krd pre 1.0
Guillaume R <guill@ism-o.com> - 2005 - GPL
INTRO
krd reads /proc/kcore (if supported by your kernel) to check for set of datas into it , to give you an interesting idea of whats going on into your server memory/kernel.. This can be used to detect attempts to execute suspicious programs (./sk ./adore ./whatever) - or could be used to detect a worm backdoor or other virus running silently (or not) into your kernel (the OSF string means an ELF infector GMON.A is playing with your server)
INSTALLATION
make
make install
make clean
USAGE :
edit /usr/local/etc/signatures.krd
add HEX signatures and descriptions (send them to me, so i can add them in the next versions)
RUN KRD INTO MANUAL MODE:
krd -c 0A0B0C0D0E
this will look up into kcore for the set of data in hex 0xa0xb0xc0xd0xe
RUN KRD INTO AUTOMATIC MODE:
krd
it will use the /usr/local/etc/signatures.krd and lookup for signatures inside into kcore.