Package com.google.cloud.securitycenter.v1

Class KernelRootkit

  • All Implemented Interfaces:
    KernelRootkitOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    public final class KernelRootkit
extends com.google.protobuf.GeneratedMessageV3
implements KernelRootkitOrBuilder
     Kernel mode rootkit signatures.
    Protobuf type google.cloud.securitycenter.v1.KernelRootkit
    See Also:
    Serialized Form

    • Field Detail

      • UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER

        public static final int UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER
        See Also:
        Constant Field Values

      • UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER

        public static final int UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER
        See Also:
        Constant Field Values

      • UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER

        public static final int UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER
        See Also:
        Constant Field Values

      • UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER

        public static final int UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER
        See Also:
        Constant Field Values

      • UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER

        public static final int UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER

        public static final int UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER
        See Also:
        Constant Field Values

      • UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER

        public static final int UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER
        See Also:
        Constant Field Values

      • UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER

        public static final int UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getNameBytes

        public com.google.protobuf.ByteString getNameBytes()
         Rootkit name, when available.
        string name = 1;
        Specified by:
        getNameBytes in interface KernelRootkitOrBuilder
        Returns:
        The bytes for name.

      • getUnexpectedCodeModification

        public boolean getUnexpectedCodeModification()
         True if unexpected modifications of kernel code memory are present.
        bool unexpected_code_modification = 2;
        Specified by:
        getUnexpectedCodeModification in interface KernelRootkitOrBuilder
        Returns:
        The unexpectedCodeModification.

      • getUnexpectedReadOnlyDataModification

        public boolean getUnexpectedReadOnlyDataModification()
         True if unexpected modifications of kernel read-only data memory are
 present.
        bool unexpected_read_only_data_modification = 3;
        Specified by:
        getUnexpectedReadOnlyDataModification in interface KernelRootkitOrBuilder
        Returns:
        The unexpectedReadOnlyDataModification.

      • getUnexpectedFtraceHandler

        public boolean getUnexpectedFtraceHandler()
         True if `ftrace` points are present with callbacks pointing to regions
 that are not in the expected kernel or module code range.
        bool unexpected_ftrace_handler = 4;
        Specified by:
        getUnexpectedFtraceHandler in interface KernelRootkitOrBuilder
        Returns:
        The unexpectedFtraceHandler.

      • getUnexpectedKprobeHandler

        public boolean getUnexpectedKprobeHandler()
         True if `kprobe` points are present with callbacks pointing to regions
 that are not in the expected kernel or module code range.
        bool unexpected_kprobe_handler = 5;
        Specified by:
        getUnexpectedKprobeHandler in interface KernelRootkitOrBuilder
        Returns:
        The unexpectedKprobeHandler.

      • getUnexpectedKernelCodePages

        public boolean getUnexpectedKernelCodePages()
         True if kernel code pages that are not in the expected kernel or module
 code regions are present.
        bool unexpected_kernel_code_pages = 6;
        Specified by:
        getUnexpectedKernelCodePages in interface KernelRootkitOrBuilder
        Returns:
        The unexpectedKernelCodePages.

      • getUnexpectedSystemCallHandler

        public boolean getUnexpectedSystemCallHandler()
         True if system call handlers that are are not in the expected kernel or
 module code regions are present.
        bool unexpected_system_call_handler = 7;
        Specified by:
        getUnexpectedSystemCallHandler in interface KernelRootkitOrBuilder
        Returns:
        The unexpectedSystemCallHandler.

      • getUnexpectedInterruptHandler

        public boolean getUnexpectedInterruptHandler()
         True if interrupt handlers that are are not in the expected kernel or
 module code regions are present.
        bool unexpected_interrupt_handler = 8;
        Specified by:
        getUnexpectedInterruptHandler in interface KernelRootkitOrBuilder
        Returns:
        The unexpectedInterruptHandler.

      • getUnexpectedProcessesInRunqueue

        public boolean getUnexpectedProcessesInRunqueue()
         True if unexpected processes in the scheduler run queue are present. Such
 processes are in the run queue, but not in the process task list.
        bool unexpected_processes_in_runqueue = 9;
        Specified by:
        getUnexpectedProcessesInRunqueue in interface KernelRootkitOrBuilder
        Returns:
        The unexpectedProcessesInRunqueue.

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static KernelRootkit parseFrom​(ByteBuffer data)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static KernelRootkit parseFrom​(ByteBuffer data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static KernelRootkit parseFrom​(com.google.protobuf.ByteString data)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static KernelRootkit parseFrom​(com.google.protobuf.ByteString data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static KernelRootkit parseFrom​(byte[] data)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static KernelRootkit parseFrom​(byte[] data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static KernelRootkit parseFrom​(com.google.protobuf.CodedInputStream input,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws IOException
        Throws:
        IOException

      • newBuilderForType

        public KernelRootkit.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public KernelRootkit.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected KernelRootkit.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstance

        public static KernelRootkit getDefaultInstance()

      • parser

        public static com.google.protobuf.Parser<KernelRootkit> parser()

      • getParserForType

        public com.google.protobuf.Parser<KernelRootkit> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public KernelRootkit getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder