com.google.cloud.securitycenter.v1

Class KernelRootkit

java.lang.Object

com.google.protobuf.AbstractMessageLite

com.google.protobuf.AbstractMessage

com.google.protobuf.GeneratedMessageV3

com.google.cloud.securitycenter.v1.KernelRootkit

All Implemented Interfaces:

KernelRootkitOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable

public final class KernelRootkit
extends com.google.protobuf.GeneratedMessageV3
implements KernelRootkitOrBuilder

 Kernel mode rootkit signatures.
 

Protobuf type google.cloud.securitycenter.v1.KernelRootkit

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	KernelRootkit.Builder Kernel mode rootkit signatures.

Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>,BuilderT extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT,BuilderT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

com.google.protobuf.AbstractMessageLite.InternalOneOfEnum

Field Summary

Fields

Modifier and Type	Field and Description
static int	NAME_FIELD_NUMBER
static int	UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER
static int	UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER
static int	UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER
static int	UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER
static int	UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER
static int	UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER
static int	UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER
static int	UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER

Fields inherited from class com.google.protobuf.GeneratedMessageV3

alwaysUseFieldBuilders, unknownFields

Fields inherited from class com.google.protobuf.AbstractMessage

memoizedSize

Fields inherited from class com.google.protobuf.AbstractMessageLite

memoizedHashCode

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
static KernelRootkit	getDefaultInstance()
KernelRootkit	getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor	getDescriptor()
String	getName() Rootkit name, when available.
com.google.protobuf.ByteString	getNameBytes() Rootkit name, when available.
com.google.protobuf.Parser<KernelRootkit>	getParserForType()
int	getSerializedSize()
boolean	getUnexpectedCodeModification() True if unexpected modifications of kernel code memory are present.
boolean	getUnexpectedFtraceHandler() True if `ftrace` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
boolean	getUnexpectedInterruptHandler() True if interrupt handlers that are are not in the expected kernel or module code regions are present.
boolean	getUnexpectedKernelCodePages() True if kernel code pages that are not in the expected kernel or module code regions are present.
boolean	getUnexpectedKprobeHandler() True if `kprobe` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
boolean	getUnexpectedProcessesInRunqueue() True if unexpected processes in the scheduler run queue are present.
boolean	getUnexpectedReadOnlyDataModification() True if unexpected modifications of kernel read-only data memory are present.
boolean	getUnexpectedSystemCallHandler() True if system call handlers that are are not in the expected kernel or module code regions are present.
int	hashCode()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
boolean	isInitialized()
static KernelRootkit.Builder	newBuilder()
static KernelRootkit.Builder	newBuilder(KernelRootkit prototype)
KernelRootkit.Builder	newBuilderForType()
protected KernelRootkit.Builder	newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
protected Object	newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
static KernelRootkit	parseDelimitedFrom(InputStream input)
static KernelRootkit	parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static KernelRootkit	parseFrom(byte[] data)
static KernelRootkit	parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static KernelRootkit	parseFrom(ByteBuffer data)
static KernelRootkit	parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static KernelRootkit	parseFrom(com.google.protobuf.ByteString data)
static KernelRootkit	parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static KernelRootkit	parseFrom(com.google.protobuf.CodedInputStream input)
static KernelRootkit	parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static KernelRootkit	parseFrom(InputStream input)
static KernelRootkit	parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static com.google.protobuf.Parser<KernelRootkit>	parser()
KernelRootkit.Builder	toBuilder()
void	writeTo(com.google.protobuf.CodedOutputStream output)

Methods inherited from class com.google.protobuf.GeneratedMessageV3

canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, isStringEmpty, makeExtensionsImmutable, makeMutableCopy, makeMutableCopy, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

Methods inherited from class com.google.protobuf.AbstractMessage

findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite

addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLite

toByteArray, toByteString, writeDelimitedTo, writeTo

Field Detail

NAME_FIELD_NUMBER

public static final int NAME_FIELD_NUMBER

See Also:

