chkboot-desktopalert
detection of malicious changes for boot files
Install
- All systems
-
curl cmd.cat/chkboot-desktopalert.sh
- Debian
-
apt-get install chkboot
- Ubuntu
-
apt-get install chkboot
- Kali Linux
-
apt-get install chkboot
- Windows (WSL2)
-
sudo apt-get update
sudo apt-get install chkboot
- Dockerfile
- dockerfile.run/chkboot-desktopalert
chkboot
detection of malicious changes for boot files
chkboot is a set of scripts that will display a notification (console or graphical) when boot files are tempered with. This tool is indented to be used on encrypted disks. In order to get the operating system to run, parts of the boot process must remains un-encrypted. chkboot checks that those files have not changed between reboots. Since the scripts and the data they generate are stored on the encrypted part of the disk, any attempts to modify the boot partition between reboots will be detected. Please note that this tool is not effective against rootkit that hides every boot files modifications or prevents chkboot from functioning properly.