Class KernelRootkit.Builder (2.25.0)

public static final class KernelRootkit.Builder extends GeneratedMessageV3.Builder<KernelRootkit.Builder> implements KernelRootkitOrBuilder

Kernel mode rootkit signatures.

Protobuf type google.cloud.securitycenter.v1.KernelRootkit

Static Methods

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

Methods

addRepeatedField(Descriptors.FieldDescriptor field, Object value)

public KernelRootkit.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
KernelRootkit.Builder
Overrides

build()

public KernelRootkit build()
Returns
TypeDescription
KernelRootkit

buildPartial()

public KernelRootkit buildPartial()
Returns
TypeDescription
KernelRootkit

clear()

public KernelRootkit.Builder clear()
Returns
TypeDescription
KernelRootkit.Builder
Overrides

clearField(Descriptors.FieldDescriptor field)

public KernelRootkit.Builder clearField(Descriptors.FieldDescriptor field)
Parameter
NameDescription
fieldFieldDescriptor
Returns
TypeDescription
KernelRootkit.Builder
Overrides

clearName()

public KernelRootkit.Builder clearName()

Rootkit name when available.

string name = 1;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clearOneof(Descriptors.OneofDescriptor oneof)

public KernelRootkit.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter
NameDescription
oneofOneofDescriptor
Returns
TypeDescription
KernelRootkit.Builder
Overrides

clearUnexpectedCodeModification()

public KernelRootkit.Builder clearUnexpectedCodeModification()

True when unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedFtraceHandler()

public KernelRootkit.Builder clearUnexpectedFtraceHandler()

True when ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedInterruptHandler()

public KernelRootkit.Builder clearUnexpectedInterruptHandler()

True when interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedKernelCodePages()

public KernelRootkit.Builder clearUnexpectedKernelCodePages()

True when kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedKprobeHandler()

public KernelRootkit.Builder clearUnexpectedKprobeHandler()

True when kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedProcessesInRunqueue()

public KernelRootkit.Builder clearUnexpectedProcessesInRunqueue()

True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedReadOnlyDataModification()

public KernelRootkit.Builder clearUnexpectedReadOnlyDataModification()

True when unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedSystemCallHandler()

public KernelRootkit.Builder clearUnexpectedSystemCallHandler()

True when system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

clone()

public KernelRootkit.Builder clone()
Returns
TypeDescription
KernelRootkit.Builder
Overrides

getDefaultInstanceForType()

public KernelRootkit getDefaultInstanceForType()
Returns
TypeDescription
KernelRootkit

getDescriptorForType()

public Descriptors.Descriptor getDescriptorForType()
Returns
TypeDescription
Descriptor
Overrides

getName()

public String getName()

Rootkit name when available.

string name = 1;

Returns
TypeDescription
String

The name.

getNameBytes()

public ByteString getNameBytes()

Rootkit name when available.

string name = 1;

Returns
TypeDescription
ByteString

The bytes for name.

getUnexpectedCodeModification()

public boolean getUnexpectedCodeModification()

True when unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Returns
TypeDescription
boolean

The unexpectedCodeModification.

getUnexpectedFtraceHandler()

public boolean getUnexpectedFtraceHandler()

True when ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Returns
TypeDescription
boolean

The unexpectedFtraceHandler.

getUnexpectedInterruptHandler()

public boolean getUnexpectedInterruptHandler()

True when interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Returns
TypeDescription
boolean

The unexpectedInterruptHandler.

getUnexpectedKernelCodePages()

public boolean getUnexpectedKernelCodePages()

True when kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Returns
TypeDescription
boolean

The unexpectedKernelCodePages.

getUnexpectedKprobeHandler()

public boolean getUnexpectedKprobeHandler()

True when kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Returns
TypeDescription
boolean

The unexpectedKprobeHandler.

getUnexpectedProcessesInRunqueue()

public boolean getUnexpectedProcessesInRunqueue()

True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Returns
TypeDescription
boolean

The unexpectedProcessesInRunqueue.

getUnexpectedReadOnlyDataModification()

public boolean getUnexpectedReadOnlyDataModification()

True when unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Returns
TypeDescription
boolean

The unexpectedReadOnlyDataModification.

getUnexpectedSystemCallHandler()

public boolean getUnexpectedSystemCallHandler()

True when system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Returns
TypeDescription
boolean

The unexpectedSystemCallHandler.

