diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 9a943fffa..5a67f1795 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -45,6 +45,10 @@ kernel.kptr_restrict = 2
 # Avoid kernel memory address exposures via dmesg.
 kernel.dmesg_restrict = 1
 
+# Improve KASLR effectiveness for mmap
+vm.mmap_rnd_bits = 32
+vm.mmap_rnd_compat_bits = 16
+
 # Minimal preemption granularity for CPU-bound tasks:
 # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
 kernel.sched_min_granularity_ns = 10000000