Class KernelRootkit (2.23.0)

public final class KernelRootkit extends GeneratedMessageV3 implements KernelRootkitOrBuilder

Kernel mode rootkit signatures.

Protobuf type google.cloud.securitycenter.v1.KernelRootkit

Static Fields

NAME_FIELD_NUMBER

public static final int NAME_FIELD_NUMBER
Field Value
TypeDescription
int

UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER

public static final int UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER
Field Value
TypeDescription
int

UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER

public static final int UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER
Field Value
TypeDescription
int

UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER

public static final int UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER
Field Value
TypeDescription
int

UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER

public static final int UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER
Field Value
TypeDescription
int

UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER

public static final int UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER
Field Value
TypeDescription
int

UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER

public static final int UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER
Field Value
TypeDescription
int

UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER

public static final int UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER
Field Value
TypeDescription
int

UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER

public static final int UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER
Field Value
TypeDescription
int

Static Methods

getDefaultInstance()

public static KernelRootkit getDefaultInstance()
Returns
TypeDescription
KernelRootkit

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

newBuilder()

public static KernelRootkit.Builder newBuilder()
Returns
TypeDescription
KernelRootkit.Builder

newBuilder(KernelRootkit prototype)

public static KernelRootkit.Builder newBuilder(KernelRootkit prototype)
Parameter
NameDescription
prototypeKernelRootkit
Returns
TypeDescription
KernelRootkit.Builder

parseDelimitedFrom(InputStream input)

public static KernelRootkit parseDelimitedFrom(InputStream input)
Parameter
NameDescription
inputInputStream
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
IOException

parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static KernelRootkit parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
IOException

parseFrom(byte[] data)

public static KernelRootkit parseFrom(byte[] data)
Parameter
NameDescription
databyte[]
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)

public static KernelRootkit parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
databyte[]
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteString data)

public static KernelRootkit parseFrom(ByteString data)
Parameter
NameDescription
dataByteString
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)

public static KernelRootkit parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
dataByteString
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(CodedInputStream input)

public static KernelRootkit parseFrom(CodedInputStream input)
Parameter
NameDescription
inputCodedInputStream
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
IOException

parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public static KernelRootkit parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputCodedInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
IOException

parseFrom(InputStream input)

public static KernelRootkit parseFrom(InputStream input)
Parameter
NameDescription
inputInputStream
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
IOException

parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static KernelRootkit parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
IOException

parseFrom(ByteBuffer data)

public static KernelRootkit parseFrom(ByteBuffer data)
Parameter
NameDescription
dataByteBuffer
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)

public static KernelRootkit parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
dataByteBuffer
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
KernelRootkit
Exceptions
TypeDescription
InvalidProtocolBufferException

parser()

public static Parser<KernelRootkit> parser()
Returns
TypeDescription
Parser<KernelRootkit>

Methods

equals(Object obj)

public boolean equals(Object obj)
Parameter
NameDescription
objObject
Returns
TypeDescription
boolean
Overrides

getDefaultInstanceForType()

public KernelRootkit getDefaultInstanceForType()
Returns
TypeDescription
KernelRootkit

getName()

public String getName()

Rootkit name when available.

string name = 1;

Returns
TypeDescription
String

The name.

getNameBytes()

public ByteString getNameBytes()

Rootkit name when available.

string name = 1;

Returns
TypeDescription
ByteString

The bytes for name.

getParserForType()

public Parser<KernelRootkit> getParserForType()
Returns
TypeDescription
Parser<KernelRootkit>
Overrides

getSerializedSize()

public int getSerializedSize()
Returns
TypeDescription
int
Overrides

getUnexpectedCodeModification()

public boolean getUnexpectedCodeModification()

True when unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Returns
TypeDescription
boolean

The unexpectedCodeModification.

getUnexpectedFtraceHandler()

public boolean getUnexpectedFtraceHandler()

True when ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Returns
TypeDescription
boolean

The unexpectedFtraceHandler.

getUnexpectedInterruptHandler()

public boolean getUnexpectedInterruptHandler()

True when interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Returns
TypeDescription
boolean

The unexpectedInterruptHandler.

getUnexpectedKernelCodePages()

public boolean getUnexpectedKernelCodePages()

True when kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Returns
TypeDescription
boolean

The unexpectedKernelCodePages.

getUnexpectedKprobeHandler()

public boolean getUnexpectedKprobeHandler()

True when kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Returns
TypeDescription
boolean

The unexpectedKprobeHandler.

getUnexpectedProcessesInRunqueue()

public boolean getUnexpectedProcessesInRunqueue()

True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Returns
TypeDescription
boolean

The unexpectedProcessesInRunqueue.

getUnexpectedReadOnlyDataModification()

public boolean getUnexpectedReadOnlyDataModification()

True when unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Returns
TypeDescription
boolean

The unexpectedReadOnlyDataModification.

getUnexpectedSystemCallHandler()

public boolean getUnexpectedSystemCallHandler()

True when system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Returns
TypeDescription
boolean

The unexpectedSystemCallHandler.

getUnknownFields()

public final UnknownFieldSet getUnknownFields()
Returns
TypeDescription
UnknownFieldSet
Overrides

hashCode()

public int hashCode()
Returns
TypeDescription
int
Overrides

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
TypeDescription
FieldAccessorTable
Overrides

isInitialized()

public final boolean isInitialized()
Returns
TypeDescription
boolean
Overrides

newBuilderForType()

public KernelRootkit.Builder newBuilderForType()
Returns
TypeDescription
KernelRootkit.Builder

newBuilderForType(GeneratedMessageV3.BuilderParent parent)

protected KernelRootkit.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
NameDescription
parentBuilderParent
Returns
TypeDescription
KernelRootkit.Builder
Overrides

newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)

protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
NameDescription
unusedUnusedPrivateParameter
Returns
TypeDescription
Object
Overrides

toBuilder()

public KernelRootkit.Builder toBuilder()
Returns
TypeDescription
KernelRootkit.Builder

writeTo(CodedOutputStream output)

public void writeTo(CodedOutputStream output)
Parameter
NameDescription
outputCodedOutputStream
Overrides
Exceptions
TypeDescription
IOException