diff --git a/00-default b/00-default
index 0a21efd..1811689 100644
--- a/00-default
+++ b/00-default
@@ -23,7 +23,7 @@ user root
 [df*]
 user root
 env.exclude none unknown binfmt_misc cgroup_root debugfs devpts devtmpfs fuse.gvfs-fuse-daemon iso9660 ramfs romfs rootfs rpc_pipefs squashfs udf
-env.exclude_re ^/run/user/ ^/sys/ ^/var/lib/docker ^/media/ ^/var/lib/mock/
+env.exclude_re ^/run/user/ ^/sys/ ^/var/lib/docker ^/var/lib/containers/storage/overlay ^/var/lib/mock/ ^/media/ ^/mnt$
 
 [exim*]
 group mail
diff --git a/munin-asyncd.service b/munin-asyncd.service
index 7dc783a..1396a2a 100644
--- a/munin-asyncd.service
+++ b/munin-asyncd.service
@@ -8,7 +8,10 @@ After=network.target network-online.target munin-node.service
 Type=simple
 User=munin
 ExecStart=/usr/sbin/munin-asyncd
-PrivateTmp=true
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
 TimeoutStopSec=20s
 
 [Install]
diff --git a/munin-node.service b/munin-node.service
index a48b60a..ac57e54 100644
--- a/munin-node.service
+++ b/munin-node.service
@@ -8,7 +8,10 @@ PartOf=munin-asyncd.service
 Type=forking
 ExecStart=/usr/sbin/munin-node
 PIDFile=/run/munin/munin-node.pid
-PrivateTmp=true
+PrivateDevices=no
+PrivateTmp=yes
+ProtectHome=read-only
+ProtectSystem=full
 TimeoutStopSec=30s
 
 [Install]
diff --git a/munin.spec b/munin.spec
index b403dd0..983ce7d 100644
--- a/munin.spec
+++ b/munin.spec
@@ -1,5 +1,5 @@
 Name:      munin
-Version:   2.0.51
+Version:   2.0.54
 Release:   1%{?dist}
 Summary:   Network-wide resource monitoring tool
 License:   GPLv2
@@ -683,6 +683,7 @@ fi
 %endif
 
 %{_bindir}/munindoc
+%{_bindir}/munin-get
 %{_sbindir}/munin-node
 %{_sbindir}/munin-node-configure
 %{_sbindir}/munin-run
@@ -753,6 +754,11 @@ fi
 
 
 %changelog
+* Tue Jan 21 2020 Kim B. Heino <b@bbbs.net> - 2.0.54-1
+- Upgrade to 2.0.54
+- Improve df's ignore list
+- Use systemd hardening options for node and asyncd
+
 * Sat Oct 19 2019 Kim B. Heino <b@bbbs.net> - 2.0.51-1
 - Upgrade to 2.0.51
 
diff --git a/sources b/sources
index f14c16d..16f47d9 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (munin-2.0.51.tar.gz) = 86e9d31cf755920fb42a1875c034847cdb0af4fab98d813c1362539f782e7c0c385c1c9c6653fafd7712bf54ce51f942fdb21f14204a7227b8cc95e11d9f388a
+SHA512 (munin-2.0.54.tar.gz) = 48bb785d6e40f940e265f2e4723c09ccb54a8218b7f76766a3be23f91d0eaa1180fd1698c50d738c95bb983c586345bf5f65d0dab0e16d40b22fc0121955756b