diff --git a/roles/os_hardening/defaults/main.yml b/roles/os_hardening/defaults/main.yml
index 01f71cecd..c8eeb22a6 100644
--- a/roles/os_hardening/defaults/main.yml
+++ b/roles/os_hardening/defaults/main.yml
@@ -290,6 +290,16 @@ sysctl_config:
   # Mitigates CVE-2021-33909 and other exploits.
   kernel.unprivileged_userns_clone: 0
 
+  # For more info on the following settings see: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html
+  # Restrict FIFO special device creation behavior
+  fs.protected_fifos: 1
+  # Restrict hardlink creation behavior
+  fs.protected_hardlinks: 1
+  # Restrict regular files creation behavior
+  fs.protected_regular: 2
+  # Restrict symlink following behavior
+  fs.protected_symlinks: 1
+
 # Do not delete the following line or otherwise the playbook will fail
 # at task 'create a combined sysctl-dict if overwrites are defined'
 sysctl_overwrite: