- 2.84.0 (latest)
- 2.83.0
- 2.82.0
- 2.81.0
- 2.80.0
- 2.78.0
- 2.76.0
- 2.75.0
- 2.72.0
- 2.71.0
- 2.70.0
- 2.68.0
- 2.67.0
- 2.66.0
- 2.65.0
- 2.64.0
- 2.63.0
- 2.62.0
- 2.61.0
- 2.60.0
- 2.59.0
- 2.57.0
- 2.56.0
- 2.55.0
- 2.54.0
- 2.53.0
- 2.52.0
- 2.51.0
- 2.50.0
- 2.49.0
- 2.48.0
- 2.47.0
- 2.45.0
- 2.44.0
- 2.43.0
- 2.42.0
- 2.41.0
- 2.40.0
- 2.39.0
- 2.38.0
- 2.37.0
- 2.36.0
- 2.35.0
- 2.32.0
- 2.31.0
- 2.30.0
- 2.29.0
- 2.28.0
- 2.27.0
- 2.26.0
- 2.25.0
- 2.24.0
- 2.23.0
- 2.22.0
- 2.21.0
- 2.20.0
- 2.19.0
- 2.17.0
- 2.16.0
- 2.15.0
- 2.14.0
- 2.13.0
- 2.12.0
- 2.11.1
- 2.10.0
- 2.9.0
- 2.8.0
- 2.7.1
- 2.6.0
- 2.5.6
- 2.3.2
public interface KernelRootkitOrBuilder extends MessageOrBuilderImplements
MessageOrBuilderMethods
getName()
public abstract String getName()Rootkit name, when available.
string name = 1;
| Returns | |
|---|---|
| Type | Description |
String |
The name. |
getNameBytes()
public abstract ByteString getNameBytes()Rootkit name, when available.
string name = 1;
| Returns | |
|---|---|
| Type | Description |
ByteString |
The bytes for name. |
getUnexpectedCodeModification()
public abstract boolean getUnexpectedCodeModification()True if unexpected modifications of kernel code memory are present.
bool unexpected_code_modification = 2;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedCodeModification. |
getUnexpectedFtraceHandler()
public abstract boolean getUnexpectedFtraceHandler() True if ftrace points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_ftrace_handler = 4;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedFtraceHandler. |
getUnexpectedInterruptHandler()
public abstract boolean getUnexpectedInterruptHandler()True if interrupt handlers that are are not in the expected kernel or module code regions are present.
bool unexpected_interrupt_handler = 8;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedInterruptHandler. |
getUnexpectedKernelCodePages()
public abstract boolean getUnexpectedKernelCodePages()True if kernel code pages that are not in the expected kernel or module code regions are present.
bool unexpected_kernel_code_pages = 6;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedKernelCodePages. |
getUnexpectedKprobeHandler()
public abstract boolean getUnexpectedKprobeHandler() True if kprobe points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_kprobe_handler = 5;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedKprobeHandler. |
getUnexpectedProcessesInRunqueue()
public abstract boolean getUnexpectedProcessesInRunqueue()True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
bool unexpected_processes_in_runqueue = 9;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedProcessesInRunqueue. |
getUnexpectedReadOnlyDataModification()
public abstract boolean getUnexpectedReadOnlyDataModification()True if unexpected modifications of kernel read-only data memory are present.
bool unexpected_read_only_data_modification = 3;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedReadOnlyDataModification. |
getUnexpectedSystemCallHandler()
public abstract boolean getUnexpectedSystemCallHandler()True if system call handlers that are are not in the expected kernel or module code regions are present.
bool unexpected_system_call_handler = 7;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedSystemCallHandler. |