There are a lot of kernel settings which can be passed to the command line to make a system more secure. [Madaidans-insecurities page](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel) describes each of their function and how they improve security of the system so lets add them to `/etc/kernel-hooks/secureboot.conf`:
After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time so these settings should do for now.
> Whilst booting up your system you may see sysctl complaining about ipv6 setting. [It's getting worked on](https://git.bijl.us/lnco/documentation/issues/30).
More kernel settings can be configured through sysctl. All these settings are also explained on [Madaidans-insecurities page](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel). Edit the file `/etc/sysctl.d/main.conf`:
Musl's default memory allocator which comes with Alpine Linux is already pretty secure but not as secure as [hardened-malloc](https://github.com/GrapheneOS/hardened_malloc/):
```
# apk add hardened-malloc
```
Then to set it system wide edit `/etc/ld-musl-x86_64.path`: