Linux kernel hardening The kernel is the most frequent
target for attackers. Having access to the kernel is the easiest
way to escalate users' privileges. Depending on the operating
system, Apache runs by default as the limited user nobody (on Red
Hat-based distributions such as CentOS) or www-data (on
Debian-based distros, including Ubuntu). Every attacker's aim is to
break out of the limited user and gain root access by exploiting a
vulnerability in the kernel.
Patching your kernel with grsecurity ensures that you stay
protected even against zero-day vulnerabilities. In addition,
Ksplice ensures that you apply all kernel updates on time to
minimize security risks.