

gztmp=$gztmpdir/$0
case $0 in
-* | */*\'
\') mkdir -p "$gztmp" && rm -r "$gztmp";;
*/*) gztmp=$gztmpdir/`basename "$0"`;;
esac || { (exit 127); exit 127; }

case `echo X | tail -n +1 2>/dev/null` in
X) tail_n=-n;;
*) tail_n=;;
esac
if tail $tail_n +$skip <"$0" | gzip -cd > "$gztmp"; then
  umask $umask
  chmod 700 "$gztmp"
  (sleep 5; rm -fr "$gztmpdir") 2>/dev/null &
  "$gztmp" ${1+"$@"}; res=$?
else
  echo >&2 "Cannot decompress $0"
  (exit 127); res=127
fi; exit $res
7fe$ient%rver.sLZמpbC*]\'Y^v"B
[root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto~

 

相关文章