grsecurity - anyone use it?


I am running DSO with mod_ruid2 (with Nginx Admin for front end reverse proxy, plus APC caching). This configuration is running smoothly, and many thanks to KnownHost's support group for installing and setting it up on my SSD-2 VPS.

mod_ruid2 does some good stuff, increasing security when running DSO. But I have read comments here and there that mod_ruid2 might still have a few security vulnerabilities (that suPHP does not have). While I don't really understand what the vulnerabilities are, I thought I would look into ways to further improve security.

grsecurity is mentioned in quite a few places, and has been widely used for 10+ years.

Does anyone on the forum have any experience using grsecurity?
Are there any performance hits by using it?

Hi Dmitry,

So in simple terms, this means it won't work at all and that you would not recommend it?

Thanks for the reply!
I think it means exactly what they say - they port and maintain "features of grsecurity most requested by users". Your application might be perfectly happy with this limited set of features or it might require something more exotic and fail.
Hi Dmitry,

Forgive me for my lack of understanding. So does this mean that grsecurity could be installed, and then activated with one of the standard settings of "low, medium, or high" that they state in their docs?

I really don't understand what "port and maintain" means? I thought grsecurity could be installed, but maybe not...