encrypt and decrypt in solaris system
TRANSCRIPT
Encrypt and Decrypt file in Solaris System.
Problem Scenario:
You need to run .sh file in every time in your system. In so many cases you run this .sh file in crontab
scheduler system, where .sh file exists in your system. Everytime you need to put credential on this file,
like you ftp a file from source to target you need to put target ftp information in this .sh file.
Another case you need to take rman backup in every midnight or delete archive log in a specific period,
where you need to put db credential on this .sh file. You don’t know who access your system, but they
can easily get your confidential information by reading this .sh file.
To overcome this issue you can encrypt this .sh file with keyfile , at the time scheduler it will decrypt this
.sh file, after executing this .sh file it’s automatically delete in system.
Real example:
I want delete archive log in oracle database in (11.33 PM) using .sh file in crontab, also want no one can
access my .sh file.
Step 1: I create a flat file named archive_delete.sh which code is below
ORACLE_BASE=/u01/app/oracle ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1 ORACLE_SID=SOURCEDB LD_LIBRARY_PATH=$ORACLE_HOME/lib PATH=$PATH:/usr/local/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/ucb:$ORACLE_HOME/bin export ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH PATH rman target sys/sys123@sourcedb log /export/home/oracle/ARCHIVE_PURGE/log/DR_archive_del_`date +%d%m%y-%H%M `.log<< EOF run { delete noprompt archivelog all completed before 'sysdate-2'; } EXIT; EOF
Step 2: Now I generate a keyfile for this encryption this flat archive_delete.sh
dd if=/dev/urandom of=123.txt bs=16 count=1
Keyfile 123.txt generated.
If you want to read this file you found that
Step 3: Now I generate encrypted .sh file from archive_delete.sh using 123.txt keyfile
encrypt -a aes -k /export/home/oracle/script/123.txt -i /export/home/oracle/script/archive_delete.sh -o /export/home/oracle/script/en_archive_delete.sh
Successfully generated en_archive_delete.sh.
If you want to read this en_archive_delete.sh file you found that
File is totally encrypted
Step 4 : Now delete this flat archive_delete.sh file , where you provide your valuable in system
password in your database.
Step 5: Now I create a .sh file which decrypt en_archive_delete.sh file , after executing this decrypt .sh
file automatically deleted form Solaris system.
decrypt -a aes -k /export/home/oracle/script/123.txt -i /export/home/oracle/script/en_archive_delete.sh -o /export/home/oracle/script/de_archive_delete.sh sh /export/home/oracle/script/de_archive_delete.sh rm /export/home/oracle/script/de_archive_delete.sh
Step 6: Now execute this run.sh file
Check the rman log file
It’s running fine , on the other hand decrypted file .sh file which is generated also deleted from system .
Now attached this run.sh file crontab and check any issue arise or not.
Check the rman log file
Wow !! No one can your DB system password , who enter your system. Enjoy