Interface KernelRootkitOrBuilder (2.54.0)

public interface KernelRootkitOrBuilder extends MessageOrBuilder

Implements

MessageOrBuilder

Methods

getName()

public abstract String getName()

Rootkit name, when available.

string name = 1;

Returns
Type Description
String

The name.

getNameBytes()

public abstract ByteString getNameBytes()

Rootkit name, when available.

string name = 1;

Returns
Type Description
ByteString

The bytes for name.

getUnexpectedCodeModification()

public abstract boolean getUnexpectedCodeModification()

True if unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Returns
Type Description
boolean

The unexpectedCodeModification.

getUnexpectedFtraceHandler()

public abstract boolean getUnexpectedFtraceHandler()

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Returns
Type Description
boolean

The unexpectedFtraceHandler.

getUnexpectedInterruptHandler()

public abstract boolean getUnexpectedInterruptHandler()

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Returns
Type Description
boolean

The unexpectedInterruptHandler.

getUnexpectedKernelCodePages()

public abstract boolean getUnexpectedKernelCodePages()

True if kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Returns
Type Description
boolean

The unexpectedKernelCodePages.

getUnexpectedKprobeHandler()

public abstract boolean getUnexpectedKprobeHandler()

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Returns
Type Description
boolean

The unexpectedKprobeHandler.

getUnexpectedProcessesInRunqueue()

public abstract boolean getUnexpectedProcessesInRunqueue()

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Returns
Type Description
boolean

The unexpectedProcessesInRunqueue.

getUnexpectedReadOnlyDataModification()

public abstract boolean getUnexpectedReadOnlyDataModification()

True if unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Returns
Type Description
boolean

The unexpectedReadOnlyDataModification.

getUnexpectedSystemCallHandler()

public abstract boolean getUnexpectedSystemCallHandler()

True if system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Returns
Type Description
boolean

The unexpectedSystemCallHandler.