diff --git a/infrastructure/it-tools/docker-compose.it-tools.yml b/infrastructure/it-tools/docker-compose.it-tools.yml
index c2e7f21..12e914b 100644
--- a/infrastructure/it-tools/docker-compose.it-tools.yml
+++ b/infrastructure/it-tools/docker-compose.it-tools.yml
@@ -10,9 +10,12 @@ services:
       - caddy
     networks:
       - infra-network
+    read_only: false
     security_opt:
       - no-new-privileges:true
-    read_only: false
+    cap_drop:
+      - SYS_ADMIN
+
     deploy:
       resources:
         limits:
@@ -21,6 +24,7 @@ services:
         reservations:
           cpus: '0.001'
           memory: 20M
+
   it-tools1:
     image: corentinth/it-tools:latest
     container_name: it-tools1
@@ -31,9 +35,12 @@ services:
       - caddy
     networks:
       - infra-network
+    read_only: false
     security_opt:
       - no-new-privileges:true
-    read_only: false
+    cap_drop:
+      - SYS_ADMIN
+
     deploy:
       resources:
         limits:
diff --git a/infrastructure/picoshare/docker-compose.picoshare.yml b/infrastructure/picoshare/docker-compose.picoshare.yml
index fc23de1..617f117 100644
--- a/infrastructure/picoshare/docker-compose.picoshare.yml
+++ b/infrastructure/picoshare/docker-compose.picoshare.yml
@@ -16,9 +16,11 @@ services:
       - infra-network
     security_opt:
       - no-new-privileges:true
-    read_only: true
-    tmpfs:
-      - /tmp
+    read_only: false
+    cap_drop:
+      - SYS_ADMIN
+#    tmpfs:
+#      - /tmp
     deploy:
       resources:
         limits:
diff --git a/infrastructure/projectsend/docker-compose.projectsend.yml b/infrastructure/projectsend/docker-compose.projectsend.yml
index a6a6b39..bda7059 100644
--- a/infrastructure/projectsend/docker-compose.projectsend.yml
+++ b/infrastructure/projectsend/docker-compose.projectsend.yml
@@ -18,6 +18,8 @@ services:
       - infra-network
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - SYS_ADMIN
 
   # Database projectsend
   projectsend_db:
diff --git a/infrastructure/uptime-kuma/docker-compose.uptime-kuma.yml b/infrastructure/uptime-kuma/docker-compose.uptime-kuma.yml
index d9456b5..9f9575c 100644
--- a/infrastructure/uptime-kuma/docker-compose.uptime-kuma.yml
+++ b/infrastructure/uptime-kuma/docker-compose.uptime-kuma.yml
@@ -14,6 +14,8 @@ services:
       - infra-network
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - SYS_ADMIN
 
 volumes:
   uptimekuma_data: