Class: Google::Cloud::SecurityCenter::V1::KernelRootkit

Inherits:

Object

• Object
• Google::Cloud::SecurityCenter::V1::KernelRootkit

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb

Overview

Kernel mode rootkit signatures.

Instance Attribute Summary

• #name ⇒ ::String

  Rootkit name, when available.

• #unexpected_code_modification ⇒ ::Boolean

  True if unexpected modifications of kernel code memory are present.

• #unexpected_ftrace_handler ⇒ ::Boolean

  True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

• #unexpected_interrupt_handler ⇒ ::Boolean

  True if interrupt handlers that are are not in the expected kernel or module code regions are present.

• #unexpected_kernel_code_pages ⇒ ::Boolean

  True if kernel code pages that are not in the expected kernel or module code regions are present.

• #unexpected_kprobe_handler ⇒ ::Boolean

  True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

• #unexpected_processes_in_runqueue ⇒ ::Boolean

  True if unexpected processes in the scheduler run queue are present.

• #unexpected_read_only_data_modification ⇒ ::Boolean

  True if unexpected modifications of kernel read-only data memory are present.

• #unexpected_system_call_handler ⇒ ::Boolean

  True if system call handlers that are are not in the expected kernel or module code regions are present.

Instance Attribute Details

#name ⇒ ::String

Returns Rootkit name, when available.

Returns:

• (::String) —

  Rootkit name, when available.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#unexpected_code_modification ⇒ ::Boolean

Returns True if unexpected modifications of kernel code memory are present.

Returns:

• (::Boolean) —

  True if unexpected modifications of kernel code memory are present.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#unexpected_ftrace_handler ⇒ ::Boolean

Returns True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

Returns:

• (::Boolean) —

  True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#unexpected_interrupt_handler ⇒ ::Boolean

Returns True if interrupt handlers that are are not in the expected kernel or module code regions are present.

Returns:

• (::Boolean) —

  True if interrupt handlers that are are not in the expected kernel or module code regions are present.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#unexpected_kernel_code_pages ⇒ ::Boolean

Returns True if kernel code pages that are not in the expected kernel or module code regions are present.

Returns:

• (::Boolean) —

  True if kernel code pages that are not in the expected kernel or module code regions are present.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#unexpected_kprobe_handler ⇒ ::Boolean

Returns True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

Returns:

• (::Boolean) —

  True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#unexpected_processes_in_runqueue ⇒ ::Boolean

Returns True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

Returns:

• (::Boolean) —

  True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#unexpected_read_only_data_modification ⇒ ::Boolean

Returns True if unexpected modifications of kernel read-only data memory are present.

Returns:

• (::Boolean) —

  True if unexpected modifications of kernel read-only data memory are present.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#unexpected_system_call_handler ⇒ ::Boolean

Returns True if system call handlers that are are not in the expected kernel or module code regions are present.

Returns:

• (::Boolean) —

  True if system call handlers that are are not in the expected kernel or module code regions are present.

# File 'proto_docs/google/cloud/securitycenter/v1/kernel_rootkit.rb', line 59

class KernelRootkit
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end