Package com.google.cloud.securitycenter.v1

Interface KernelRootkitOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    KernelRootkit, KernelRootkit.Builder
    public interface KernelRootkitOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      String getName()
      Rootkit name, when available.
      com.google.protobuf.ByteString getNameBytes()
      Rootkit name, when available.
      boolean getUnexpectedCodeModification()
      True if unexpected modifications of kernel code memory are present.
      boolean getUnexpectedFtraceHandler()
      True if `ftrace` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
      boolean getUnexpectedInterruptHandler()
      True if interrupt handlers that are are not in the expected kernel or module code regions are present.
      boolean getUnexpectedKernelCodePages()
      True if kernel code pages that are not in the expected kernel or module code regions are present.
      boolean getUnexpectedKprobeHandler()
      True if `kprobe` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
      boolean getUnexpectedProcessesInRunqueue()
      True if unexpected processes in the scheduler run queue are present.
      boolean getUnexpectedReadOnlyDataModification()
      True if unexpected modifications of kernel read-only data memory are present.
      boolean getUnexpectedSystemCallHandler()
      True if system call handlers that are are not in the expected kernel or module code regions are present.

      • Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

        isInitialized

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

    • Method Detail

      • getName

        String getName()
         Rootkit name, when available.
        string name = 1;
        Returns:
        The name.

      • getNameBytes

        com.google.protobuf.ByteString getNameBytes()
         Rootkit name, when available.
        string name = 1;
        Returns:
        The bytes for name.

      • getUnexpectedCodeModification

        boolean getUnexpectedCodeModification()
         True if unexpected modifications of kernel code memory are present.
        bool unexpected_code_modification = 2;
        Returns:
        The unexpectedCodeModification.

      • getUnexpectedReadOnlyDataModification

        boolean getUnexpectedReadOnlyDataModification()
         True if unexpected modifications of kernel read-only data memory are
 present.
        bool unexpected_read_only_data_modification = 3;
        Returns:
        The unexpectedReadOnlyDataModification.

      • getUnexpectedFtraceHandler

        boolean getUnexpectedFtraceHandler()
         True if `ftrace` points are present with callbacks pointing to regions
 that are not in the expected kernel or module code range.
        bool unexpected_ftrace_handler = 4;
        Returns:
        The unexpectedFtraceHandler.

      • getUnexpectedKprobeHandler

        boolean getUnexpectedKprobeHandler()
         True if `kprobe` points are present with callbacks pointing to regions
 that are not in the expected kernel or module code range.
        bool unexpected_kprobe_handler = 5;
        Returns:
        The unexpectedKprobeHandler.

      • getUnexpectedKernelCodePages

        boolean getUnexpectedKernelCodePages()
         True if kernel code pages that are not in the expected kernel or module
 code regions are present.
        bool unexpected_kernel_code_pages = 6;
        Returns:
        The unexpectedKernelCodePages.

      • getUnexpectedSystemCallHandler

        boolean getUnexpectedSystemCallHandler()
         True if system call handlers that are are not in the expected kernel or
 module code regions are present.
        bool unexpected_system_call_handler = 7;
        Returns:
        The unexpectedSystemCallHandler.

      • getUnexpectedInterruptHandler

        boolean getUnexpectedInterruptHandler()
         True if interrupt handlers that are are not in the expected kernel or
 module code regions are present.
        bool unexpected_interrupt_handler = 8;
        Returns:
        The unexpectedInterruptHandler.

      • getUnexpectedProcessesInRunqueue

        boolean getUnexpectedProcessesInRunqueue()
         True if unexpected processes in the scheduler run queue are present. Such
 processes are in the run queue, but not in the process task list.
        bool unexpected_processes_in_runqueue = 9;
        Returns:
        The unexpectedProcessesInRunqueue.