diff --git a/shared/macros/10-ansible.jinja b/shared/macros/10-ansible.jinja
index ade125fc14a..8c1b8a3e038 100644
--- a/shared/macros/10-ansible.jinja
+++ b/shared/macros/10-ansible.jinja
@@ -570,6 +570,7 @@ The macro requires following parameters:
     line: '\1\2\3{{ missing_syscalls | join("\3") }}\4'
     backrefs: yes
     state: present
+    mode: g-rwx,o-rwx
   when: syscalls_found | length > 0 and missing_syscalls | length > 0
 
 - name: Add the audit rule to {{ audit_file }}
@@ -647,6 +648,7 @@ The following macro remediates Audit syscall rule in :code:`/etc/audit/audit.rul
     line: '\1\2\3{{ missing_syscalls | join("\3") }}\4'
     backrefs: yes
     state: present
+    mode: g-rwx,o-rwx
   when: syscalls_found | length > 0 and missing_syscalls | length > 0
 
 - name: Add the audit rule to {{ audit_file }}