Reference documentation and code samples for the Google Cloud Security Command Center V1 Client class KernelRootkit.
Kernel mode rootkit signatures.
Generated from protobuf message google.cloud.securitycenter.v1.KernelRootkit
Methods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ name |
string
Rootkit name when available. |
↳ unexpected_code_modification |
bool
True when unexpected modifications of kernel code memory are present. |
↳ unexpected_read_only_data_modification |
bool
True when unexpected modifications of kernel read-only data memory are present. |
↳ unexpected_ftrace_handler |
bool
True when |
↳ unexpected_kprobe_handler |
bool
True when |
↳ unexpected_kernel_code_pages |
bool
True when kernel code pages that are not in the expected kernel or module code regions are present. |
↳ unexpected_system_call_handler |
bool
True when system call handlers that are are not in the expected kernel or module code regions are present. |
↳ unexpected_interrupt_handler |
bool
True when interrupt handlers that are are not in the expected kernel or module code regions are present. |
↳ unexpected_processes_in_runqueue |
bool
True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list. |
getName
Rootkit name when available.
| Returns | |
|---|---|
| Type | Description |
string | |
setName
Rootkit name when available.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getUnexpectedCodeModification
True when unexpected modifications of kernel code memory are present.
| Returns | |
|---|---|
| Type | Description |
bool | |
setUnexpectedCodeModification
True when unexpected modifications of kernel code memory are present.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getUnexpectedReadOnlyDataModification
True when unexpected modifications of kernel read-only data memory are present.
| Returns | |
|---|---|
| Type | Description |
bool | |
setUnexpectedReadOnlyDataModification
True when unexpected modifications of kernel read-only data memory are present.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getUnexpectedFtraceHandler
True when ftrace points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
| Returns | |
|---|---|
| Type | Description |
bool | |
setUnexpectedFtraceHandler
True when ftrace points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getUnexpectedKprobeHandler
True when kprobe points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
| Returns | |
|---|---|
| Type | Description |
bool | |
setUnexpectedKprobeHandler
True when kprobe points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getUnexpectedKernelCodePages
True when kernel code pages that are not in the expected kernel or module code regions are present.
| Returns | |
|---|---|
| Type | Description |
bool | |
setUnexpectedKernelCodePages
True when kernel code pages that are not in the expected kernel or module code regions are present.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getUnexpectedSystemCallHandler
True when system call handlers that are are not in the expected kernel or module code regions are present.
| Returns | |
|---|---|
| Type | Description |
bool | |
setUnexpectedSystemCallHandler
True when system call handlers that are are not in the expected kernel or module code regions are present.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getUnexpectedInterruptHandler
True when interrupt handlers that are are not in the expected kernel or module code regions are present.
| Returns | |
|---|---|
| Type | Description |
bool | |
setUnexpectedInterruptHandler
True when interrupt handlers that are are not in the expected kernel or module code regions are present.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getUnexpectedProcessesInRunqueue
True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
| Returns | |
|---|---|
| Type | Description |
bool | |
setUnexpectedProcessesInRunqueue
True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this | |