Class: Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2KernelRootkit

Inherits:

Object

• Object
• Google::Apis::SecuritycenterV1::GoogleCloudSecuritycenterV2KernelRootkit

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/securitycenter_v1/classes.rb,
lib/google/apis/securitycenter_v1/representations.rb,
lib/google/apis/securitycenter_v1/representations.rb

Overview

Kernel mode rootkit signatures.

Instance Attribute Summary

• #name ⇒ String

  Rootkit name, when available.

• #unexpected_code_modification ⇒ Boolean (also: #unexpected_code_modification?)

  True if unexpected modifications of kernel code memory are present.

• #unexpected_ftrace_handler ⇒ Boolean (also: #unexpected_ftrace_handler?)

  True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

• #unexpected_interrupt_handler ⇒ Boolean (also: #unexpected_interrupt_handler?)

  True if interrupt handlers that are are not in the expected kernel or module code regions are present.

• #unexpected_kernel_code_pages ⇒ Boolean (also: #unexpected_kernel_code_pages?)

  True if kernel code pages that are not in the expected kernel or module code regions are present.

• #unexpected_kprobe_handler ⇒ Boolean (also: #unexpected_kprobe_handler?)

  True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

• #unexpected_processes_in_runqueue ⇒ Boolean (also: #unexpected_processes_in_runqueue?)

  True if unexpected processes in the scheduler run queue are present.

• #unexpected_read_only_data_modification ⇒ Boolean (also: #unexpected_read_only_data_modification?)

  True if unexpected modifications of kernel read-only data memory are present.

• #unexpected_system_call_handler ⇒ Boolean (also: #unexpected_system_call_handler?)

  True if system call handlers that are are not in the expected kernel or module code regions are present.

Instance Method Summary

• #initialize(**args) ⇒ GoogleCloudSecuritycenterV2KernelRootkit constructor

  A new instance of GoogleCloudSecuritycenterV2KernelRootkit.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ GoogleCloudSecuritycenterV2KernelRootkit

Returns a new instance of GoogleCloudSecuritycenterV2KernelRootkit.

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6169

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#name ⇒ String

Rootkit name, when available. Corresponds to the JSON property name

Returns:

• (String)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6113

def name
  @name
end

#unexpected_code_modification ⇒ Boolean Also known as: unexpected_code_modification?

True if unexpected modifications of kernel code memory are present. Corresponds to the JSON property unexpectedCodeModification

Returns:

• (Boolean)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6118

def unexpected_code_modification
  @unexpected_code_modification
end

#unexpected_ftrace_handler ⇒ Boolean Also known as: unexpected_ftrace_handler?

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range. Corresponds to the JSON property unexpectedFtraceHandler

Returns:

• (Boolean)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6125

def unexpected_ftrace_handler
  @unexpected_ftrace_handler
end

#unexpected_interrupt_handler ⇒ Boolean Also known as: unexpected_interrupt_handler?

True if interrupt handlers that are are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedInterruptHandler

Returns:

• (Boolean)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6132

def unexpected_interrupt_handler
  @unexpected_interrupt_handler
end

#unexpected_kernel_code_pages ⇒ Boolean Also known as: unexpected_kernel_code_pages?

True if kernel code pages that are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedKernelCodePages

Returns:

• (Boolean)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6139

def unexpected_kernel_code_pages
  @unexpected_kernel_code_pages
end

#unexpected_kprobe_handler ⇒ Boolean Also known as: unexpected_kprobe_handler?

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range. Corresponds to the JSON property unexpectedKprobeHandler

Returns:

• (Boolean)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6146

def unexpected_kprobe_handler
  @unexpected_kprobe_handler
end

#unexpected_processes_in_runqueue ⇒ Boolean Also known as: unexpected_processes_in_runqueue?

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list. Corresponds to the JSON property unexpectedProcessesInRunqueue

Returns:

• (Boolean)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6153

def unexpected_processes_in_runqueue
  @unexpected_processes_in_runqueue
end

#unexpected_read_only_data_modification ⇒ Boolean Also known as: unexpected_read_only_data_modification?

True if unexpected modifications of kernel read-only data memory are present. Corresponds to the JSON property unexpectedReadOnlyDataModification

Returns:

• (Boolean)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6159

def unexpected_read_only_data_modification
  @unexpected_read_only_data_modification
end

#unexpected_system_call_handler ⇒ Boolean Also known as: unexpected_system_call_handler?

True if system call handlers that are are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedSystemCallHandler

Returns:

• (Boolean)

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6166

def unexpected_system_call_handler
  @unexpected_system_call_handler
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/securitycenter_v1/classes.rb', line 6174

def update!(**args)
  @name = args[:name] if args.key?(:name)
  @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
  @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
  @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
  @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
  @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
  @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
  @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
  @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
end