Hardening the kernel with grsecurity
Right. Sit down. This is the most demanding bit in the book. No worries, smile!
Linux is a flexible friend. We take a kernel, bung on bits and bobs and, tweaked, end up with a souped up server. The problem is, all too often, emphasis is placed on performance while security's left to a firewall, a few closed ports, and a large dose of wishful thinking.
Like a good guard dog, what we need is snarl and teeth. Not just at application level, but at the very heart of the system, its kernel. Let's go nuts.
Growling quietly with greater security
grsecurity from Brad "Spender" Spengler is a resource-light modular suite that patches a rack of Linux indiscretions. It's not exactly straightforward to set up, but once configured it can be largely ignored, not least of all due to the learning capability of its user controls.
As well as guarding against kernel calamities, its PaX component protects against memory exploits, there are tight constraints for chroot environments...
