GoogleApi.SecurityCenter.V1.Model.GoogleCloudSecuritycenterV2KernelRootkit (google_api_security_center v0.39.0)

View Source

Kernel mode rootkit signatures.

Attributes

  • name (type: String.t, default: nil) - Rootkit name, when available.
  • unexpectedCodeModification (type: boolean(), default: nil) - True if unexpected modifications of kernel code memory are present.
  • unexpectedFtraceHandler (type: boolean(), default: nil) - True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
  • unexpectedInterruptHandler (type: boolean(), default: nil) - True if interrupt handlers that are are not in the expected kernel or module code regions are present.
  • unexpectedKernelCodePages (type: boolean(), default: nil) - True if kernel code pages that are not in the expected kernel or module code regions are present.
  • unexpectedKprobeHandler (type: boolean(), default: nil) - True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
  • unexpectedProcessesInRunqueue (type: boolean(), default: nil) - True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
  • unexpectedReadOnlyDataModification (type: boolean(), default: nil) - True if unexpected modifications of kernel read-only data memory are present.
  • unexpectedSystemCallHandler (type: boolean(), default: nil) - True if system call handlers that are are not in the expected kernel or module code regions are present.

Summary

Types

t()

Functions

decode(value, options)

Unwrap a decoded JSON object into its complex fields.

Types

t()

@type t() ::
  %GoogleApi.SecurityCenter.V1.Model.GoogleCloudSecuritycenterV2KernelRootkit{
    name: String.t() | nil,
    unexpectedCodeModification: boolean() | nil,
    unexpectedFtraceHandler: boolean() | nil,
    unexpectedInterruptHandler: boolean() | nil,
    unexpectedKernelCodePages: boolean() | nil,
    unexpectedKprobeHandler: boolean() | nil,
    unexpectedProcessesInRunqueue: boolean() | nil,
    unexpectedReadOnlyDataModification: boolean() | nil,
    unexpectedSystemCallHandler: boolean() | nil
  }

Functions

decode(value, options)

@spec decode(struct(), keyword()) :: struct()

Unwrap a decoded JSON object into its complex fields.