diff --git a/etc/sysctl.d/kexec.conf b/etc/sysctl.d/kexec.conf
new file mode 100644
index 0000000..cfe590a
--- /dev/null
+++ b/etc/sysctl.d/kexec.conf
@@ -0,0 +1,2 @@
+# Disables kexec which can be used to replace the running kernel 
+kernel.kexec_load_disabled=1