Please consider reviewing and merging hardening options from the linux-hardened project.https://github.com/anthraxx/linux-hardened
Also consider revieing this https://www.whonix.org/wiki/Hardened-kernel.Using an older kernel like the LTS Linux kernel will signifiocantly reduce the attack surface