Constant Field Values

UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER

public static final int UNEXPECTED_CODE_MODIFICATION_FIELD_NUMBER

See Also:

Constant Field Values

UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER

public static final int UNEXPECTED_READ_ONLY_DATA_MODIFICATION_FIELD_NUMBER

See Also:

Constant Field Values

UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER

public static final int UNEXPECTED_FTRACE_HANDLER_FIELD_NUMBER

See Also:

Constant Field Values

UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER

public static final int UNEXPECTED_KPROBE_HANDLER_FIELD_NUMBER

See Also:

Constant Field Values

UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER

public static final int UNEXPECTED_KERNEL_CODE_PAGES_FIELD_NUMBER

See Also:

Constant Field Values

UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER

public static final int UNEXPECTED_SYSTEM_CALL_HANDLER_FIELD_NUMBER

See Also:

Constant Field Values

UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER

public static final int UNEXPECTED_INTERRUPT_HANDLER_FIELD_NUMBER

See Also:

Constant Field Values

UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER

public static final int UNEXPECTED_PROCESSES_IN_RUNQUEUE_FIELD_NUMBER

See Also:

Constant Field Values

Method Detail

newInstance

protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)

Overrides:

newInstance in class com.google.protobuf.GeneratedMessageV3

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

getName

public String getName()

 Rootkit name, when available.
 

string name = 1;

Specified by:

getName in interface KernelRootkitOrBuilder

Returns:

The name.

getNameBytes

public com.google.protobuf.ByteString getNameBytes()

 Rootkit name, when available.
 

string name = 1;

Specified by:

getNameBytes in interface KernelRootkitOrBuilder

Returns:

The bytes for name.

getUnexpectedCodeModification

public boolean getUnexpectedCodeModification()

 True if unexpected modifications of kernel code memory are present.
 

bool unexpected_code_modification = 2;

Specified by:

getUnexpectedCodeModification in interface KernelRootkitOrBuilder

Returns:

The unexpectedCodeModification.

getUnexpectedReadOnlyDataModification

public boolean getUnexpectedReadOnlyDataModification()

 True if unexpected modifications of kernel read-only data memory are
 present.
 

bool unexpected_read_only_data_modification = 3;

Specified by:

getUnexpectedReadOnlyDataModification in interface KernelRootkitOrBuilder

Returns:

The unexpectedReadOnlyDataModification.

getUnexpectedFtraceHandler

public boolean getUnexpectedFtraceHandler()

 True if `ftrace` points are present with callbacks pointing to regions
 that are not in the expected kernel or module code range.
 

bool unexpected_ftrace_handler = 4;

Specified by:

getUnexpectedFtraceHandler in interface KernelRootkitOrBuilder

Returns:

The unexpectedFtraceHandler.

getUnexpectedKprobeHandler

public boolean getUnexpectedKprobeHandler()

 True if `kprobe` points are present with callbacks pointing to regions
 that are not in the expected kernel or module code range.
 

bool unexpected_kprobe_handler = 5;

Specified by:

getUnexpectedKprobeHandler in interface KernelRootkitOrBuilder

Returns:

The unexpectedKprobeHandler.

getUnexpectedKernelCodePages

public boolean getUnexpectedKernelCodePages()

 True if kernel code pages that are not in the expected kernel or module
 code regions are present.
 

bool unexpected_kernel_code_pages = 6;

Specified by:

getUnexpectedKernelCodePages in interface KernelRootkitOrBuilder

Returns:

The unexpectedKernelCodePages.

getUnexpectedSystemCallHandler

public boolean getUnexpectedSystemCallHandler()

 True if system call handlers that are are not in the expected kernel or
 module code regions are present.
 

bool unexpected_system_call_handler = 7;

Specified by:

getUnexpectedSystemCallHandler in interface KernelRootkitOrBuilder

Returns:

The unexpectedSystemCallHandler.

