diff --git a/debian/control b/debian/control
index 5ab1eb0..1e5f0a8 100644
--- a/debian/control
+++ b/debian/control
@@ -110,5 +110,7 @@ Description: enhances misc security settings
  .
  IOMMU is enabled with a boot parameter to prevent DMA attacks.
  .
+ Coredumps are disabled as they may contain important information such as encryption keys or passwords.
+ .
  A systemd service mounts /proc with hidepid=2 at boot to prevent users from seeing each other's processes.
  .
diff --git a/etc/security/limits.d/disable-coredumps.conf b/etc/security/limits.d/disable-coredumps.conf
new file mode 100644
index 0000000..ea7c414
--- /dev/null
+++ b/etc/security/limits.d/disable-coredumps.conf
@@ -0,0 +1,2 @@
+# Disable coredumps.
+* hard core 0
diff --git a/etc/sysctl.d/coredumps.conf b/etc/sysctl.d/coredumps.conf
new file mode 100644
index 0000000..9ac4548
--- /dev/null
+++ b/etc/sysctl.d/coredumps.conf
@@ -0,0 +1,3 @@
+# Disables coredumps. This setting may be overwritten by systemd so this may not be useful.
+# security-misc also disables coredumps in other ways.
+kernel.core_pattern=|/bin/false
diff --git a/etc/sysctl.d/suid_dumpable.conf b/etc/sysctl.d/suid_dumpable.conf
new file mode 100644
index 0000000..1ed3b79
--- /dev/null
+++ b/etc/sysctl.d/suid_dumpable.conf
@@ -0,0 +1,2 @@
+# Prevent setuid processes from creating coredumps.
+fs.suid_dumpable=0
diff --git a/lib/systemd/system/coredump.conf.d/disable-coredumps.conf b/lib/systemd/system/coredump.conf.d/disable-coredumps.conf
new file mode 100644
index 0000000..519f838
--- /dev/null
+++ b/lib/systemd/system/coredump.conf.d/disable-coredumps.conf
@@ -0,0 +1,2 @@
+[Coredump]
+Storage=none