diff --git a/security-tool.sh b/security-tool.sh
index c6bc4e7003aa0149c5db584202432f0a88c75a83..af9f823566b518516a5586ee9078e631856a534e 100644
--- a/security-tool.sh
+++ b/security-tool.sh
@@ -974,12 +974,10 @@ function fn_main()
 	# harden grub2
         fn_harden_grub2
 
-        fn_harden_sysctl
-
         sed -i "s/^OPENEULER_SECURITY=.*$/OPENEULER_SECURITY=1/g" /etc/openEuler_security/security
     elif [ "x${OPENEULER_SECURITY}" = "x1" ]
     then
-        fn_harden_sysctl
+        :
     else
         echo "the value of OPENEULER_SECURITY is unexpected! please check it."
     fi
@@ -987,6 +985,9 @@ function fn_main()
     # harden user conf
     fn_harden_usr_conf
 
+    # Let the kernel parameters take effect immediately 
+    fn_harden_sysctl
+
     # disable the service in system start
     systemctl disable openEuler-security.service