diff --git a/sysctl.conf b/sysctl.conf
index a661e09..3969fd5 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -288,3 +288,10 @@ net.ipv6.conf.all.accept_source_route = 0
 #net.ipv6.icmp.echo_ignore_all = 1
 #net.ipv6.icmp.echo_ignore_anycast = 1
 #net.ipv6.icmp.echo_ignore_multicast = 1
+
+
+# prevent unprivileged attackers from loading vulnerable line disciplines with the TIOCSETD ioctl
+dev.tty.ldisc_autoload = 0
+
+# disable syscall to the CAP_SYS_PTRACE capability
+vm.unprivileged_userfaultfd = 0