How To... Test a Linux system for the presence of SSNs or CCs
This page was created for administrators of Linux systems who wish to test their systems for the presence of Social Security Numbers or Credit Card numbers. It provides steps required search for sensitive information using tools native to Linux.
Note: This process has been tested on Redhat Linux. It should work on other flavors of Unix, but has not been tested.
All commands shown on this page [in Courier font] are to be entered on one line even though they are displayed on multiple lines.
Procedure:
- Log into the system in question
- Switch user to root to avoid permission issues
/> su root
- To test for SSNs on the whole box except for /proc (excluded as it can throw errors)
#> find / -path '/proc' -prune -o -not -empty -type f -print0 | xargs -0 -n 5000 egrep -sli '\b[0-9]{3}[ .-][0-9]{2}[ .-][0-9]{4}\b' > /tmp/FoundSSNs.txt
- To test for CC#s on the whole box except for /proc (excluded as it can trow errors)
#> find / -path '/proc' -prune -o -not -empty -type f -print0 | xargs -0 -n 5000 egrep -sli '\b[0-9]{4}[ .-][0-9]{4}[ .-][0-9]{4}[ .-][0-9]{4}\b' > /tmp/FoundCCNs.txt
Note: The above are set up to redirect the output of the search command to a temp file so as to more easily analyze the results.
- The above commands will provide to you a list of files in which a pattern that looks like an SSN or CC was found. Frequently these patterns are found in software license numbers and the like, so you will need to review each file to determine if it really does contain sensitive data. [Modify the quoted part of the below to switch from SSNs to CCs (below is SSNs)]
- You may count the number of possible SSNs in the file by using this command:
Note: If you have any suggestions that would improve the efficiency or efficacy of this procedure, please contact us with your suggestions. |
|
|
