GoogleCloudSecuritycenterV2KernelRootkit
import type { GoogleCloudSecuritycenterV2KernelRootkit } from "https://googleapis.deno.dev/v1/securitycenter:v1.ts";
Kernel mode rootkit signatures.
interface GoogleCloudSecuritycenterV2KernelRootkit {
name?: string;
unexpectedCodeModification?: boolean;
unexpectedFtraceHandler?: boolean;
unexpectedInterruptHandler?: boolean;
unexpectedKernelCodePages?: boolean;
unexpectedKprobeHandler?: boolean;
unexpectedProcessesInRunqueue?: boolean;
unexpectedReadOnlyDataModification?: boolean;
unexpectedSystemCallHandler?: boolean;
}§Properties
§
unexpectedCodeModification?: boolean
[src]True if unexpected modifications of kernel code memory are present.
§
unexpectedFtraceHandler?: boolean
[src]True if ftrace
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
§
unexpectedInterruptHandler?: boolean
[src]True if interrupt handlers that are are not in the expected kernel or module code regions are present.
§
unexpectedKernelCodePages?: boolean
[src]True if kernel code pages that are not in the expected kernel or module code regions are present.
§
unexpectedKprobeHandler?: boolean
[src]True if kprobe
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
§
unexpectedProcessesInRunqueue?: boolean
[src]True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.