Skip to content

Minor improvements: Spell checking and added section "Limitations". #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sdrfnord wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Minor improvements: Spell checking and added section "Limitations". #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,12 @@ reboots. Since the scripts and the data they generate are stored on the
encrypted part of the disk, any attempts to modify the boot partition between
reboots will be detected.

Limitations
------------

Be aware that chkboot can *not* protect you against:
* a trojan hiding in your BIOS
* rootkits that mimmick the old files

Description
------------
Expand All @@ -21,15 +27,15 @@ had changes made to them is kept, but the short term list meant to alert the
user is erased the next time `chkboot` is run.

`chkboot-check`: This file can be run by anyone who can view /var/lib/chkboot,
and will display a warning a the list of changed files if any were detected last
and will display a warning and the list of changed files if any were detected last
time chkboot was run.

`chkboot.conf`: Contans settings for your configuration, including which
`chkboot.conf`: Contains settings for your configuration, including which
alert types will be used. Alert types are currently on shell login via
'/etc/profile.d' and in the vterm header by modifying '/etc/issue'

`INITCPIO SUPPORT`: If your system uses initcpio, add 'chkboot' to the end of
your modules array to have chkboot run automatically when you upgrade linux.
your modules array to have chkboot run automatically when you upgrade Linux.

`SYSTEMD SUPPORT`: If your system uses systemd, you should enable the chkboot
service to have your boot partitioned checked every time your system starts.
Expand All @@ -55,7 +61,7 @@ make install-initcpio
make install-systemd
```

Manual Installation
Manual Installation
-------------------

### Everything should be installed as shown below
Expand All @@ -74,7 +80,7 @@ Ubuntu), add the following line to `/etc/rc.local`:
/usr/bin/chkboot &
```

### REQUIRES INITCPIO:
### REQUIRES INITCPIO:

Add `chkboot` to the end of the 'HOOKS' array in `/etc/mkinitcpio.conf`

Expand All @@ -88,7 +94,7 @@ Run `systemctl --system daemon-reload` and then `systemctl enable chkboot`

### OPTIONAL:

`chkboot-bootcheck` can be installed elsewhere and added to the startup sequence
`chkboot-bootcheck` can be installed elsewhere and added to the startup sequence
with another system:

```
Expand Down
7 changes: 2 additions & 5 deletions chkboot
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,6 @@
#
# license: GPLv2
#
# a reminder that this will NOT protect against:
# -a trojan hiding in your BIOS
# -rootkits that mimmick the old files

CHKBOOT_CMD=$(echo "$0" | sed 's/.*\///g')

Expand Down Expand Up @@ -45,14 +42,14 @@ if [ ! -z "$1" ]; then
echo -e "Invalid argument: ${1}"
help
exit 1
fi
fi
else
CHANGED="0"
fi

install -d "$CHKBOOT_DATA"

# delete the previous
# delete the previous
if [[ -s "${CHANGES_ALERT}" ]]; then
# restore /etc/issue if it's been modified
if [ ! $(grep -c "CHKBOOT ALERT" /etc/issue) = 0 ]; then
Expand Down