diff --git a/data/fprintd.service.in b/data/fprintd.service.in
index 9ea7a2a..daca723 100644
--- a/data/fprintd.service.in
+++ b/data/fprintd.service.in
@@ -15,6 +15,8 @@ ProtectControlGroups=true
 StateDirectory=fprint
 ProtectHome=true
 PrivateTmp=true
+ProtectKernelLogs=yes
+SystemCallFilter=@system-service
 
 # Network
 PrivateNetwork=true
@@ -31,3 +33,8 @@ RestrictRealtime=true
 
 # Privilege escalation
 NoNewPrivileges=true
+TasksMax=1
+
+# Capabilities
+CapabilityBoundingSet=
+ProtectClock=yes