View Source GoogleApi.SecurityCenter.V1.Model.KernelRootkit (google_api_security_center v0.29.0)

Kernel mode rootkit signatures.

Attributes

  • name (type: String.t, default: nil) - Rootkit name, when available.
  • unexpectedCodeModification (type: boolean(), default: nil) - True if unexpected modifications of kernel code memory are present.
  • unexpectedFtraceHandler (type: boolean(), default: nil) - True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
  • unexpectedInterruptHandler (type: boolean(), default: nil) - True if interrupt handlers that are are not in the expected kernel or module code regions are present.
  • unexpectedKernelCodePages (type: boolean(), default: nil) - True if kernel code pages that are not in the expected kernel or module code regions are present.
  • unexpectedKprobeHandler (type: boolean(), default: nil) - True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.
  • unexpectedProcessesInRunqueue (type: boolean(), default: nil) - True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
  • unexpectedReadOnlyDataModification (type: boolean(), default: nil) - True if unexpected modifications of kernel read-only data memory are present.
  • unexpectedSystemCallHandler (type: boolean(), default: nil) - True if system call handlers that are are not in the expected kernel or module code regions are present.

Summary

Types

t()

Functions

decode(value, options)

Unwrap a decoded JSON object into its complex fields.

Types

Link to this type

t()

View Source 
@type t() :: %GoogleApi.SecurityCenter.V1.Model.KernelRootkit{
  name: String.t() | nil,
  unexpectedCodeModification: boolean() | nil,
  unexpectedFtraceHandler: boolean() | nil,
  unexpectedInterruptHandler: boolean() | nil,
  unexpectedKernelCodePages: boolean() | nil,
  unexpectedKprobeHandler: boolean() | nil,
  unexpectedProcessesInRunqueue: boolean() | nil,
  unexpectedReadOnlyDataModification: boolean() | nil,
  unexpectedSystemCallHandler: boolean() | nil
}

Functions

Link to this function

decode(value, options)

View Source 
@spec decode(struct(), keyword()) :: struct()

Unwrap a decoded JSON object into its complex fields.