Detect modifications made to the
The /boot/ directory in Linux contains everything required for the system to boot. This includes the kernel and other important boot files and data. Attackers may attempt to modify the /boot/ directory to inject malicious code or configuration. This can allow the attacker to gain persistence, by running the malicious code or configuration at boot time. It can also allow the attacker to run malicious code with elevated system privileges.