getUnexpectedInterruptHandler

public boolean getUnexpectedInterruptHandler()

 True if interrupt handlers that are are not in the expected kernel or
 module code regions are present.
 

bool unexpected_interrupt_handler = 8;

Specified by:

getUnexpectedInterruptHandler in interface KernelRootkitOrBuilder

Returns:

The unexpectedInterruptHandler.

getUnexpectedProcessesInRunqueue

public boolean getUnexpectedProcessesInRunqueue()

 True if unexpected processes in the scheduler run queue are present. Such
 processes are in the run queue, but not in the process task list.
 

bool unexpected_processes_in_runqueue = 9;

Specified by:

getUnexpectedProcessesInRunqueue in interface KernelRootkitOrBuilder

Returns:

The unexpectedProcessesInRunqueue.

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3

writeTo

public void writeTo(com.google.protobuf.CodedOutputStream output)
             throws IOException

Specified by:

writeTo in interface com.google.protobuf.MessageLite

Overrides:

writeTo in class com.google.protobuf.GeneratedMessageV3

Throws:

IOException

getSerializedSize

public int getSerializedSize()

Specified by:

getSerializedSize in interface com.google.protobuf.MessageLite

Overrides:

getSerializedSize in class com.google.protobuf.GeneratedMessageV3

equals

public boolean equals(Object obj)

Specified by:

equals in interface com.google.protobuf.Message

Overrides:

equals in class com.google.protobuf.AbstractMessage

hashCode

public int hashCode()

Specified by:

hashCode in interface com.google.protobuf.Message

Overrides:

hashCode in class com.google.protobuf.AbstractMessage

parseFrom

public static KernelRootkit parseFrom(ByteBuffer data)
                               throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static KernelRootkit parseFrom(ByteBuffer data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static KernelRootkit parseFrom(com.google.protobuf.ByteString data)
                               throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static KernelRootkit parseFrom(com.google.protobuf.ByteString data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static KernelRootkit parseFrom(byte[] data)
                               throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static KernelRootkit parseFrom(byte[] data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static KernelRootkit parseFrom(InputStream input)
                               throws IOException

Throws:

IOException

parseFrom

public static KernelRootkit parseFrom(InputStream input,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws IOException

Throws:

IOException

parseDelimitedFrom

public static KernelRootkit parseDelimitedFrom(InputStream input)
                                        throws IOException

Throws:

IOException

parseDelimitedFrom

public static KernelRootkit parseDelimitedFrom(InputStream input,
                                               com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                        throws IOException

Throws:

IOException

parseFrom

public static KernelRootkit parseFrom(com.google.protobuf.CodedInputStream input)
                               throws IOException

Throws:

IOException

parseFrom

public static KernelRootkit parseFrom(com.google.protobuf.CodedInputStream input,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws IOException

Throws:

IOException

newBuilderForType

public KernelRootkit.Builder newBuilderForType()

Specified by:

newBuilderForType in interface com.google.protobuf.Message

Specified by:

newBuilderForType in interface com.google.protobuf.MessageLite

newBuilder

public static KernelRootkit.Builder newBuilder()

newBuilder

public static KernelRootkit.Builder newBuilder(KernelRootkit prototype)

toBuilder

public KernelRootkit.Builder toBuilder()

Specified by:

toBuilder in interface com.google.protobuf.Message

Specified by:

toBuilder in interface com.google.protobuf.MessageLite

newBuilderForType

protected KernelRootkit.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)

Specified by:

newBuilderForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstance

public static KernelRootkit getDefaultInstance()

parser

public static com.google.protobuf.Parser<KernelRootkit> parser()

getParserForType

public com.google.protobuf.Parser<KernelRootkit> getParserForType()

Specified by:

getParserForType in interface com.google.protobuf.Message

Specified by:

getParserForType in interface com.google.protobuf.MessageLite

Overrides:

getParserForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstanceForType

public KernelRootkit getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder