If you do not know yet what is grsec / grsecurity, a good starting point is http://grsecurity.net/.
For linux, grsecurity is a “Holy Grail” in security. In addition, it will get rid of a problem that has linux and that irritates me me:
ps aux (after any user can see all processes.)

In this short tutorial I will show you how to install the debian grsecurity, without configure it from source .

linuxsrv ~ # echo “deb http://debian.cr0.org/repo/ kernel-security/” >> /etc/apt/sources.list
linuxsrv ~ # curl -o kernel-security.asc http://kernelsec.cr0.org/kernel-security.asc
linuxsrv ~ # apt-key add kernel-security.asc
linuxsrv ~ # apt-get update
linuxsrv ~ # apt-get install linux-image-2.6.32.15-1-grsec

If you want the sources from linux-image-2.6.32.15-1-grsec:

linuxsrv ~ # apt-get install linux-source-2.6.32.15-1-grsec
If you need paxctl to set flags on binary (PAGEEXEC, EMUTRMAP, MPROTECT, RANDMMAP, RANDEXEC and SEGMEXEC)

linuxsrv ~ # apt-get install paxctl

After the kernel installed , if you want simlink’s “vmlinuz” and “vmlinuz.old” in “/”, you can delete and then change the ‘lilo.conf’. On this server looks like this:

image=/boot/vmlinuz-2.6.32.15-1-grsec
label=Linux
read-only
initrd=/boot/initrd.img-2.6.32.15-1-grsec

image=/boot/vmlinuz-2.6.32-5-amd64
label=LinuxOLD
read-only
optional
initrd=/boot/initrd.img-2.6.32-5-amd64

Do not forget to lilo-v after the changes. If you are not experienced with OS boot I will not advise you to try changing the kernel. It is recommended that you have access to a console ipkvm / ILO / dell devil.

Reference links:

http://kernelsec.cr0.org/

http://pax.grsecurity.net/

http://grsecurity.net/

Recommended:

http://en.wikibooks.org/wiki/Grsecurity