diff --git a/install/install.py b/install/install.py
index 732486032..1554286df 100755
--- a/install/install.py
+++ b/install/install.py
@@ -664,6 +664,16 @@ class preFlightsChecks:
         command = 'mount -o remount,rw,hidepid=2 /proc'
         preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)
 
+        ## symlink protection
+
+        writeToFile = open('/usr/lib/sysctl.d/50-default.conf', 'a')
+        writeToFile.writelines('fs.protected_hardlinks = 1\n')
+        writeToFile.writelines('fs.protected_symlinks = 1\n')
+        writeToFile.close()
+
+        command = 'sysctl --system'
+        preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)
+
         ###
 
     def install_unzip(self):
diff --git a/plogical/upgrade.py b/plogical/upgrade.py
index e6c01a0da..c6c7f8eff 100755
--- a/plogical/upgrade.py
+++ b/plogical/upgrade.py
@@ -2097,6 +2097,16 @@ echo $oConfig->Save() ? 'Done' : 'Error';
             command = 'chmod 750 /usr/local/lsws/logs'
             Upgrade.executioner(command, 0)
 
+            ## symlink protection
+
+            writeToFile = open('/usr/lib/sysctl.d/50-default.conf', 'a')
+            writeToFile.writelines('fs.protected_hardlinks = 1\n')
+            writeToFile.writelines('fs.protected_symlinks = 1\n')
+            writeToFile.close()
+
+            command = 'sysctl --system'
+            Upgrade.executioner(command, 0)
+
             Upgrade.stdOut("Permissions updated.")
 
         except BaseException as msg: