- 2.64.0 (latest)
- 2.63.0
- 2.62.0
- 2.61.0
- 2.60.0
- 2.59.0
- 2.57.0
- 2.56.0
- 2.55.0
- 2.54.0
- 2.53.0
- 2.52.0
- 2.51.0
- 2.50.0
- 2.49.0
- 2.48.0
- 2.47.0
- 2.45.0
- 2.44.0
- 2.43.0
- 2.42.0
- 2.41.0
- 2.40.0
- 2.39.0
- 2.38.0
- 2.37.0
- 2.36.0
- 2.35.0
- 2.32.0
- 2.31.0
- 2.30.0
- 2.29.0
- 2.28.0
- 2.27.0
- 2.26.0
- 2.25.0
- 2.24.0
- 2.23.0
- 2.22.0
- 2.21.0
- 2.20.0
- 2.19.0
- 2.17.0
- 2.16.0
- 2.15.0
- 2.14.0
- 2.13.0
- 2.12.0
- 2.11.1
- 2.10.0
- 2.9.0
- 2.8.0
- 2.7.1
- 2.6.0
- 2.5.6
- 2.3.2
public interface KernelRootkitOrBuilder extends MessageOrBuilder
Implements
MessageOrBuilderMethods
getName()
public abstract String getName()
Rootkit name when available.
string name = 1;
Returns | |
---|---|
Type | Description |
String | The name. |
getNameBytes()
public abstract ByteString getNameBytes()
Rootkit name when available.
string name = 1;
Returns | |
---|---|
Type | Description |
ByteString | The bytes for name. |
getUnexpectedCodeModification()
public abstract boolean getUnexpectedCodeModification()
True when unexpected modifications of kernel code memory are present.
bool unexpected_code_modification = 2;
Returns | |
---|---|
Type | Description |
boolean | The unexpectedCodeModification. |
getUnexpectedFtraceHandler()
public abstract boolean getUnexpectedFtraceHandler()
True when ftrace
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_ftrace_handler = 4;
Returns | |
---|---|
Type | Description |
boolean | The unexpectedFtraceHandler. |
getUnexpectedInterruptHandler()
public abstract boolean getUnexpectedInterruptHandler()
True when interrupt handlers that are are not in the expected kernel or module code regions are present.
bool unexpected_interrupt_handler = 8;
Returns | |
---|---|
Type | Description |
boolean | The unexpectedInterruptHandler. |
getUnexpectedKernelCodePages()
public abstract boolean getUnexpectedKernelCodePages()
True when kernel code pages that are not in the expected kernel or module code regions are present.
bool unexpected_kernel_code_pages = 6;
Returns | |
---|---|
Type | Description |
boolean | The unexpectedKernelCodePages. |
getUnexpectedKprobeHandler()
public abstract boolean getUnexpectedKprobeHandler()
True when kprobe
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_kprobe_handler = 5;
Returns | |
---|---|
Type | Description |
boolean | The unexpectedKprobeHandler. |
getUnexpectedProcessesInRunqueue()
public abstract boolean getUnexpectedProcessesInRunqueue()
True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
bool unexpected_processes_in_runqueue = 9;
Returns | |
---|---|
Type | Description |
boolean | The unexpectedProcessesInRunqueue. |
getUnexpectedReadOnlyDataModification()
public abstract boolean getUnexpectedReadOnlyDataModification()
True when unexpected modifications of kernel read-only data memory are present.
bool unexpected_read_only_data_modification = 3;
Returns | |
---|---|
Type | Description |
boolean | The unexpectedReadOnlyDataModification. |
getUnexpectedSystemCallHandler()
public abstract boolean getUnexpectedSystemCallHandler()
True when system call handlers that are are not in the expected kernel or module code regions are present.
bool unexpected_system_call_handler = 7;
Returns | |
---|---|
Type | Description |
boolean | The unexpectedSystemCallHandler. |