Suggestion: Search for passwords in commonly used log files

[Reelix]

I recently came across a box that had the data of the su command (The users password) in the audit log which lse missed.

A simple grep -R 'comm="su"' /var/log/audit/audit.log* 2>/dev/null would have picked this up.

Might want to add this, and look for other commonly used log files that could also contain sensitive data in the future :)

[diego-treitos]

Thanks a lot for the suggestion. I will look into it although it is a bit unusual that a user have access to those log files.