diff --git a/.github/workflows/ansible-playbook.yml b/.github/workflows/ansible-playbook.yml
index 9105946c..0c06f082 100644
--- a/.github/workflows/ansible-playbook.yml
+++ b/.github/workflows/ansible-playbook.yml
@@ -171,8 +171,10 @@ jobs:
       #  run: sudo grep '\[ Warning \]$' /var/log/rkhunter.log
       - name: Run Lynis
         run: sudo lynis audit system --skip-plugins --tests-from-group malware
-      - name: chmod Lynis & rkhunter logs
-        run: sudo chmod -c 644 /var/log/lynis.log /var/log/rkhunter.log
+      - name: chmod Lynis & rkhunter files
+        run: |
+          sudo chmod -c 644 /var/log/lynis.log /var/log/rkhunter.log /var/lib/rkhunter/db/rkhunter.dat
+          sudo chmod -c 755 /var/lib/rkhunter{,/db}
       - name: Archive Lynis log
         uses: actions/upload-artifact@v4
         with:
@@ -180,6 +182,7 @@ jobs:
           path: |
             /var/log/lynis.log
             /var/log/rkhunter.log
+            /var/lib/rkhunter/db/rkhunter.dat
       # MALW-3280
       # 2025-01-08 21:22:22 Result: no commercial anti-virus tools found
       # 2025-01-08 21:22:22 Hardening: assigned partial number of hardening points (0 of 3). Currently having 4 points (out of 7)
diff --git a/templates/rkhunter.conf.j2 b/templates/rkhunter.conf.j2
index 2ed0b1a1..cc0b535c 100644
--- a/templates/rkhunter.conf.j2
+++ b/templates/rkhunter.conf.j2
@@ -549,7 +549,7 @@ USER_FILEPROP_FILES_DIRS=/lib/{{ ansible_architecture }}-linux-gnu/security/*.so
 USER_FILEPROP_FILES_DIRS=/etc/sudoers
 USER_FILEPROP_FILES_DIRS=/etc/sudoers.d
 {% if stat_polkit_etc.stat.exists %}
-USER_FILEPROP_FILES_DIRS=/etc/polkit-1/rules.d/*.rules
+USER_FILEPROP_FILES_DIRS=/etc/polkit-1/rules.d
 USER_FILEPROP_FILES_DIRS=/usr/share/polkit-1/rules.d/*.rules
 USER_FILEPROP_FILES_DIRS=/usr/share/polkit-1/actions/*.policy
 {% endif %}