diff --git a/research/hardened.mdwn b/research/hardened.mdwn
new file mode 100644
index 0000000000000000000000000000000000000000..15acd1720dcb48835913ce573028daddfc5de91d
--- /dev/null
+++ b/research/hardened.mdwn
@@ -0,0 +1,28 @@
+[[!meta title="Hardened OS"]]
+
+grsecurity
+----------
+
+Basic install:
+
+    sudo apt-get -t jessie-backports install linux-image-4.9.0-2-grsec-amd64 linux-image-grsec-amd64
+    sudo apt-get install paxtest
+    sudo usermod -aG grsec-tpe `whoami`
+
+As root:
+
+    echo "kernel.grsecurity.rwxmap_logging = 0" > /etc/sysctl.d/kernel.grsecurity.rwxmap_logging.conf 
+    echo "kernel.grsecurity.grsec_lock = 1"     > /etc/sysctl.d/kernel.grsecurity.grsec_lock.conf
+
+As regular user, after reboot:
+
+    paxctl -cm /usr/bin/git-annex
+    paxctl -cm /usr/bin/qemu-img
+    paxctl -cm /usr/bin/qemu-system-x86_64
+
+References
+----------
+
+* https://micahflee.com/2016/01/debian-grsecurity/
+* https://nixaid.com/grsec-in-docker/
+* https://hardenedlinux.github.io/