diff --git a/etc/sysctl.d/sysrq.conf b/etc/sysctl.d/sysrq.conf
new file mode 100644
index 0000000..266e275
--- /dev/null
+++ b/etc/sysctl.d/sysrq.conf
@@ -0,0 +1,2 @@
+# Allow only rebooting/shutting down with the SysRq key.
+kernel.sysrq=128
diff --git a/lib/systemd/system/remove-system-map.service b/lib/systemd/system/remove-system-map.service
new file mode 100644
index 0000000..89a028b
--- /dev/null
+++ b/lib/systemd/system/remove-system-map.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Removes the System.map files
+
+[Service]
+Type=oneshot
+ExecStart=/usr/lib/security-misc/remove-system.map
+
+[Install]
+WantedBy=multi-user.target
diff --git a/usr/lib/security-misc/remove-system.map b/usr/lib/security-misc/remove-system.map
new file mode 100644
index 0000000..10071f8
--- /dev/null
+++ b/usr/lib/security-misc/remove-system.map
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+shopt -s nullglob
+
+# Removes the System.map files as they are only used for debugging or malware.
+for filename in /boot/System.map-*
+do
+  if [ -f "${filename}" ]; then
+    rm -f "${filename}"
+  fi
+done