diff --git a/debian/eg25-manager.service b/debian/eg25-manager.service
index 21030cd..3af1f99 100644
--- a/debian/eg25-manager.service
+++ b/debian/eg25-manager.service
@@ -6,6 +6,23 @@ Before=ModemManager.service
 Type=simple
 ExecStart=/usr/bin/eg25manager
 Restart=on-failure
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RestrictSUIDSGID=true
+PrivateTmp=true
+ProtectedKernelModules=true
+MemoryDenyWriteExecute=true
+PrivateMounts=true
+NoNewPrivileges=true
+CapabilityBoundingSet=
+ProtectProc=true
+ProtectDevices=true
+DeviceAllow=/dev/ttyS2
+LockPersonality=true
+ProtectClock=true
+ProtectKernelLog=true
 
 [Install]
 WantedBy=multi-user.target