- non-executable stack
- address-space randomization
- role-based access control
- chroot hardening
- enhanced auditing
If you're looking for a quick way of downloading the latest stable Linux kernel with the grsecurity patch already applied, clone this git repository (which can be browsed here):
I also maintain an RSS feed (well, an Atom feed actually) keeping track of the latest grsecurity and PaX test patches:
Finally, make sure you run paxtest to make sure that the protections offered by grsecurity and PaX are properly enabled.