Does some basic things to reduce system attack surface. Primarily it will disable kernel module loading after boot to prevent security bugs in unused modules from being used to compromise a system. WARNING: This may prevent hardware and other subsystems from working, be sure to read the documentation before rebooting.