From 1c9c1b919c77e747bd1bfab5a414c849f10b3655 Mon Sep 17 00:00:00 2001
From: polski-g <polski_g@sent.at>
Date: Wed, 3 Sep 2025 09:55:00 -0400
Subject: [PATCH] 1.4.2: grep command should run in check_mode

Signed-off-by: polski-g <polski_g@sent.at>
---
 tasks/section_1/cis_1.4.x.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml
index c6c3aac..5969dff 100644
--- a/tasks/section_1/cis_1.4.x.yml
+++ b/tasks/section_1/cis_1.4.x.yml
@@ -52,6 +52,7 @@
         - name: "1.4.2 | AUDIT | Ensure permissions on bootloader config are configured | efi based system | capture current state"
           ansible.builtin.shell: grep "^[^#;]" /etc/fstab | grep '/boot/efi' | awk -F" " '{print $4}'
           changed_when: false
+          check_mode: false
           register: discovered_efi_fstab
 
         - name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured | efi based system | Build Options"