diff --git a/contrib/cronie.systemd b/contrib/cronie.systemd
index c8cd6f3..887c157 100644
--- a/contrib/cronie.systemd
+++ b/contrib/cronie.systemd
@@ -9,6 +9,24 @@ ExecReload=/bin/kill -URG $MAINPID
 KillMode=process
 Restart=on-failure
 RestartSec=30s
+KeyringMode=private
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=no
+PrivateDevices=no
+PrivateTmp=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=no
+ProtectHostname=yes
+ProtectKernelLogs=no
+ProtectKernelModules=yes
+ProtectKernelTunables=no
+ProtectProc=invisible
+ProtectSystem=no
+RestrictNamespaces=no
+RestrictRealtime=yes
+RestrictSUIDSGID=no
 
 [Install]
 WantedBy=multi-user.target