Cybersecurity Triage
Read-only, sensitive outputFind World-Readable Secret-Looking Files
You need to find files with sensitive names that are readable by everyone.
Command
find fixtures/perm-audit -type f -perm -0004 \( -iname '*secret*' -o -iname '*.env' -o -iname '*token*' -o -iname '*key*' \) -printf '%M %u:%g %p\n' | sortBefore you run this
System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.
When not to use it: Do not treat filename matching as a complete secrets scan; it is a fast first pass.
Expected output
World-readable files whose names suggest secrets, keys, tokens, or environment config.
System impact
Read-only, sensitive output. Nothing changes. The command lists suspicious readable files for review.
Recovery / rollback: no state is changed.
When to use it
Use during production handoff, incident triage, or before publishing an artifact.
When not to use it
Do not treat filename matching as a complete secrets scan; it is a fast first pass.
Explanation-only example
Illustrated output, not a live lab run
This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.
$ find sample-files/perm-audit -type f \( -iname '*secret*' -o -iname '*.env' -o -iname '*token*' -o -iname '*key*' \) -printf '%M %u:%g %p\n' | sort
-rw------- root:root sample-files/perm-audit/shared/secrets/prod.token
-rw-r----- root:root sample-files/perm-audit/releases/2026-06-25/config/app.env
-rw-r--r-- root:root sample-files/perm-audit/releases/2026-06-25/config/secret.key$ find sample-files/perm-audit -type f -perm -0004 \( -iname '*secret*' -o -iname '*.env' -o -iname '*token*' -o -iname '*key*' \) -printf '%M %u:%g %p\n' | sort
-rw-r--r-- root:root sample-files/perm-audit/releases/2026-06-25/config/secret.keyView commands shown
These are the commands shown in the sanitized transcript.
Commands shown
find fixtures/perm-audit -type f \( -iname '*secret*' -o -iname '*.env' -o -iname '*token*' -o -iname '*key*' \) -printf '%M %u:%g %p\n' | sortfind fixtures/perm-audit -type f -perm -0004 \( -iname '*secret*' -o -iname '*.env' -o -iname '*token*' -o -iname '*key*' \) -printf '%M %u:%g %p\n' | sort
next steps
Related commands
Find Config Files with Execute Bits
Config files do not usually need to be executable.
find fixtures/perm-audit -type f -perm /111 \( -path '*/config/*' -o -name '*.env' -o -name '*.conf' \) -printf '%M %u:%g %p\n' | sort
Find Upload Files Writable Outside the Owner
Uploads are supposed to be writable at the edge, not writable forever by everyone.
find fixtures/perm-audit/releases/2026-06-25/uploads -type f -perm /0022 -printf '%M %u:%g %p\n' | sort
Find Writable Directories Missing the Sticky Bit
A writable log directory is not the same thing as a safe shared directory.
find fixtures/perm-audit -type d -perm -0002 ! -perm -1000 -printf '%m %u:%g %p\n' | sort
Find SUID, SGID, and Sticky Bits in an App Tree
Special bits are easy to miss in a long ls listing.
find fixtures/perm-audit -perm /7000 -printf '%M %m %u:%g %p\n' | sort
Find SSH Key Users with sudo
The highest-priority access review starts where SSH keys and sudo overlap.
comm -12 <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort) <(awk -F: '$1=="sudo" {gsub(",","\n",$4); print $4}' fixtures/user-access-audit/etc/group | sort)
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.