Searching Linux Files for a string (i.e.root credentials)

Question

As a part of our audit policy. I need to search all files on a linux machine for any file that contains the root credentials.

This command will be run by a non-root account, thus, the result will include many "Permission denied" statements.

Any suggestion of the proper syntax to search all files ans filter the result to show useful links only !

I tried: grep - "root" / | grep "password"

However, as this command is run using non root accounts, the big part of the result is "permission denied"

Thanks

Answer 1

You would go:

grep -lir "root" /

The -l switch outputs only the names of files in which the text occurs (instead of each line containing the text), the -i switch ignores the case, and the -r descends into subdirectories.

EDIT 1:

As running it as not root will be fine, as long as you're not trying to read other users' files.

EDIT 2:

To have only useful links, go with:

grep -lir -v "Permission denied" "root" /

The -v switch is for inverting the sense of matching, to select non-matching lines.

Answer 2

You can suppress the warnings with a redirection to /dev/null.

This solution uses find to walk the whole (accessible) filesystem :

find / -readable -exec grep -H root '{}' \; 2>/dev/null | grep password

Answer 3

However, as this command is run using non root accounts, the big part of the result is "permission denied"

Use sudo to run this recursive grep:

cd /home
sudo grep -ir 'root' *

Answer 4

The permission errors are outputed to stderr, so you could simply redirect that to /dev/null/. E.g.:

grep -R "root" . 2> /dev/null