From a18fc7df7243dd5d398c66230dfd3f24bac9f704 Mon Sep 17 00:00:00 2001
From: Karl DeBisschop <kdebisschop@gmail.com>
Date: Sun, 24 Mar 2024 17:11:45 -0400
Subject: [PATCH] Do not make bootloader config less secure

Signed-off-by: Karl DeBisschop <kdebisschop@gmail.com>
---
 tasks/section_1/cis_1.4.x.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml
index a58aa57..a7ef03c 100644
--- a/tasks/section_1/cis_1.4.x.yml
+++ b/tasks/section_1/cis_1.4.x.yml
@@ -50,6 +50,7 @@
             mode: 0600
         when:
             - ubtu20cis_1_4_2_grub_cfg_status.stat.exists
+            - ubtu20cis_1_4_2_grub_cfg_status.stat.mode != "0400"
   when:
       - ubtu20cis_rule_1_4_2
   tags: