diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 2af75cf..64d0208 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -97,6 +97,8 @@ raspbian_repository_use_sources: yes
 
 # System configuration
 
+global_fstab_file: "/etc/fstab"
+
 global_users_directory: "/home"
 
 # Application configurations
@@ -186,6 +188,7 @@ global_systemd_preset_directory: "/lib/systemd/system"
 global_systemd_configuration_directory: "/etc/systemd/system"
 global_systemd_journal_configuration_directory: "/etc/systemd/journald.conf.d"
 global_systemd_journal_max_storage: 1G
+global_systemd_login_service_name: "systemd-logind.service"
 global_systemd_network_directory: "/etc/systemd/network"
 global_systemd_network_service_name: "systemd-networkd.service"
 global_systemd_network_system_user: "systemd-network"
diff --git a/roles/common/tasks/kernel_hidepid.yml b/roles/common/tasks/kernel_hidepid.yml
new file mode 100644
index 0000000..6695e64
--- /dev/null
+++ b/roles/common/tasks/kernel_hidepid.yml
@@ -0,0 +1,37 @@
+---
+
+# protecting process list of users different than root
+# Source: https://wiki.archlinux.org/index.php/Security#hidepid
+
+- name: Configure group for reading other processes
+  group:
+    state: present
+    name: proc
+    system: yes
+
+- name: Configure proc mounting in fstab
+  lineinfile:
+    path: "{{ global_fstab_file }}"
+    regexp: '^\S+\s+/proc\s+proc\s+'
+    line: >-
+      proc /proc proc
+      nosuid,nodev,noexec,hidepid=2,gid=proc
+      0 0
+
+- name: Ensure configuration directory for systemd-logind service exists
+  file:
+    state: directory
+    path: "{{ global_systemd_configuration_directory }}/{{ global_systemd_login_service_name }}.d"
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,o=rx
+
+- name: Configure systemd-logind to adapt to hidepid setting
+  copy:
+    content: |
+      [Service]
+      SupplementaryGroups=proc
+    dest: "{{ global_systemd_configuration_directory }}/{{ global_systemd_login_service_name }}.d/hidepid.conf"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 16cb7c6..df0091f 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -9,6 +9,11 @@
 - name: Configure ufw
   import_tasks: ufw.yml
 
+- name: Enforce kernel security
+  import_tasks: kernel_hidepid.yml
+  tags:
+    - kernel_hidepid
+
 - name: Configure locales
   import_tasks: locales.yml