Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Interface KernelRootkitOrBuilder (2.15.0)

public interface KernelRootkitOrBuilder extends MessageOrBuilder

Implements

MessageOrBuilder

Methods

getName()

public abstract String getName()

Rootkit name when available.

string name = 1;

Returns

Type	Description
String	The name.

getNameBytes()

public abstract ByteString getNameBytes()

Rootkit name when available.

string name = 1;

Returns

Type	Description
ByteString	The bytes for name.

getUnexpectedCodeModification()

public abstract boolean getUnexpectedCodeModification()

True if unexpected modifications of kernel code memory are present.

bool unexpected_code_modification = 2;

Returns

Type	Description
boolean	The unexpectedCodeModification.

getUnexpectedFtraceHandler()

public abstract boolean getUnexpectedFtraceHandler()

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_ftrace_handler = 4;

Returns

Type	Description
boolean	The unexpectedFtraceHandler.

getUnexpectedInterruptHandler()

public abstract boolean getUnexpectedInterruptHandler()

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_interrupt_handler = 8;

Returns

Type	Description
boolean	The unexpectedInterruptHandler.

getUnexpectedKernelCodePages()

public abstract boolean getUnexpectedKernelCodePages()

True if kernel code pages that are not in the expected kernel or module code regions are present.

bool unexpected_kernel_code_pages = 6;

Returns

Type	Description
boolean	The unexpectedKernelCodePages.

getUnexpectedKprobeHandler()

public abstract boolean getUnexpectedKprobeHandler()

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

bool unexpected_kprobe_handler = 5;

Returns

Type	Description
boolean	The unexpectedKprobeHandler.

getUnexpectedProcessesInRunqueue()

public abstract boolean getUnexpectedProcessesInRunqueue()

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

bool unexpected_processes_in_runqueue = 9;

Returns

Type	Description
boolean	The unexpectedProcessesInRunqueue.

getUnexpectedReadOnlyDataModification()

public abstract boolean getUnexpectedReadOnlyDataModification()

True if unexpected modifications of kernel read-only data memory are present.

bool unexpected_read_only_data_modification = 3;

Returns

Type	Description
boolean	The unexpectedReadOnlyDataModification.

getUnexpectedSystemCallHandler()

public abstract boolean getUnexpectedSystemCallHandler()

True if system call handlers that are are not in the expected kernel or module code regions are present.

bool unexpected_system_call_handler = 7;

Returns

Type	Description
boolean	The unexpectedSystemCallHandler.