public final class KernelRootkit extends GeneratedMessageV3 implements KernelRootkitOrBuilder
Kernel mode rootkit signatures.
Protobuf type google.cloud.securitycenter.v1.KernelRootkit
Static Fields
NAME_FIELD_NUMBER
public static final int NAME_FIELD_NUMBER
Field Value
UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER
public static final int UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER
Field Value
UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER
public static final int UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER
Field Value
UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER
public static final int UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER
Field Value
UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER
public static final int UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER
Field Value
UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER
public static final int UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER
Field Value
UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER
public static final int UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER
Field Value
UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER
public static final int UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER
Field Value
UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER
public static final int UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER
Field Value
Static Methods
getDefaultInstance()
public static KernelRootkit getDefaultInstance()
Returns
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
Returns
newBuilder()
public static KernelRootkit.Builder newBuilder()
Returns
newBuilder(KernelRootkit prototype)
public static KernelRootkit.Builder newBuilder(KernelRootkit prototype)
Parameter
Returns
public static KernelRootkit parseDelimitedFrom(InputStream input)
Parameter
Returns
Exceptions
public static KernelRootkit parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(byte[] data)
public static KernelRootkit parseFrom(byte[] data)
Parameter
| Name | Description |
data | byte[]
|
Returns
Exceptions
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static KernelRootkit parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(ByteString data)
public static KernelRootkit parseFrom(ByteString data)
Parameter
Returns
Exceptions
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static KernelRootkit parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
public static KernelRootkit parseFrom(CodedInputStream input)
Parameter
Returns
Exceptions
public static KernelRootkit parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
public static KernelRootkit parseFrom(InputStream input)
Parameter
Returns
Exceptions
public static KernelRootkit parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(ByteBuffer data)
public static KernelRootkit parseFrom(ByteBuffer data)
Parameter
Returns
Exceptions
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static KernelRootkit parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parser()
public static Parser<KernelRootkit> parser()
Returns
Methods
equals(Object obj)
public boolean equals(Object obj)
Parameter
Returns
Overrides
getDefaultInstanceForType()
public KernelRootkit getDefaultInstanceForType()
Returns
getName()
Rootkit name when available.
string name = 1;
| Type | Description |
String | The name.
|
getNameBytes()
public ByteString getNameBytes()
Rootkit name when available.
string name = 1;
getParserForType()
public Parser<KernelRootkit> getParserForType()
Returns
Overrides
getSerializedSize()
public int getSerializedSize()
Returns
Overrides
getUnexpectedCodeModification()
public boolean getUnexpectedCodeModification()
True if unexpected modifications of kernel code memory are present.
bool unexpected_code_modification = 2;
| Type | Description |
boolean | The unexpectedCodeModification.
|
getUnexpectedFtraceHandler()
public boolean getUnexpectedFtraceHandler()
True if ftrace points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_ftrace_handler = 4;
| Type | Description |
boolean | The unexpectedFtraceHandler.
|
getUnexpectedInterruptHandler()
public boolean getUnexpectedInterruptHandler()
True if interrupt handlers that are are not in the expected kernel or
module code regions are present.
bool unexpected_interrupt_handler = 8;
| Type | Description |
boolean | The unexpectedInterruptHandler.
|
getUnexpectedKernelCodePages()
public boolean getUnexpectedKernelCodePages()
True if kernel code pages that are not in the expected kernel or module
code regions are present.
bool unexpected_kernel_code_pages = 6;
| Type | Description |
boolean | The unexpectedKernelCodePages.
|
getUnexpectedKprobeHandler()
public boolean getUnexpectedKprobeHandler()
True if kprobe points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_kprobe_handler = 5;
| Type | Description |
boolean | The unexpectedKprobeHandler.
|
getUnexpectedProcessesInRunqueue()
public boolean getUnexpectedProcessesInRunqueue()
True if unexpected processes in the scheduler run queue are present. Such
processes are in the run queue, but not in the process task list.
bool unexpected_processes_in_runqueue = 9;
| Type | Description |
boolean | The unexpectedProcessesInRunqueue.
|
getUnexpectedReadOnlyDataModification()
public boolean getUnexpectedReadOnlyDataModification()
True if unexpected modifications of kernel read-only data memory are
present.
bool unexpected_read_only_data_modification = 3;
| Type | Description |
boolean | The unexpectedReadOnlyDataModification.
|
getUnexpectedSystemCallHandler()
public boolean getUnexpectedSystemCallHandler()
True if system call handlers that are are not in the expected kernel or
module code regions are present.
bool unexpected_system_call_handler = 7;
| Type | Description |
boolean | The unexpectedSystemCallHandler.
|
getUnknownFields()
public final UnknownFieldSet getUnknownFields()
Returns
Overrides
hashCode()
Returns
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
Overrides
isInitialized()
public final boolean isInitialized()
Returns
Overrides
newBuilderForType()
public KernelRootkit.Builder newBuilderForType()
Returns
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected KernelRootkit.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
Returns
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
Returns
Overrides
toBuilder()
public KernelRootkit.Builder toBuilder()
Returns
writeTo(CodedOutputStream output)
public void writeTo(CodedOutputStream output)
Parameter
Overrides
Exceptions
