There are a number of tools that can further secure the Linux kernel. OpenWall, LIDS and Pax/grsecurity are all examples of modules that can be compiled into the kernel to perform this function. The changes they make to the source code greatly vary depending on the function of the tool. Some of the functions that kernel security modules introduce include Role-Based Access Control (RBAC), chrooting, buffer overflow protection, better handling of race conditions and additional auditing or intrusion detection.
I suggest reading the documentation for each tool and selecting the one that best suits your environment. Some tools require extensive setup and configuration, like SELinux and other ACL/RBAC-style tools, and others can be introduced without configuration, though you will need to still ensure your applications and daemons function correctly.
Related Q&A from James Turnbull
A user wants to implement OSSEC on a Windows server because he has no server side Linux operating system.continue reading
Solaris 10 Trusted Extensions and SELinux are best suited to different system requirements and administrator skill sets. Our security expert explains...continue reading
Configuring spam filters Spamassassin and dspam together in the email server Postfix is easy with the resources listed by our security expert.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.