diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml
index ba888e0..7d18f17 100644
--- a/roles/base/handlers/main.yml
+++ b/roles/base/handlers/main.yml
@@ -1,3 +1,8 @@
 ---
 - name: newaliases
   shell: smtpctl update table aliases
+
+- name: remount /tmp
+  command: mount -u -o noexec /tmp
+  args:
+    warn: false
diff --git a/roles/base/tasks/fstab.yml b/roles/base/tasks/fstab.yml
new file mode 100644
index 0000000..7112137
--- /dev/null
+++ b/roles/base/tasks/fstab.yml
@@ -0,0 +1,78 @@
+---
+- name: Fetch fstab content
+  command: "grep -v '^#' /etc/fstab"
+  check_mode: false
+  register: fstab_content
+  failed_when: false
+  changed_when: false
+  tags:
+    - fstab
+
+- name: / partition is customized - softdep
+  replace:
+    dest: /etc/fstab
+    regexp: '(\s+/\s+\S+\s+rw)(.*)'
+    replace: '\1,softdep\2'
+  when:
+    - fstab_content.stdout | regex_search('\s/\s')
+    - not (fstab_content.stdout | regex_search('\s+/\s+\S+\s+rw,softdep'))
+  tags:
+    - fstab
+
+- name: /var partition is customized - softdep
+  replace:
+    dest: /etc/fstab
+    regexp: '(\s+/var\s+\S+\s+rw)(.*)'
+    replace: '\1,softdep\2'
+  when:
+    - fstab_content.stdout | regex_search('\s/var\s')
+    - not (fstab_content.stdout | regex_search('\s+/var\s+\S+\s+rw,softdep'))
+  tags:
+    - fstab
+
+- name: /usr partition is customized - softdep
+  replace:
+    dest: /etc/fstab
+    regexp: '(\s+/usr\s+\S+\s+rw)(.*)'
+    replace: '\1,softdep\2'
+  when:
+    - fstab_content.stdout | regex_search('\s/usr\s')
+    - not (fstab_content.stdout | regex_search('\s+/usr\s+\S+\s+rw,softdep'))
+  tags:
+    - fstab
+
+- name: /tmp partition is customized - noexec
+  replace:
+    dest: /etc/fstab
+    regexp: '(\s+/tmp\s+\S+\s+rw(,softdep)*)(.*)'
+    replace: '\1,noexec\3'
+  when:
+    - fstab_content.stdout | regex_search('\s/tmp\s')
+    - not (fstab_content.stdout
+      | regex_search('\s+/tmp\s+\S+\s+rw,(softdep,)*noexec'))
+  tags:
+    - fstab
+
+- name: /tmp partition is customized - softdep
+  replace:
+    dest: /etc/fstab
+    regexp: '(\s+/tmp\s+\S+\s+rw)(.*)'
+    replace: '\1,softdep\2'
+  notify: remount /tmp
+  when:
+    - fstab_content.stdout | regex_search('\s/tmp\s')
+    - not (fstab_content.stdout
+      | regex_search('\s+/tmp\s+\S+\s+rw,(noexec,)*softdep'))
+  tags:
+    - fstab
+
+- name: /home partition is customized - softdep
+  replace:
+    dest: /etc/fstab
+    regexp: '(\s+/home\s+\S+\s+rw)(.*)'
+    replace: '\1,softdep\2'
+  when:
+    - fstab_content.stdout | regex_search('\s/home\s')
+    - not (fstab_content.stdout | regex_search('\s+/home\s+\S+\s+rw,softdep'))
+  tags:
+    - fstab
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 3b1ca7a..bd467b3 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -9,3 +9,4 @@
 - include: evobackup.yml
 - include: newsyslog.yml
 - include: cron.yml
+- include: fstab.yml