KernelRootkit

google_cloud_securitycenter_v2::model

Struct KernelRootkit 

Source 
#[non_exhaustive]
pub struct KernelRootkit {
    pub name: String,
    pub unexpected_code_modification: bool,
    pub unexpected_read_only_data_modification: bool,
    pub unexpected_ftrace_handler: bool,
    pub unexpected_kprobe_handler: bool,
    pub unexpected_kernel_code_pages: bool,
    pub unexpected_system_call_handler: bool,
    pub unexpected_interrupt_handler: bool,
    pub unexpected_processes_in_runqueue: bool,
    /* private fields */
}
Expand description

Kernel mode rootkit signatures.

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§name: String

Rootkit name, when available.

§unexpected_code_modification: bool

True if unexpected modifications of kernel code memory are present.

§unexpected_read_only_data_modification: bool

True if unexpected modifications of kernel read-only data memory are present.

§unexpected_ftrace_handler: bool

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

§unexpected_kprobe_handler: bool

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

§unexpected_kernel_code_pages: bool

True if kernel code pages that are not in the expected kernel or module code regions are present.

§unexpected_system_call_handler: bool

True if system call handlers that are are not in the expected kernel or module code regions are present.

§unexpected_interrupt_handler: bool

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

§unexpected_processes_in_runqueue: bool

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

Implementations§

Source§

impl KernelRootkit

Source

pub fn new() -> Self

Source

pub fn set_name<T: Into<String>>(self, v: T) -> Self

Sets the value of name.

§Example
let x = KernelRootkit::new().set_name("example");
Source

pub fn set_unexpected_code_modification<T: Into<bool>>(self, v: T) -> Self

Sets the value of unexpected_code_modification.

§Example
let x = KernelRootkit::new().set_unexpected_code_modification(true);
Source

pub fn set_unexpected_read_only_data_modification<T: Into<bool>>( self, v: T, ) -> Self

Sets the value of unexpected_read_only_data_modification.

§Example
let x = KernelRootkit::new().set_unexpected_read_only_data_modification(true);
Source

pub fn set_unexpected_ftrace_handler<T: Into<bool>>(self, v: T) -> Self

Sets the value of unexpected_ftrace_handler.

§Example
let x = KernelRootkit::new().set_unexpected_ftrace_handler(true);
Source

pub fn set_unexpected_kprobe_handler<T: Into<bool>>(self, v: T) -> Self

Sets the value of unexpected_kprobe_handler.

§Example
let x = KernelRootkit::new().set_unexpected_kprobe_handler(true);
Source

pub fn set_unexpected_kernel_code_pages<T: Into<bool>>(self, v: T) -> Self

Sets the value of unexpected_kernel_code_pages.

§Example
let x = KernelRootkit::new().set_unexpected_kernel_code_pages(true);
Source

pub fn set_unexpected_system_call_handler<T: Into<bool>>(self, v: T) -> Self

Sets the value of unexpected_system_call_handler.

§Example
let x = KernelRootkit::new().set_unexpected_system_call_handler(true);
Source

pub fn set_unexpected_interrupt_handler<T: Into<bool>>(self, v: T) -> Self

Sets the value of unexpected_interrupt_handler.

§Example
let x = KernelRootkit::new().set_unexpected_interrupt_handler(true);
Source

pub fn set_unexpected_processes_in_runqueue<T: Into<bool>>(self, v: T) -> Self

Sets the value of unexpected_processes_in_runqueue.

§Example
let x = KernelRootkit::new().set_unexpected_processes_in_runqueue(true);

Trait Implementations§

Source§

impl Clone for KernelRootkit

Source§

fn clone(&self) -> KernelRootkit

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for KernelRootkit

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for KernelRootkit

Source§

fn default() -> KernelRootkit

Returns the “default value” for a type. Read more
Source§

impl Message for KernelRootkit

Source§

fn typename() -> &'static str

The typename of this message.
Source§

impl PartialEq for KernelRootkit

Source§

fn eq(&self, other: &KernelRootkit) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl StructuralPartialEq for KernelRootkit

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,