diff --git a/etc/systemd/system.conf.d/log4shell.conf b/etc/systemd/system.conf.d/log4shell.conf
new file mode 100644
index 00000000..85fe8ffc
--- /dev/null
+++ b/etc/systemd/system.conf.d/log4shell.conf
@@ -0,0 +1,5 @@
+# Mitigating log4shell exploit (CVE-2021-44228) systemd-wide
+
+[Manager]
+# NCSC-FI https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_38/2021?toggle=Lis%C3%A4tietoa%20ratkaisusta
+DefaultEnvironment="LOG4J_FORMAT_MSG_NO_LOOKUPS=true"