diff --git a/templates/lstu.service.j2 b/templates/lstu.service.j2
index 74dc270..55531a2 100644
--- a/templates/lstu.service.j2
+++ b/templates/lstu.service.j2
@@ -14,5 +14,14 @@ ExecStart=/usr/bin/carton exec hypnotoad script/lstu
 ExecStop=/usr/bin/carton exec hypnotoad -s script/lstu
 ExecReload=/usr/bin/carton exec hypnotoad script/lstu
 
+# Hardening
+CapabilityBoundingSet=
+PrivateMounts=true
+PrivateTmp=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectSystem=strict
+ReadWritePaths=-{{ lstu.path }}
+
 [Install]
 WantedBy=multi-user.target