diff --git a/docs/alpine-desktop-setup/post-install/security.md b/docs/alpine-desktop-setup/post-install/security.md
index e69de29..3703743 100644
--- a/docs/alpine-desktop-setup/post-install/security.md
+++ b/docs/alpine-desktop-setup/post-install/security.md
@@ -0,0 +1,50 @@
+# Security
+
+There are a few things that have to be done to optimize the security of the system.
+
+## Apparmor and LSM
+
+Apparmor is a mandatory access control (MAC) mechanism which restricts a programs capabilities. Installation is easy:
+
+```
+# apk add apparmor apparmor-profiles
+# rc-update add apparmor default
+```
+
+Add apparmor and other "Linux Security Modules" to the `cmdline` in `/etc/kernel-hooks/secureboothook.conf`:
+
+```
+cmdline="... apparmor=1 lsm=landlock,lockdown,yama,integrity,apparmor"
+```
+
+Then reconfigure `kernel-hooks` and reboot for it to take effect:
+
+```
+# apk fix kernel-hooks
+# reboot
+```
+
+You can check the status of apparmor using `apparmor-utils`:
+
+```
+# apk add apparmor-utils
+# aa-status
+```
+
+## Cmdline
+
+There are a lot of kernel settings which can be passed to the command line. [https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel](Madadans-insecurity's page) describes each of their function and how they improve security of the system so lets add them to `/etc/kernel-hooks/secureboot.conf`:
+
+```
+cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off module.sig_enforce=1 lockdown=confidentiality mce=0 loglevel=0 iommu=force spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full mds=full l1ft=flush"
+```
+
+After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these most of the time come with a big performance hit so this should do for now.
+
+## Sysctl
+
+WIP
+
+## Hardened Malloc
+
+WIP