Class KernelRootkit.Builder (2.57.0)

public static final class KernelRootkit.Builder extends GeneratedMessageV3.Builder<KernelRootkit.Builder> implements KernelRootkitOrBuilder

Kernel mode rootkit signatures.

Protobuf type google.cloud.securitycenter.v2.KernelRootkit

Static Methods

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
Type Description
Descriptor

Methods

addRepeatedField(Descriptors.FieldDescriptor field, Object value)

public KernelRootkit.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters
Name Description
field FieldDescriptor
value Object
Returns
Type Description
KernelRootkit.Builder
Overrides

build()

public KernelRootkit build()
Returns
Type Description
KernelRootkit

buildPartial()

public KernelRootkit buildPartial()
Returns
Type Description
KernelRootkit

clear()

public KernelRootkit.Builder clear()
Returns
Type Description
KernelRootkit.Builder
Overrides

clearField(Descriptors.FieldDescriptor field)

public KernelRootkit.Builder clearField(Descriptors.FieldDescriptor field)
Parameter
Name Description
field FieldDescriptor
Returns
Type Description
KernelRootkit.Builder
Overrides

clearName()

public KernelRootkit.Builder clearName()

Rootkit name, when available.

string name = 1;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clearOneof(Descriptors.OneofDescriptor oneof)

public KernelRootkit.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter
Name Description
oneof OneofDescriptor
Returns
Type Description
KernelRootkit.Builder
Overrides

clearUnexpectedCodeModification()

public KernelRootkit.Builder clearUnexpectedCodeModification()

True if unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedFtraceHandler()

public KernelRootkit.Builder clearUnexpectedFtraceHandler()

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedInterruptHandler()

public KernelRootkit.Builder clearUnexpectedInterruptHandler()

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedKernelCodePages()

public KernelRootkit.Builder clearUnexpectedKernelCodePages()

True if kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedKprobeHandler()

public KernelRootkit.Builder clearUnexpectedKprobeHandler()

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedProcessesInRunqueue()

public KernelRootkit.Builder clearUnexpectedProcessesInRunqueue()

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedReadOnlyDataModification()

public KernelRootkit.Builder clearUnexpectedReadOnlyDataModification()

True if unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clearUnexpectedSystemCallHandler()

public KernelRootkit.Builder clearUnexpectedSystemCallHandler()

True if system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

clone()

public KernelRootkit.Builder clone()
Returns
Type Description
KernelRootkit.Builder
Overrides

getDefaultInstanceForType()

public KernelRootkit getDefaultInstanceForType()
Returns
Type Description
KernelRootkit

getDescriptorForType()

public Descriptors.Descriptor getDescriptorForType()
Returns
Type Description
Descriptor
Overrides

getName()

public String getName()

Rootkit name, when available.

string name = 1;

Returns
Type Description
String

The name.

getNameBytes()

public ByteString getNameBytes()

Rootkit name, when available.

string name = 1;

Returns
Type Description
ByteString

The bytes for name.

getUnexpectedCodeModification()

public boolean getUnexpectedCodeModification()

True if unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Returns
Type Description
boolean

The unexpectedCodeModification.

getUnexpectedFtraceHandler()

public boolean getUnexpectedFtraceHandler()

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Returns
Type Description
boolean

The unexpectedFtraceHandler.

getUnexpectedInterruptHandler()

public boolean getUnexpectedInterruptHandler()

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Returns
Type Description
boolean

The unexpectedInterruptHandler.

getUnexpectedKernelCodePages()

public boolean getUnexpectedKernelCodePages()

True if kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Returns
Type Description
boolean

The unexpectedKernelCodePages.

getUnexpectedKprobeHandler()

public boolean getUnexpectedKprobeHandler()

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Returns
Type Description
boolean

The unexpectedKprobeHandler.

getUnexpectedProcessesInRunqueue()

public boolean getUnexpectedProcessesInRunqueue()

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Returns
Type Description
boolean

The unexpectedProcessesInRunqueue.

getUnexpectedReadOnlyDataModification()

public boolean getUnexpectedReadOnlyDataModification()

True if unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Returns
Type Description
boolean

The unexpectedReadOnlyDataModification.

getUnexpectedSystemCallHandler()

public boolean getUnexpectedSystemCallHandler()

True if system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Returns
Type Description
boolean

The unexpectedSystemCallHandler.

