diff --git a/rc.local b/rc.local
new file mode 100644
index 0000000..ab673c6
--- /dev/null
+++ b/rc.local
@@ -0,0 +1,9 @@
+#!/bin/sh -e
+# Debian: /etc/rc.local
+
+##  Protect sh and bash init scripts         ##
+##  to prevent privilege escalation attacks  ##
+chfiles="/home/user/.bashrc /home/user/.bash_profile /home/user/.bash_login /home/user/.bash_logout /home/user/.profile"
+touch $chfiles || true
+chown -f root:root $chfiles
+chattr -f +i $chfiles