diff --git a/scripts/debian/falco.service b/scripts/debian/falco.service
index 1a179f3e..0163e02b 100644
--- a/scripts/debian/falco.service
+++ b/scripts/debian/falco.service
@@ -8,22 +8,15 @@ ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
 UMask=0077
 TimeoutSec=30
 RestartSec=15s
-#Restart=always
 Restart=on-failure
-NoNewPrivileges=yes
 PrivateTmp=true
+NoNewPrivileges=yes
 ProtectHome=read-only
 ProtectSystem=full
 ProtectKernelTunables=true
 RestrictRealtime=true
-#RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictAddressFamilies=~AF_PACKET
 SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged
-# FIXME!
-# PANIC: unprotected error in call to Lua API (runtime code generation failed, restricted kernel?)
-# https://www.freelists.org/post/luajit/luajit-crashes-with-grsec-kernel,1
-# MemoryDenyWriteExecute=true
-# PrivateMounts=true
 
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/rpm/falco.service b/scripts/rpm/falco.service
index 1a179f3e..0163e02b 100644
--- a/scripts/rpm/falco.service
+++ b/scripts/rpm/falco.service
@@ -8,22 +8,15 @@ ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
 UMask=0077
 TimeoutSec=30
 RestartSec=15s
-#Restart=always
 Restart=on-failure
-NoNewPrivileges=yes
 PrivateTmp=true
+NoNewPrivileges=yes
 ProtectHome=read-only
 ProtectSystem=full
 ProtectKernelTunables=true
 RestrictRealtime=true
-#RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictAddressFamilies=~AF_PACKET
 SystemCallFilter=~@debug @mount @cpu-emulation @obsolete @privileged
-# FIXME!
-# PANIC: unprotected error in call to Lua API (runtime code generation failed, restricted kernel?)
-# https://www.freelists.org/post/luajit/luajit-crashes-with-grsec-kernel,1
-# MemoryDenyWriteExecute=true
-# PrivateMounts=true
 
 [Install]
 WantedBy=multi-user.target