Class: Google::Apis::SecuritycenterV1beta1::KernelRootkit

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/securitycenter_v1beta1/classes.rb,
lib/google/apis/securitycenter_v1beta1/representations.rb,
lib/google/apis/securitycenter_v1beta1/representations.rb

Overview

Kernel mode rootkit signatures.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ KernelRootkit

Returns a new instance of KernelRootkit.



2887
2888
2889
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2887

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#nameString

Rootkit name when available. Corresponds to the JSON property name

Returns:

  • (String) 


2831
2832
2833
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2831

def name
  @name
end

#unexpected_code_modificationBoolean Also known as: unexpected_code_modification?

True when unexpected modifications of kernel code memory are present. Corresponds to the JSON property unexpectedCodeModification

Returns:

  • (Boolean) 


2836
2837
2838
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2836

def unexpected_code_modification
  @unexpected_code_modification
end

#unexpected_ftrace_handlerBoolean Also known as: unexpected_ftrace_handler?

True when ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range. Corresponds to the JSON property unexpectedFtraceHandler

Returns:

  • (Boolean) 


2843
2844
2845
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2843

def unexpected_ftrace_handler
  @unexpected_ftrace_handler
end

#unexpected_interrupt_handlerBoolean Also known as: unexpected_interrupt_handler?

True when interrupt handlers that are are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedInterruptHandler

Returns:

  • (Boolean) 


2850
2851
2852
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2850

def unexpected_interrupt_handler
  @unexpected_interrupt_handler
end

#unexpected_kernel_code_pagesBoolean Also known as: unexpected_kernel_code_pages?

True when kernel code pages that are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedKernelCodePages

Returns:

  • (Boolean) 


2857
2858
2859
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2857

def unexpected_kernel_code_pages
  @unexpected_kernel_code_pages
end

#unexpected_kprobe_handlerBoolean Also known as: unexpected_kprobe_handler?

True when kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range. Corresponds to the JSON property unexpectedKprobeHandler

Returns:

  • (Boolean) 


2864
2865
2866
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2864

def unexpected_kprobe_handler
  @unexpected_kprobe_handler
end

#unexpected_processes_in_runqueueBoolean Also known as: unexpected_processes_in_runqueue?

True when unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list. Corresponds to the JSON property unexpectedProcessesInRunqueue

Returns:

  • (Boolean) 


2871
2872
2873
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2871

def unexpected_processes_in_runqueue
  @unexpected_processes_in_runqueue
end

#unexpected_read_only_data_modificationBoolean Also known as: unexpected_read_only_data_modification?

True when unexpected modifications of kernel read-only data memory are present. Corresponds to the JSON property unexpectedReadOnlyDataModification

Returns:

  • (Boolean) 


2877
2878
2879
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2877

def unexpected_read_only_data_modification
  @unexpected_read_only_data_modification
end

#unexpected_system_call_handlerBoolean Also known as: unexpected_system_call_handler?

True when system call handlers that are are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedSystemCallHandler

Returns:

  • (Boolean) 


2884
2885
2886
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2884

def unexpected_system_call_handler
  @unexpected_system_call_handler
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 2892

def update!(**args)
  @name = args[:name] if args.key?(:name)
  @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
  @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
  @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
  @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
  @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
  @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
  @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
  @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
end