diff --git a/lib/systemd/system/harden-module-loading.service b/lib/systemd/system/harden-module-loading.service
new file mode 100644
index 0000000..703658c
--- /dev/null
+++ b/lib/systemd/system/harden-module-loading.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Disable the loading of modules to the kernel after startup. This could be malicious.
+After=systemd-modules-load.service
+Before=sysinit.target
+# This functionality is implemented with this and not directly in the sysctl config is
+# to allow systemd-modules-load.service to load the modules with no problem but
+# to disallow anyone else do the same after the system boots up.
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/security-misc/disable-kernel-module-loading
+
+[Install]
+WantedBy=sysinit.target
diff --git a/usr/libexec/security-misc/disable-kernel-module-loading b/usr/libexec/security-misc/disable-kernel-module-loading
new file mode 100644
index 0000000..6d4d25d
--- /dev/null
+++ b/usr/libexec/security-misc/disable-kernel-module-loading
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+sysctl -w kernel.modules_disabled=1
+
+echo "The loading of new modules to the kernel has been disabled by security-misc"