I played a lot with patches for kernel security (grsecurity, selinux, LIDS ) and I'm just curious about your opinion about this patches ... what patch is most used ? and why do you used ?
I selected selinux for myself, selinux seems to provide a more powerful solution then either grsecurity or LIDS is support it and
developing policies for common programs. BTW, selinux has an enhancement to the Linux kernel that implements mandatory access control (MAC) and role-based access control (RBAC) in Fedora Core 2 and later. I like this and rate this.
Come one! Selinux provides a powerful solution and at the same time, it's a pain in the ass to setup/customize! You have to work like a Dog!
I agree with above, it's very hard to configure selix.