public interface KernelRootkitOrBuilder extends MessageOrBuilderImplements
MessageOrBuilderMethods
getName()
public abstract String getName()Rootkit name, when available.
string name = 1;
| Returns | |
|---|---|
| Type | Description |
String |
The name. |
getNameBytes()
public abstract ByteString getNameBytes()Rootkit name, when available.
string name = 1;
| Returns | |
|---|---|
| Type | Description |
ByteString |
The bytes for name. |
getUnexpectedCodeModification()
public abstract boolean getUnexpectedCodeModification()True if unexpected modifications of kernel code memory are present.
bool unexpected_code_modification = 2;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedCodeModification. |
getUnexpectedFtraceHandler()
public abstract boolean getUnexpectedFtraceHandler() True if ftrace points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_ftrace_handler = 4;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedFtraceHandler. |
getUnexpectedInterruptHandler()
public abstract boolean getUnexpectedInterruptHandler()True if interrupt handlers that are are not in the expected kernel or module code regions are present.
bool unexpected_interrupt_handler = 8;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedInterruptHandler. |
getUnexpectedKernelCodePages()
public abstract boolean getUnexpectedKernelCodePages()True if kernel code pages that are not in the expected kernel or module code regions are present.
bool unexpected_kernel_code_pages = 6;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedKernelCodePages. |
getUnexpectedKprobeHandler()
public abstract boolean getUnexpectedKprobeHandler() True if kprobe points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool unexpected_kprobe_handler = 5;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedKprobeHandler. |
getUnexpectedProcessesInRunqueue()
public abstract boolean getUnexpectedProcessesInRunqueue()True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
bool unexpected_processes_in_runqueue = 9;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedProcessesInRunqueue. |
getUnexpectedReadOnlyDataModification()
public abstract boolean getUnexpectedReadOnlyDataModification()True if unexpected modifications of kernel read-only data memory are present.
bool unexpected_read_only_data_modification = 3;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedReadOnlyDataModification. |
getUnexpectedSystemCallHandler()
public abstract boolean getUnexpectedSystemCallHandler()True if system call handlers that are are not in the expected kernel or module code regions are present.
bool unexpected_system_call_handler = 7;
| Returns | |
|---|---|
| Type | Description |
boolean |
The unexpectedSystemCallHandler. |