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
Type Description
FieldAccessorTable
Overrides

isInitialized()

public final boolean isInitialized()
Returns
Type Description
boolean
Overrides

mergeFrom(KernelRootkit other)

public KernelRootkit.Builder mergeFrom(KernelRootkit other)
Parameter
Name Description
other KernelRootkit
Returns
Type Description
KernelRootkit.Builder

mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public KernelRootkit.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input CodedInputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
KernelRootkit.Builder
Overrides
Exceptions
Type Description
IOException

mergeFrom(Message other)

public KernelRootkit.Builder mergeFrom(Message other)
Parameter
Name Description
other Message
Returns
Type Description
KernelRootkit.Builder
Overrides

mergeUnknownFields(UnknownFieldSet unknownFields)

public final KernelRootkit.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Parameter
Name Description
unknownFields UnknownFieldSet
Returns
Type Description
KernelRootkit.Builder
Overrides

setField(Descriptors.FieldDescriptor field, Object value)

public KernelRootkit.Builder setField(Descriptors.FieldDescriptor field, Object value)
Parameters
Name Description
field FieldDescriptor
value Object
Returns
Type Description
KernelRootkit.Builder
Overrides

setName(String value)

public KernelRootkit.Builder setName(String value)

Rootkit name, when available.

string name = 1;

Parameter
Name Description
value String

The name to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setNameBytes(ByteString value)

public KernelRootkit.Builder setNameBytes(ByteString value)

Rootkit name, when available.

string name = 1;

Parameter
Name Description
value ByteString

The bytes for name to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)

public KernelRootkit.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Parameters
Name Description
field FieldDescriptor
index int
value Object
Returns
Type Description
KernelRootkit.Builder
Overrides

setUnexpectedCodeModification(boolean value)

public KernelRootkit.Builder setUnexpectedCodeModification(boolean value)

True if unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Parameter
Name Description
value boolean

The unexpectedCodeModification to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setUnexpectedFtraceHandler(boolean value)

public KernelRootkit.Builder setUnexpectedFtraceHandler(boolean value)

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Parameter
Name Description
value boolean

The unexpectedFtraceHandler to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setUnexpectedInterruptHandler(boolean value)

public KernelRootkit.Builder setUnexpectedInterruptHandler(boolean value)

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Parameter
Name Description
value boolean

The unexpectedInterruptHandler to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setUnexpectedKernelCodePages(boolean value)

public KernelRootkit.Builder setUnexpectedKernelCodePages(boolean value)

True if kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Parameter
Name Description
value boolean

The unexpectedKernelCodePages to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setUnexpectedKprobeHandler(boolean value)

public KernelRootkit.Builder setUnexpectedKprobeHandler(boolean value)

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Parameter
Name Description
value boolean

The unexpectedKprobeHandler to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setUnexpectedProcessesInRunqueue(boolean value)

public KernelRootkit.Builder setUnexpectedProcessesInRunqueue(boolean value)

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Parameter
Name Description
value boolean

The unexpectedProcessesInRunqueue to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setUnexpectedReadOnlyDataModification(boolean value)

public KernelRootkit.Builder setUnexpectedReadOnlyDataModification(boolean value)

True if unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Parameter
Name Description
value boolean

The unexpectedReadOnlyDataModification to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setUnexpectedSystemCallHandler(boolean value)

public KernelRootkit.Builder setUnexpectedSystemCallHandler(boolean value)

True if system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Parameter
Name Description
value boolean

The unexpectedSystemCallHandler to set.

Returns
Type Description
KernelRootkit.Builder

This builder for chaining.

setUnknownFields(UnknownFieldSet unknownFields)

public final KernelRootkit.Builder setUnknownFields(UnknownFieldSet unknownFields)
Parameter
Name Description
unknownFields UnknownFieldSet
Returns
Type Description
KernelRootkit.Builder
Overrides