For those who like to tinker, Gentoo has a now has a hardened 2.6 + SELinux kernel to play with. Of course, kernel 2.4.x is still recommended for production environments. . . .

hardened-dev-sources-2.6 is available for "testing"
Here is what you can get for the rock bottom 
bargain price of zero dollars and zero cents.
* linux-2.6.4
  (the kernel of course)
* grsec-core-2.0
  (vanilla snapshot from last night)
* grsec extras
  (the ability to audit text relocations)
* pax-status
  (displays runtime pax flags in /proc/#pid/status)
* selinux-hooks 
  (these allow selinux to hook directly into pax for policy enforcement)
* selinux-ipaddr 
  (this allows selinux to track ip address via policy or something)
* netdev-rand-core
  (framework that allows net devices to seed to the entropy pool)
* netdev-rand-drivers
 (drivers that actually do the entropy seeding)
I'd like to thank cluckj from irc.freenode.net/#gentoo-hardened for
testing almost every iteration of this while I was putting it together
last night. (thanks bud). I'd also like to thank albeiro as well for 
porting the netdev-rand stuff and accepting to become the maintainer of
those patches. Oh and of course I'd like to thank the usual list of
suspects..
Other than that happy bug hunting. If something does not work join the
hardened channel and pick a random nick and blame them cuz I'll plead
the 5th.
Oh wait one more thing.. If you really care about security you probably
should stick with 2.4.x
-peace
-- Ned Ludd  Gentoo Linux Developer