chkboot-desktopalert

detection of malicious changes for boot files

Install

All systems
curl cmd.cat/chkboot-desktopalert.sh
Debian Debian
apt-get install chkboot
Ubuntu
apt-get install chkboot
image/svg+xml Kali Linux
apt-get install chkboot
Windows (WSL2)
sudo apt-get update sudo apt-get install chkboot

chkboot

detection of malicious changes for boot files

chkboot is a set of scripts that will display a notification (console or graphical) when boot files are tempered with. This tool is indented to be used on encrypted disks. In order to get the operating system to run, parts of the boot process must remains un-encrypted. chkboot checks that those files have not changed between reboots. Since the scripts and the data they generate are stored on the encrypted part of the disk, any attempts to modify the boot partition between reboots will be detected. Please note that this tool is not effective against rootkit that hides every boot files modifications or prevents chkboot from functioning properly.