Security Command Center V2 API - Class Google::Cloud::SecurityCenter::V2::KernelRootkit (v0.4.1)

Reference documentation and code samples for the Security Command Center V2 API class Google::Cloud::SecurityCenter::V2::KernelRootkit.

Kernel mode rootkit signatures.

Inherits

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#name

def name() -> ::String
Returns
  • (::String) — Rootkit name, when available.

#name=

def name=(value) -> ::String
Parameter
  • value (::String) — Rootkit name, when available.
Returns
  • (::String) — Rootkit name, when available.

#unexpected_code_modification

def unexpected_code_modification() -> ::Boolean
Returns
  • (::Boolean) — True if unexpected modifications of kernel code memory are present.

#unexpected_code_modification=

def unexpected_code_modification=(value) -> ::Boolean
Parameter
  • value (::Boolean) — True if unexpected modifications of kernel code memory are present.
Returns
  • (::Boolean) — True if unexpected modifications of kernel code memory are present.

#unexpected_ftrace_handler

def unexpected_ftrace_handler() -> ::Boolean
Returns
  • (::Boolean) — True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

#unexpected_ftrace_handler=

def unexpected_ftrace_handler=(value) -> ::Boolean
Parameter
  • value (::Boolean) — True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
Returns
  • (::Boolean) — True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

#unexpected_interrupt_handler

def unexpected_interrupt_handler() -> ::Boolean
Returns
  • (::Boolean) — True if interrupt handlers that are are not in the expected kernel or module code regions are present.

#unexpected_interrupt_handler=

def unexpected_interrupt_handler=(value) -> ::Boolean
Parameter
  • value (::Boolean) — True if interrupt handlers that are are not in the expected kernel or module code regions are present.
Returns
  • (::Boolean) — True if interrupt handlers that are are not in the expected kernel or module code regions are present.

#unexpected_kernel_code_pages

def unexpected_kernel_code_pages() -> ::Boolean
Returns
  • (::Boolean) — True if kernel code pages that are not in the expected kernel or module code regions are present.

#unexpected_kernel_code_pages=

def unexpected_kernel_code_pages=(value) -> ::Boolean
Parameter
  • value (::Boolean) — True if kernel code pages that are not in the expected kernel or module code regions are present.
Returns
  • (::Boolean) — True if kernel code pages that are not in the expected kernel or module code regions are present.

#unexpected_kprobe_handler

def unexpected_kprobe_handler() -> ::Boolean
Returns
  • (::Boolean) — True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

#unexpected_kprobe_handler=

def unexpected_kprobe_handler=(value) -> ::Boolean
Parameter
  • value (::Boolean) — True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
Returns
  • (::Boolean) — True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

#unexpected_processes_in_runqueue

def unexpected_processes_in_runqueue() -> ::Boolean
Returns
  • (::Boolean) — True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

#unexpected_processes_in_runqueue=

def unexpected_processes_in_runqueue=(value) -> ::Boolean
Parameter
  • value (::Boolean) — True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
Returns
  • (::Boolean) — True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

#unexpected_read_only_data_modification

def unexpected_read_only_data_modification() -> ::Boolean
Returns
  • (::Boolean) — True if unexpected modifications of kernel read-only data memory are present.

#unexpected_read_only_data_modification=

def unexpected_read_only_data_modification=(value) -> ::Boolean
Parameter
  • value (::Boolean) — True if unexpected modifications of kernel read-only data memory are present.
Returns
  • (::Boolean) — True if unexpected modifications of kernel read-only data memory are present.

#unexpected_system_call_handler

def unexpected_system_call_handler() -> ::Boolean
Returns
  • (::Boolean) — True if system call handlers that are are not in the expected kernel or module code regions are present.

#unexpected_system_call_handler=

def unexpected_system_call_handler=(value) -> ::Boolean
Parameter
  • value (::Boolean) — True if system call handlers that are are not in the expected kernel or module code regions are present.
Returns
  • (::Boolean) — True if system call handlers that are are not in the expected kernel or module code regions are present.