Lets not have our box owned, but what happens if it is owned ? Reboot then redirected syscalls , hidden files users and processes, system unstable. Most of the admins will then just halt, reinstall, copy back backups : well its when krd is useless - some admins will want to know why their box is so unstable, because of what backdoor/virus/whatever : this is when krd is usefull.
krd is indeed a /proc/kcore reader, that checks for various attack/backdoor/virus signatures - stuff like file integrity checker are usefull before your box is owned, but then useless - krd is usefull only when your box is owned or at least to check that your box is not owned -yet- .
. krd-pre0.1 can be downloaded on the download section : download
. general information on the structure and use of krd : general
. information on the use of the signature file : signatures
. information on the reader module of krd : reader
. information on the manual mode of krd : sniffing
. what google has to say about /proc/kcore ? here it can be found : google
. differents experiences with /proc/kcore can be found here : kcore
. differents test of use of krd can be found here : examples
. advantages and setbacks of krd can be found here : advsetbacks