public sealed class KernelRootkit : IMessage<KernelRootkit>, IEquatable<KernelRootkit>, IDeepCloneable<KernelRootkit>, IBufferMessage, IMessageReference documentation and code samples for the Google Cloud Security Command Center v1 API class KernelRootkit.
Kernel mode rootkit signatures.
Implements
IMessage<KernelRootkit>, IEquatable<KernelRootkit>, IDeepCloneable<KernelRootkit>, IBufferMessage, IMessageNamespace
Google.Cloud.SecurityCenter.V1Assembly
Google.Cloud.SecurityCenter.V1.dll
Constructors
KernelRootkit()
public KernelRootkit()KernelRootkit(KernelRootkit)
public KernelRootkit(KernelRootkit other)| Parameter | |
|---|---|
| Name | Description |
other |
KernelRootkit |
Properties
Name
public string Name { get; set; }Rootkit name when available.
| Property Value | |
|---|---|
| Type | Description |
String |
|
UnexpectedCodeModification
public bool UnexpectedCodeModification { get; set; }True if unexpected modifications of kernel code memory are present.
| Property Value | |
|---|---|
| Type | Description |
Boolean |
|
UnexpectedFtraceHandler
public bool UnexpectedFtraceHandler { get; set; }True if ftrace points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
| Property Value | |
|---|---|
| Type | Description |
Boolean |
|
UnexpectedInterruptHandler
public bool UnexpectedInterruptHandler { get; set; }True if interrupt handlers that are are not in the expected kernel or module code regions are present.
| Property Value | |
|---|---|
| Type | Description |
Boolean |
|
UnexpectedKernelCodePages
public bool UnexpectedKernelCodePages { get; set; }True if kernel code pages that are not in the expected kernel or module code regions are present.
| Property Value | |
|---|---|
| Type | Description |
Boolean |
|
UnexpectedKprobeHandler
public bool UnexpectedKprobeHandler { get; set; }True if kprobe points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
| Property Value | |
|---|---|
| Type | Description |
Boolean |
|
UnexpectedProcessesInRunqueue
public bool UnexpectedProcessesInRunqueue { get; set; }True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
| Property Value | |
|---|---|
| Type | Description |
Boolean |
|
UnexpectedReadOnlyDataModification
public bool UnexpectedReadOnlyDataModification { get; set; }True if unexpected modifications of kernel read-only data memory are present.
| Property Value | |
|---|---|
| Type | Description |
Boolean |
|
UnexpectedSystemCallHandler
public bool UnexpectedSystemCallHandler { get; set; }True if system call handlers that are are not in the expected kernel or module code regions are present.
| Property Value | |
|---|---|
| Type | Description |
Boolean |
|