diff --git a/sysctl.conf b/sysctl.conf
index fbe5eaa..d88b33a 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -63,6 +63,11 @@ kernel.pid_max = 4194304
 # reboot machine after kernel panic
 #kernel.panic = 10
 
+# restrict perf subsystem usage
+kernel.perf_event_paranoid = 2
+kernel.perf_cpu_time_max_percent = 1
+kernel.perf_event_max_sample_rate = 1
+
 ########## File System ##########
 
 # disallow core dumping by SUID/SGID programs
@@ -101,6 +106,9 @@ fs.inotify.max_user_watches = 524288
 
 ########## Virtualization ##########
 
+# do not allow mmap in lower addresses
+vm.mmap_min_addr = 65536
+
 # improve mmap ASLR effectness
 vm.mmap_rnd_bits=32
 vm.mmap_rnd_compat_bits=16