public sealed class KernelRootkit : IMessage<KernelRootkit>, IEquatable<KernelRootkit>, IDeepCloneable<KernelRootkit>, IBufferMessage, IMessageReference documentation and code samples for the Google Cloud Security Command Center v1 API class KernelRootkit.
Kernel mode rootkit signatures.
Implements
IMessageKernelRootkit, IEquatableKernelRootkit, IDeepCloneableKernelRootkit, IBufferMessage, IMessageNamespace
Google.Cloud.SecurityCenter.V1Assembly
Google.Cloud.SecurityCenter.V1.dll
Constructors
KernelRootkit()
public KernelRootkit()KernelRootkit(KernelRootkit)
public KernelRootkit(KernelRootkit other)| Parameter | |
|---|---|
| Name | Description |
other | KernelRootkit |
Properties
Name
public string Name { get; set; }Rootkit name when available.
| Property Value | |
|---|---|
| Type | Description |
string | |
UnexpectedCodeModification
public bool UnexpectedCodeModification { get; set; }True when unexpected modifications of kernel code memory are present.
| Property Value | |
|---|---|
| Type | Description |
bool | |
UnexpectedFtraceHandler
public bool UnexpectedFtraceHandler { get; set; }True when ftrace points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
| Property Value | |
|---|---|
| Type | Description |
bool | |
UnexpectedInterruptHandler
public bool UnexpectedInterruptHandler { get; set; }True when interrupt handlers that are are not in the expected kernel or module code regions are present.
| Property Value | |
|---|---|
| Type | Description |
bool | |
UnexpectedKernelCodePages
public bool UnexpectedKernelCodePages { get; set; }True when kernel code pages that are not in the expected kernel or module code regions are present.
| Property Value | |
|---|---|
| Type | Description |
bool | |
UnexpectedKprobeHandler
public bool UnexpectedKprobeHandler { get; set; }True when kprobe points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
| Property Value | |
|---|---|
| Type | Description |
bool | |
UnexpectedProcessesInRunqueue
public bool UnexpectedProcessesInRunqueue { get; set; }True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
| Property Value | |
|---|---|
| Type | Description |
bool | |
UnexpectedReadOnlyDataModification
public bool UnexpectedReadOnlyDataModification { get; set; }True when unexpected modifications of kernel read-only data memory are present.
| Property Value | |
|---|---|
| Type | Description |
bool | |
UnexpectedSystemCallHandler
public bool UnexpectedSystemCallHandler { get; set; }True when system call handlers that are are not in the expected kernel or module code regions are present.
| Property Value | |
|---|---|
| Type | Description |
bool | |