Reference documentation and code samples for the Security Command Center V2 API class Google::Cloud::SecurityCenter::V2::KernelRootkit.
Kernel mode rootkit signatures.
Inherits
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#name
def name() -> ::String
Returns
- (::String) — Rootkit name, when available.
#name=
def name=(value) -> ::String
Parameter
- value (::String) — Rootkit name, when available.
Returns
- (::String) — Rootkit name, when available.
#unexpected_code_modification
def unexpected_code_modification() -> ::Boolean
Returns
- (::Boolean) — True if unexpected modifications of kernel code memory are present.
#unexpected_code_modification=
def unexpected_code_modification=(value) -> ::Boolean
Parameter
- value (::Boolean) — True if unexpected modifications of kernel code memory are present.
Returns
- (::Boolean) — True if unexpected modifications of kernel code memory are present.
#unexpected_ftrace_handler
def unexpected_ftrace_handler() -> ::Boolean
Returns
-
(::Boolean) — True if
ftrace
points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
#unexpected_ftrace_handler=
def unexpected_ftrace_handler=(value) -> ::Boolean
Parameter
-
value (::Boolean) — True if
ftrace
points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
Returns
-
(::Boolean) — True if
ftrace
points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
#unexpected_interrupt_handler
def unexpected_interrupt_handler() -> ::Boolean
Returns
- (::Boolean) — True if interrupt handlers that are are not in the expected kernel or module code regions are present.
#unexpected_interrupt_handler=
def unexpected_interrupt_handler=(value) -> ::Boolean
Parameter
- value (::Boolean) — True if interrupt handlers that are are not in the expected kernel or module code regions are present.
Returns
- (::Boolean) — True if interrupt handlers that are are not in the expected kernel or module code regions are present.
#unexpected_kernel_code_pages
def unexpected_kernel_code_pages() -> ::Boolean
Returns
- (::Boolean) — True if kernel code pages that are not in the expected kernel or module code regions are present.
#unexpected_kernel_code_pages=
def unexpected_kernel_code_pages=(value) -> ::Boolean
Parameter
- value (::Boolean) — True if kernel code pages that are not in the expected kernel or module code regions are present.
Returns
- (::Boolean) — True if kernel code pages that are not in the expected kernel or module code regions are present.
#unexpected_kprobe_handler
def unexpected_kprobe_handler() -> ::Boolean
Returns
-
(::Boolean) — True if
kprobe
points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
#unexpected_kprobe_handler=
def unexpected_kprobe_handler=(value) -> ::Boolean
Parameter
-
value (::Boolean) — True if
kprobe
points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
Returns
-
(::Boolean) — True if
kprobe
points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
#unexpected_processes_in_runqueue
def unexpected_processes_in_runqueue() -> ::Boolean
Returns
- (::Boolean) — True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
#unexpected_processes_in_runqueue=
def unexpected_processes_in_runqueue=(value) -> ::Boolean
Parameter
- value (::Boolean) — True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
Returns
- (::Boolean) — True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
#unexpected_read_only_data_modification
def unexpected_read_only_data_modification() -> ::Boolean
Returns
- (::Boolean) — True if unexpected modifications of kernel read-only data memory are present.
#unexpected_read_only_data_modification=
def unexpected_read_only_data_modification=(value) -> ::Boolean
Parameter
- value (::Boolean) — True if unexpected modifications of kernel read-only data memory are present.
Returns
- (::Boolean) — True if unexpected modifications of kernel read-only data memory are present.
#unexpected_system_call_handler
def unexpected_system_call_handler() -> ::Boolean
Returns
- (::Boolean) — True if system call handlers that are are not in the expected kernel or module code regions are present.
#unexpected_system_call_handler=
def unexpected_system_call_handler=(value) -> ::Boolean
Parameter
- value (::Boolean) — True if system call handlers that are are not in the expected kernel or module code regions are present.
Returns
- (::Boolean) — True if system call handlers that are are not in the expected kernel or module code regions are present.