Reference documentation and code samples for the Google Cloud Security Command Center V1 Client class KernelRootkit.
Kernel mode rootkit signatures.
Generated from protobuf message google.cloud.securitycenter.v1.KernelRootkit
Namespace
Google \ Cloud \ SecurityCenter \ V1Methods
__construct
Constructor.
data
array
Optional. Data for populating the Message object.
↳ name
string
Rootkit name, when available.
↳ unexpected_code_modification
bool
True if unexpected modifications of kernel code memory are present.
↳ unexpected_read_only_data_modification
bool
True if unexpected modifications of kernel read-only data memory are present.
↳ unexpected_ftrace_handler
bool
True if ftrace
points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
↳ unexpected_kprobe_handler
bool
True if kprobe
points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
↳ unexpected_kernel_code_pages
bool
True if kernel code pages that are not in the expected kernel or module code regions are present.
↳ unexpected_system_call_handler
bool
True if system call handlers that are are not in the expected kernel or module code regions are present.
↳ unexpected_interrupt_handler
bool
True if interrupt handlers that are are not in the expected kernel or module code regions are present.
↳ unexpected_processes_in_runqueue
bool
True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
getName
Rootkit name, when available.
string
setName
Rootkit name, when available.
var
string
$this
getUnexpectedCodeModification
True if unexpected modifications of kernel code memory are present.
bool
setUnexpectedCodeModification
True if unexpected modifications of kernel code memory are present.
var
bool
$this
getUnexpectedReadOnlyDataModification
True if unexpected modifications of kernel read-only data memory are present.
bool
setUnexpectedReadOnlyDataModification
True if unexpected modifications of kernel read-only data memory are present.
var
bool
$this
getUnexpectedFtraceHandler
True if ftrace
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool
setUnexpectedFtraceHandler
True if ftrace
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
var
bool
$this
getUnexpectedKprobeHandler
True if kprobe
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
bool
setUnexpectedKprobeHandler
True if kprobe
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
var
bool
$this
getUnexpectedKernelCodePages
True if kernel code pages that are not in the expected kernel or module code regions are present.
bool
setUnexpectedKernelCodePages
True if kernel code pages that are not in the expected kernel or module code regions are present.
var
bool
$this
getUnexpectedSystemCallHandler
True if system call handlers that are are not in the expected kernel or module code regions are present.
bool
setUnexpectedSystemCallHandler
True if system call handlers that are are not in the expected kernel or module code regions are present.
var
bool
$this
getUnexpectedInterruptHandler
True if interrupt handlers that are are not in the expected kernel or module code regions are present.
bool
setUnexpectedInterruptHandler
True if interrupt handlers that are are not in the expected kernel or module code regions are present.
var
bool
$this
getUnexpectedProcessesInRunqueue
True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
bool
setUnexpectedProcessesInRunqueue
True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
var
bool
$this
