public interface KernelRootkitOrBuilder
extends com.google.protobuf.MessageOrBuilder
| Modifier and Type | Method and Description |
|---|---|
String |
getName()
Rootkit name, when available.
|
com.google.protobuf.ByteString |
getNameBytes()
Rootkit name, when available.
|
boolean |
getUnexpectedCodeModification()
True if unexpected modifications of kernel code memory are present.
|
boolean |
getUnexpectedFtraceHandler()
True if `ftrace` points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
|
boolean |
getUnexpectedInterruptHandler()
True if interrupt handlers that are are not in the expected kernel or
module code regions are present.
|
boolean |
getUnexpectedKernelCodePages()
True if kernel code pages that are not in the expected kernel or module
code regions are present.
|
boolean |
getUnexpectedKprobeHandler()
True if `kprobe` points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
|
boolean |
getUnexpectedProcessesInRunqueue()
True if unexpected processes in the scheduler run queue are present.
|
boolean |
getUnexpectedReadOnlyDataModification()
True if unexpected modifications of kernel read-only data memory are
present.
|
boolean |
getUnexpectedSystemCallHandler()
True if system call handlers that are are not in the expected kernel or
module code regions are present.
|
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneofString getName()
Rootkit name, when available.
string name = 1;com.google.protobuf.ByteString getNameBytes()
Rootkit name, when available.
string name = 1;boolean getUnexpectedCodeModification()
True if unexpected modifications of kernel code memory are present.
bool unexpected_code_modification = 2;boolean getUnexpectedReadOnlyDataModification()
True if unexpected modifications of kernel read-only data memory are present.
bool unexpected_read_only_data_modification = 3;boolean getUnexpectedFtraceHandler()
True if `ftrace` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
bool unexpected_ftrace_handler = 4;boolean getUnexpectedKprobeHandler()
True if `kprobe` points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
bool unexpected_kprobe_handler = 5;boolean getUnexpectedKernelCodePages()
True if kernel code pages that are not in the expected kernel or module code regions are present.
bool unexpected_kernel_code_pages = 6;boolean getUnexpectedSystemCallHandler()
True if system call handlers that are are not in the expected kernel or module code regions are present.
bool unexpected_system_call_handler = 7;boolean getUnexpectedInterruptHandler()
True if interrupt handlers that are are not in the expected kernel or module code regions are present.
bool unexpected_interrupt_handler = 8;boolean getUnexpectedProcessesInRunqueue()
True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
bool unexpected_processes_in_runqueue = 9;Copyright © 2023 Google LLC. All rights reserved.