diff --git a/sos/report/plugins/__init__.py b/sos/report/plugins/__init__.py
index f88f0c0d26..0707b43fc3 100644
--- a/sos/report/plugins/__init__.py
+++ b/sos/report/plugins/__init__.py
@@ -1313,6 +1313,21 @@ def do_file_sub(self, srcpath, regexp, subst):
             replacements = 0
         return replacements
 
+    def do_paths_httpproxy_sub(self, pathspecs):
+        """ Obfuscate credentials in *_PROXY variables in all files in the
+        given list. Proxy setting without protocol is ignored, since that
+        is not recommended setting and obfuscating that one can hit false
+        positives.
+
+        :param pathspecs: A filepath to obfuscate credentials in
+        :type pathspecs: ``str`` or a ``list`` of strings
+        """
+        if isinstance(pathspecs, str):
+            pathspecs = [pathspecs]
+        for path in pathspecs:
+            self.do_path_regex_sub(
+                path, r"(http(s)?://)\S+:\S+(@.*)", r"\1******:******\3")
+
     def do_path_regex_sub(self, pathexp, regexp, subst):
         """Apply a regexp substituation to a set of files archived by
         sos. The set of files to be substituted is generated by matching
diff --git a/sos/report/plugins/anaconda.py b/sos/report/plugins/anaconda.py
index 78577d3f7e..d6e0f8397d 100644
--- a/sos/report/plugins/anaconda.py
+++ b/sos/report/plugins/anaconda.py
@@ -24,21 +24,21 @@ class Anaconda(Plugin, RedHatPlugin):
 
     def setup(self):
 
-        paths = [
+        self.copypaths = [
             "/root/anaconda-ks.cfg"
         ]
 
         if self.path_isdir('/var/log/anaconda'):
             # new anaconda
-            paths.append('/var/log/anaconda')
+            self.copypaths.append('/var/log/anaconda')
         else:
-            paths = paths + [
+            self.copypaths = self.copypaths + [
                 "/var/log/anaconda.*",
                 "/root/install.log",
                 "/root/install.log.syslog"
             ]
 
-        self.add_copy_spec(paths)
+        self.add_copy_spec(self.copypaths)
 
     def postproc(self):
         self.do_file_sub(
@@ -51,5 +51,6 @@ def postproc(self):
             r"(user.*--password=*\s*)\s*(\S*)",
             r"\1********"
         )
+        self.do_paths_httpproxy_sub(self.copypaths)
 
 # vim: set et ts=4 sw=4 :
diff --git a/sos/report/plugins/apt.py b/sos/report/plugins/apt.py
index 857a11b6fe..9fa1cfec68 100644
--- a/sos/report/plugins/apt.py
+++ b/sos/report/plugins/apt.py
@@ -48,19 +48,11 @@ def setup(self):
     def postproc(self):
         super().postproc()
 
-        common_regex = r"(http(s)?://)\S+:\S+(@.*)"
-        common_replace = r"\1******:******\3"
-
-        files_to_sub = [
+        self.do_paths_httpproxy_sub([
             "/etc/apt/sources.list",
             "/etc/apt/sources.list.d/",
             "/etc/apt/apt.conf",
             "/etc/apt/apt.conf.d/",
-        ]
-
-        for file in files_to_sub:
-            self.do_path_regex_sub(
-                file, common_regex, common_replace
-            )
+        ])
 
 # vim: set et ts=4 sw=4 :
diff --git a/sos/report/plugins/system.py b/sos/report/plugins/system.py
index cc282dc1bb..161ee937bc 100644
--- a/sos/report/plugins/system.py
+++ b/sos/report/plugins/system.py
@@ -40,5 +40,11 @@ def setup(self):
             "ld.so --list-tunables"
         ])
 
+    def postproc(self):
+        self.do_paths_httpproxy_sub([
+            "/etc/sysconfig",
+            "/etc/default",
+            "/etc/environment",
+        ])
 
 # vim: set et ts=4 sw=4 :
diff --git a/sos/report/plugins/systemd.py b/sos/report/plugins/systemd.py
index a50a155e36..94dae3505f 100644
--- a/sos/report/plugins/systemd.py
+++ b/sos/report/plugins/systemd.py
@@ -95,4 +95,11 @@ def setup(self):
         ])
         self.add_forbidden_path('/dev/null')
 
+    def postproc(self):
+        self.do_paths_httpproxy_sub([
+            "/etc/systemd/system",
+            "/lib/systemd/system",
+            "/run/systemd/system",
+        ])
+
 # vim: set et ts=4 sw=4 :