diff --git a/debian/freeradius.service b/debian/freeradius.service
index 99873c0..97efc66 100644
--- a/debian/freeradius.service
+++ b/debian/freeradius.service
@@ -17,12 +17,26 @@ Environment=HOSTNAME=%H
 # a leak somewhere.
 MemoryLimit=2G
 
-RuntimeDirectory=freeradius
+RuntimeDirectory=radiusd
 RuntimeDirectoryMode=0775
-ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout
-ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
+Group=radius
+User=radius
+ExecStartPre=/usr/sbin/radiusd $RADIUSD_OPTS -Cx -lstdout
+ExecStart=/usr/sbin/radiusd -f $RADIUSD_OPTS
+ExecReload=/usr/sbin/radiusd -C $RADIUSD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
 RestartSec=5
+ReadOnlyDirectories=/etc/raddb/
+ReadWriteDirectories=/var/log/radius/
+# Security options (https://github.com/FreeRADIUS/freeradius-server/issues/2637)
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
+PrivateTmp=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+SystemCallArchitectures=native
 
 [Install]
 WantedBy=multi-user.target