Class: Google::Apis::SecuritycenterV1beta1::KernelRootkit

Inherits:

Object

Object
Google::Apis::SecuritycenterV1beta1::KernelRootkit

show all

Includes:: Core::Hashable, Core::JsonObjectSupport

Defined in:: lib/google/apis/securitycenter_v1beta1/classes.rb,
lib/google/apis/securitycenter_v1beta1/representations.rb,
lib/google/apis/securitycenter_v1beta1/representations.rb

Overview

Kernel mode rootkit signatures.

Instance Attribute Summary collapse

#name ⇒ String
Rootkit name, when available.
#unexpected_code_modification ⇒ Boolean (also: #unexpected_code_modification?)
True if unexpected modifications of kernel code memory are present.
#unexpected_ftrace_handler ⇒ Boolean (also: #unexpected_ftrace_handler?)
True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
#unexpected_interrupt_handler ⇒ Boolean (also: #unexpected_interrupt_handler?)
True if interrupt handlers that are are not in the expected kernel or module code regions are present.
#unexpected_kernel_code_pages ⇒ Boolean (also: #unexpected_kernel_code_pages?)
True if kernel code pages that are not in the expected kernel or module code regions are present.
#unexpected_kprobe_handler ⇒ Boolean (also: #unexpected_kprobe_handler?)
True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
#unexpected_processes_in_runqueue ⇒ Boolean (also: #unexpected_processes_in_runqueue?)
True if unexpected processes in the scheduler run queue are present.
#unexpected_read_only_data_modification ⇒ Boolean (also: #unexpected_read_only_data_modification?)
True if unexpected modifications of kernel read-only data memory are present.
#unexpected_system_call_handler ⇒ Boolean (also: #unexpected_system_call_handler?)
True if system call handlers that are are not in the expected kernel or module code regions are present.

Instance Method Summary collapse

#initialize(**args) ⇒ KernelRootkit constructor
A new instance of KernelRootkit.
#update!(**args) ⇒ Object
Update properties of this object.

Constructor Details

#initialize(**args) ⇒ `KernelRootkit`



7365
7366
7367

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7365

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#name ⇒ `String`

Rootkit name, when available. Corresponds to the JSON property name



7309
7310
7311

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7309

def name
  @name
end

#unexpected_code_modification ⇒ `Boolean` Also known as: unexpected_code_modification?

True if unexpected modifications of kernel code memory are present. Corresponds to the JSON property unexpectedCodeModification



7314
7315
7316

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7314

def unexpected_code_modification
  @unexpected_code_modification
end

#unexpected_ftrace_handler ⇒ `Boolean` Also known as: unexpected_ftrace_handler?

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range. Corresponds to the JSON property unexpectedFtraceHandler



7321
7322
7323

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7321

def unexpected_ftrace_handler
  @unexpected_ftrace_handler
end

#unexpected_interrupt_handler ⇒ `Boolean` Also known as: unexpected_interrupt_handler?

True if interrupt handlers that are are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedInterruptHandler



7328
7329
7330

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7328

def unexpected_interrupt_handler
  @unexpected_interrupt_handler
end

#unexpected_kernel_code_pages ⇒ `Boolean` Also known as: unexpected_kernel_code_pages?

True if kernel code pages that are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedKernelCodePages



7335
7336
7337

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7335

def unexpected_kernel_code_pages
  @unexpected_kernel_code_pages
end

#unexpected_kprobe_handler ⇒ `Boolean` Also known as: unexpected_kprobe_handler?

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range. Corresponds to the JSON property unexpectedKprobeHandler



7342
7343
7344

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7342

def unexpected_kprobe_handler
  @unexpected_kprobe_handler
end

#unexpected_processes_in_runqueue ⇒ `Boolean` Also known as: unexpected_processes_in_runqueue?

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list. Corresponds to the JSON property unexpectedProcessesInRunqueue



7349
7350
7351

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7349

def unexpected_processes_in_runqueue
  @unexpected_processes_in_runqueue
end

#unexpected_read_only_data_modification ⇒ `Boolean` Also known as: unexpected_read_only_data_modification?

True if unexpected modifications of kernel read-only data memory are present. Corresponds to the JSON property unexpectedReadOnlyDataModification



7355
7356
7357

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7355

def unexpected_read_only_data_modification
  @unexpected_read_only_data_modification
end

#unexpected_system_call_handler ⇒ `Boolean` Also known as: unexpected_system_call_handler?

True if system call handlers that are are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedSystemCallHandler



7362
7363
7364

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7362

def unexpected_system_call_handler
  @unexpected_system_call_handler
end

Instance Method Details

#update!(**args) ⇒ `Object`

Update properties of this object

# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7370

def update!(**args)
  @name = args[:name] if args.key?(:name)
  @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
  @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
  @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
  @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
  @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
  @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
  @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
  @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
end

Class: Google::Apis::SecuritycenterV1beta1::KernelRootkit

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ KernelRootkit

Instance Attribute Details

#name ⇒ String

#unexpected_code_modification ⇒ Boolean Also known as: unexpected_code_modification?

#unexpected_ftrace_handler ⇒ Boolean Also known as: unexpected_ftrace_handler?

#unexpected_interrupt_handler ⇒ Boolean Also known as: unexpected_interrupt_handler?

#unexpected_kernel_code_pages ⇒ Boolean Also known as: unexpected_kernel_code_pages?

#unexpected_kprobe_handler ⇒ Boolean Also known as: unexpected_kprobe_handler?

#unexpected_processes_in_runqueue ⇒ Boolean Also known as: unexpected_processes_in_runqueue?

#unexpected_read_only_data_modification ⇒ Boolean Also known as: unexpected_read_only_data_modification?

#unexpected_system_call_handler ⇒ Boolean Also known as: unexpected_system_call_handler?