Adds improved address space randomization for user space processes, restricts access to kernel logs & pointers, and various compil time config options. https://wiki.archlinux.org/index.php/Security#Kernel_hardening
Was terrifying removing linux and linux-headers. It broke, but I managed to correct Grub.
I blogged about it. Mostly in case I stuffed it up like that again!!
Don't be overconfident people. I didn't break anything (thankfully) but do make use of the scripts available.
*I might be reading a book on the Linux Kernel and prematurely starting to think I was all clever and stuff. 😆 😹
Don't follow me I'm lost too etc.
@david_ross I haven't tried the hardened but am pretty sure you do not need to remove the original one. I have linux and linux-zen kernel installed and chose during boot which one I want to use. So if an update of linux-zen get corrupted I can easily just boot the original kernel. Many do this with linux-lts kernel. I have also made custom kernels in the past.
So I would recommend that not uninstalling the original... as it is not needed. It is good to have multiple installed.
@david_ross I currently have both linux and linux-hardened installed, with -hardened as default. The funny thing is, I did it because I needed user namespaces, which are too insecure to enable by default, and upstream has no sysctl knob, but -hardened does. So I run -hardened to get a less secure system.