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
TypeDescription
FieldAccessorTable
Overrides

isInitialized()

public final boolean isInitialized()
Returns
TypeDescription
boolean
Overrides

mergeFrom(KernelRootkit other)

public KernelRootkit.Builder mergeFrom(KernelRootkit other)
Parameter
NameDescription
otherKernelRootkit
Returns
TypeDescription
KernelRootkit.Builder

mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public KernelRootkit.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputCodedInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
KernelRootkit.Builder
Overrides
Exceptions
TypeDescription
IOException

mergeFrom(Message other)

public KernelRootkit.Builder mergeFrom(Message other)
Parameter
NameDescription
otherMessage
Returns
TypeDescription
KernelRootkit.Builder
Overrides

mergeUnknownFields(UnknownFieldSet unknownFields)

public final KernelRootkit.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Parameter
NameDescription
unknownFieldsUnknownFieldSet
Returns
TypeDescription
KernelRootkit.Builder
Overrides

setField(Descriptors.FieldDescriptor field, Object value)

public KernelRootkit.Builder setField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
KernelRootkit.Builder
Overrides

setName(String value)

public KernelRootkit.Builder setName(String value)

Rootkit name when available.

string name = 1;

Parameter
NameDescription
valueString

The name to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setNameBytes(ByteString value)

public KernelRootkit.Builder setNameBytes(ByteString value)

Rootkit name when available.

string name = 1;

Parameter
NameDescription
valueByteString

The bytes for name to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)

public KernelRootkit.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Parameters
NameDescription
fieldFieldDescriptor
indexint
valueObject
Returns
TypeDescription
KernelRootkit.Builder
Overrides

setUnexpectedCodeModification(boolean value)

public KernelRootkit.Builder setUnexpectedCodeModification(boolean value)

True when unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Parameter
NameDescription
valueboolean

The unexpectedCodeModification to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setUnexpectedFtraceHandler(boolean value)

public KernelRootkit.Builder setUnexpectedFtraceHandler(boolean value)

True when ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Parameter
NameDescription
valueboolean

The unexpectedFtraceHandler to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setUnexpectedInterruptHandler(boolean value)

public KernelRootkit.Builder setUnexpectedInterruptHandler(boolean value)

True when interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Parameter
NameDescription
valueboolean

The unexpectedInterruptHandler to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setUnexpectedKernelCodePages(boolean value)

public KernelRootkit.Builder setUnexpectedKernelCodePages(boolean value)

True when kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Parameter
NameDescription
valueboolean

The unexpectedKernelCodePages to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setUnexpectedKprobeHandler(boolean value)

public KernelRootkit.Builder setUnexpectedKprobeHandler(boolean value)

True when kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Parameter
NameDescription
valueboolean

The unexpectedKprobeHandler to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setUnexpectedProcessesInRunqueue(boolean value)

public KernelRootkit.Builder setUnexpectedProcessesInRunqueue(boolean value)

True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Parameter
NameDescription
valueboolean

The unexpectedProcessesInRunqueue to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setUnexpectedReadOnlyDataModification(boolean value)

public KernelRootkit.Builder setUnexpectedReadOnlyDataModification(boolean value)

True when unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Parameter
NameDescription
valueboolean

The unexpectedReadOnlyDataModification to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setUnexpectedSystemCallHandler(boolean value)

public KernelRootkit.Builder setUnexpectedSystemCallHandler(boolean value)

True when system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Parameter
NameDescription
valueboolean

The unexpectedSystemCallHandler to set.

Returns
TypeDescription
KernelRootkit.Builder

This builder for chaining.

setUnknownFields(UnknownFieldSet unknownFields)

public final KernelRootkit.Builder setUnknownFields(UnknownFieldSet unknownFields)
Parameter
NameDescription
unknownFieldsUnknownFieldSet
Returns
TypeDescription
KernelRootkit.Builder
Overrides