diff --git a/shared/bash_remediation_functions/fix_audit_syscall_rule.sh b/shared/bash_remediation_functions/fix_audit_syscall_rule.sh
index 5cc130a0236..d95aedba395 100644
--- a/shared/bash_remediation_functions/fix_audit_syscall_rule.sh
+++ b/shared/bash_remediation_functions/fix_audit_syscall_rule.sh
@@ -204,6 +204,7 @@ then
 	local auid_string=$([[ $auid_filters ]] && echo " $auid_filters")
 	local full_rule="${action_arch_filters}${syscall_string}${other_string}${auid_string} -F key=${key}"
 	echo "$full_rule" >> "$default_file"
+	chmod o-rwx ${default_file}
 else
 	# Check if the syscalls are declared as a comma separated list or
 	# as multiple -S parameters
diff --git a/shared/macros-ansible.jinja b/shared/macros-ansible.jinja
index b26966238a2..6c9c53a07db 100644
--- a/shared/macros-ansible.jinja
+++ b/shared/macros-ansible.jinja
@@ -467,6 +467,7 @@ The macro requires following parameters:
     path: '{{ audit_file }}'
     line: "{{{ action_arch_filters }}}{{{ syscall_flag }}}{{ syscalls | join(',') }}{{{ other_filters }}}{{{ auid_filters}}} -F key={{{ key }}}"
     create: true
+    mode: o-rwx
     state: present
   when: syscalls_found | length == 0
 {{%- endmacro %}}
@@ -535,6 +536,7 @@ The macro requires following parameters:
     path: '{{ audit_file }}'
     line: "{{{ action_arch_filters }}}{{{ syscall_flag }}}{{ syscalls | join(',') }}{{{ other_filters }}}{{{ auid_filters}}} -F key={{{ key }}}"
     create: true
+    mode: o-rwx
     state: present
   when: syscalls_found | length == 0
 {{%- endmacro %}}