Additional Security in the Linux Kernel?

nyx asks: "Recently, I was looking for some way to improve security on my linux boxes. I found few linux patches like grsecurity, LIDS (now also as Linux Security Module), Medusa DS9. I'm testing grsecurity (and it's ACLs) now and I'm quite satisfied with it, but I wonder, what are pros and cons of other solutions. Anybody tried them and can share his experience with us?"

Additional Security

[SpanishInquisition]

Lock the door when you leave the computer room.

Re:Additional Security

[dirvish]

Remove the boot floppy from the disk drive.

zerg

[Lord+Omlette]

Let's hear it for NSA Security Enhanced Linux! Whoo!

If the NSA security enhanced your machine, would you even know about it? Suspect it?

Bastille

[pauly_thumbs]

I seem to remember kernel patches happening in Bastille Linux... but then again in these autumnal years .... i remember things that never happened more and more....

Stop writing code!

[captain_craptacular]

It's obvious that the only answer to this question is for all kernel developers to stop all productive activities for one month in order to sit through long and boring security lectures in groups of 500. After this month linux will be fully compliant with the "trusted security initiative" and will be magically bug free. Until such time as another bug is discovered.

Re:Simple security improvements

[Budgreen]

isn't this how M$ got NT certified?

all the above steps.. maybe not in that order :)