LIDS (http://www.lids.org/)


Linux kernel patch for adding :
File protection
Process protection
Kernel Sealing (i/o mem, modules,...)
Misc 

Examples : 

lidsadm -A -s /usr/local/apache/bin/httpd -o CAP_NET_BIND -j GRANT
lidsadm -A -o /etc/shadow -j DENY
lidsadm -A -s /bin/login -o /etc/shadow -j READ