Class: Google::Apis::SecuritycenterV1beta1::KernelRootkit

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/securitycenter_v1beta1/classes.rb,
lib/google/apis/securitycenter_v1beta1/representations.rb,
lib/google/apis/securitycenter_v1beta1/representations.rb

Overview

Kernel mode rootkit signatures.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ KernelRootkit

Returns a new instance of KernelRootkit.



7705
7706
7707
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7705

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#nameString

Rootkit name, when available. Corresponds to the JSON property name

Returns:

  • (String) 


7649
7650
7651
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7649

def name
  @name
end

#unexpected_code_modificationBoolean Also known as: unexpected_code_modification?

True if unexpected modifications of kernel code memory are present. Corresponds to the JSON property unexpectedCodeModification

Returns:

  • (Boolean) 


7654
7655
7656
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7654

def unexpected_code_modification
  @unexpected_code_modification
end

#unexpected_ftrace_handlerBoolean Also known as: unexpected_ftrace_handler?

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range. Corresponds to the JSON property unexpectedFtraceHandler

Returns:

  • (Boolean) 


7661
7662
7663
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7661

def unexpected_ftrace_handler
  @unexpected_ftrace_handler
end

#unexpected_interrupt_handlerBoolean Also known as: unexpected_interrupt_handler?

True if interrupt handlers that are are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedInterruptHandler

Returns:

  • (Boolean) 


7668
7669
7670
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7668

def unexpected_interrupt_handler
  @unexpected_interrupt_handler
end

#unexpected_kernel_code_pagesBoolean Also known as: unexpected_kernel_code_pages?

True if kernel code pages that are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedKernelCodePages

Returns:

  • (Boolean) 


7675
7676
7677
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7675

def unexpected_kernel_code_pages
  @unexpected_kernel_code_pages
end

#unexpected_kprobe_handlerBoolean Also known as: unexpected_kprobe_handler?

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range. Corresponds to the JSON property unexpectedKprobeHandler

Returns:

  • (Boolean) 


7682
7683
7684
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7682

def unexpected_kprobe_handler
  @unexpected_kprobe_handler
end

#unexpected_processes_in_runqueueBoolean Also known as: unexpected_processes_in_runqueue?

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list. Corresponds to the JSON property unexpectedProcessesInRunqueue

Returns:

  • (Boolean) 


7689
7690
7691
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7689

def unexpected_processes_in_runqueue
  @unexpected_processes_in_runqueue
end

#unexpected_read_only_data_modificationBoolean Also known as: unexpected_read_only_data_modification?

True if unexpected modifications of kernel read-only data memory are present. Corresponds to the JSON property unexpectedReadOnlyDataModification

Returns:

  • (Boolean) 


7695
7696
7697
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7695

def unexpected_read_only_data_modification
  @unexpected_read_only_data_modification
end

#unexpected_system_call_handlerBoolean Also known as: unexpected_system_call_handler?

True if system call handlers that are are not in the expected kernel or module code regions are present. Corresponds to the JSON property unexpectedSystemCallHandler

Returns:

  • (Boolean) 


7702
7703
7704
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7702

def unexpected_system_call_handler
  @unexpected_system_call_handler
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
 
# File 'lib/google/apis/securitycenter_v1beta1/classes.rb', line 7710

def update!(**args)
  @name = args[:name] if args.key?(:name)
  @unexpected_code_modification = args[:unexpected_code_modification] if args.key?(:unexpected_code_modification)
  @unexpected_ftrace_handler = args[:unexpected_ftrace_handler] if args.key?(:unexpected_ftrace_handler)
  @unexpected_interrupt_handler = args[:unexpected_interrupt_handler] if args.key?(:unexpected_interrupt_handler)
  @unexpected_kernel_code_pages = args[:unexpected_kernel_code_pages] if args.key?(:unexpected_kernel_code_pages)
  @unexpected_kprobe_handler = args[:unexpected_kprobe_handler] if args.key?(:unexpected_kprobe_handler)
  @unexpected_processes_in_runqueue = args[:unexpected_processes_in_runqueue] if args.key?(:unexpected_processes_in_runqueue)
  @unexpected_read_only_data_modification = args[:unexpected_read_only_data_modification] if args.key?(:unexpected_read_only_data_modification)
  @unexpected_system_call_handler = args[:unexpected_system_call_handler] if args.key?(:unexpected_system_call_handler)
end