diff --git a/.travis.yml b/.travis.yml
index 633438c..2c5e56d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,6 +22,7 @@ addons:
     - libcap-dev
     - python-pip
     - python-virtualenv
+    - hardening-includes
 
 script: ./ci/run_build.sh
 
diff --git a/Dockerfile b/Dockerfile
index 0c7d8cf..a93ca89 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 FROM ubuntu:precise
 
 RUN apt-get update \
- && apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv \
+ && apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv hardening-includes \
  && rm -rf /var/lib/apt/lists/*
 
 # Pre-install those here for faster local builds.
diff --git a/ci/run_build.sh b/ci/run_build.sh
index e30eb20..2145aa9 100755
--- a/ci/run_build.sh
+++ b/ci/run_build.sh
@@ -50,40 +50,43 @@ popd
 # Smoke tests (actual tests need Docker to run; they don't run within the CI environment)
 for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
   echo "Smoke test for $tini"
-  $tini -h
+  "${tini}" -h
 
   echo "Testing $tini with: true"
-  $tini -vvv true
+  "${tini}" -vvv true
 
   echo "Testing $tini with: false"
-  if $tini -vvv false; then
+  if "${tini}" -vvv false; then
     exit 1
   fi
 
   # Test stdin / stdout are handed over to child
   echo "Testing pipe"
-  echo "exit 0" | $tini -vvv sh
+  echo "exit 0" | "${tini}" -vvv sh
   if [[ ! "$?" -eq "0" ]]; then
     echo "Pipe test failed"
     exit 1
   fi
 
-  # Move files to the dist dir for testing
-  mkdir -p "${DIST_DIR}"
-  cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}"
-
-  # Quick audit
-  if which rpm; then
-    echo "Contents for RPM:"
-    rpm -qlp "${DIST_DIR}/tini"*.rpm
-  fi
-
-  if which dpkg; then
-    echo "Contents for DEB:"
-    dpkg --contents "${DIST_DIR}/tini"*deb
-  fi
+  echo "Checking hardening on $tini"
+  hardening-check --nopie --nostackprotector --nobindnow "${tini}"
 done
 
+# Move files to the dist dir for testing
+mkdir -p "${DIST_DIR}"
+cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}"
+
+# Quick package audit
+if which rpm; then
+  echo "Contents for RPM:"
+  rpm -qlp "${DIST_DIR}/tini"*.rpm
+fi
+
+if which dpkg; then
+  echo "Contents for DEB:"
+  dpkg --contents "${DIST_DIR}/tini"*deb
+fi
+
 # Compile test code
 "${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c"
 
diff --git a/tpl/travis.yml.tpl b/tpl/travis.yml.tpl
index 57df6e5..fc29d0a 100644
--- a/tpl/travis.yml.tpl
+++ b/tpl/travis.yml.tpl
@@ -22,6 +22,7 @@ addons:
     - libcap-dev
     - python-pip
     - python-virtualenv
+    - hardening-includes
 
 script: ./ci/run_build.sh