I am running grsecurity patches on a 2.6.10 kernel on my server, which acts as a public mail and web server, and runs rsync, sshd, and apop internally. Coupled with a strong iptables firewall, I have not yet had a problem. So yes, you can run grsecurity and still have a functioning server. I am not real familiar with selinux, but grsecurity generally just hardens your kernel, it does not add a security element to user space/filesystems etc. It is a very good patch to have, if you know what you're doing you can choose the features you want, or if not, just go with 'mid' level and a bunch of sensible options will be set up for you that shouldn't interfere with the day-to-day.
|