What's the most secure and powerful kernel enhancement/patch RSBAC SeLinux GrSecurity or AppArmor and can you point to any quick tutorials on getting started with that enhancement?

Powerful how? Defending against what?

Please be specific about which threat you are trying to mitigate.

Hi win32sux I only ask to try building a fortress and the kernel is the jumping point.
I say quick tutorials because I will do more work after the whole system is up and running.
O and sorry for using Exclamation icon by mistake.

I understand that, but a fortress is designed to protect against specific threats. For example, you could use really tall walls in order to prevent individuals from bypassing the main entrance. The main entrance could use very narrow hallways, so that crowds can't get through. In both examples, the fortress' defensive measures were intended for specific threats (individuals in the first example, crowds in the second). The same concept applies to information security. You don't just throw miscellaneous security measures around and hope something sticks. The security tools you use need to be selected in a well thought out manner.

I agree. SE Linux definately is the first LSM to look at in terms of development (present and future), distribution integration, general support, implementation flexibility and (enterprise) usage. OTOH GRSecurity reinforces the kernel in terms of say chrooting no other LSM does. So it still depends on what distribution you're running, what the machines purpose is, its location in the network, the hardening you've done and say OTF vs maintenance trade-off to decide what you would need.

What am I doing this for is the question and the answer is to create a hardened fortress to be used by the general public for anyone with hi security in mind.
like any of http://lwn.net/Distributions/#secure might be
I intend to do more customization later but for now I'm looking only at the kernel patches not the configuration files that go with them and yes I know that part of this choice is how I intend to configure but the brute of what I need now is all around maximum security.

here is a quick start at centos 5.2

http://oss.tresys.com/projects/clip

This is "possibly" one of the securest setups that i have yet to come across. they maintain the selinux reference policy.

you can also apply grsecurity to this setup (not an easy process) so that the outcome would be grsecurity and selinux both working on the same system but performing very different functions.

Such a thing doesn't exist, so you're expectations aren't realistic. That said, your best bet at pursuing this path sounds like one of those hardened distros. This way you not only get a head start, but also benefit from the testing provided by the install base. slimm609's suggestion sounds like a really interesting option in that regard, and you should definitely look into it. Another alternative could be to read the Hardened Linux From Scratch (HLFS) instructions to get some good ideas about what modifications you can make to your favorite distro.

The OP seems to be describing a , which is a useful search term.

I'm not sure that the rest of us can do much more to help, unless you are going to be more specific about one or more of the following

• what the box does
• something about where it sits in your network arch
• what threats you would like to defend against