diff --git a/defaults/main.yml b/defaults/main.yml
index 6c2af85..d37ae5e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1109,7 +1109,12 @@ ubtu24cis_journald_runtimekeepfree: "#RuntimeKeepFree="
 # ATTENTION: Uncomment the keyword below when values are set!
 ubtu24cis_journald_maxfilesec: "#MaxFileSec="
 
-# 6.1.3.8
+# 6.1.3.8 LOGRotate
+# Optional to alow logrotate to be installed
+# While it is required for 6.1.3.8 its not installed by default on minimal image
+# or required for CIS to be installed, but in order to achieve ability to install has been added
+ubtu24cis_logrotate_pkg_install: false
+
 # ubtu24cis_logrotate sets the daily, weekly, monthly, yearly value for the log rotation
 # To conform to CIS standards this just needs to comply with your site policy
 ubtu24cis_logrotate: "daily"
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index 05c725c..74ee0c7 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -256,3 +256,11 @@
     regexp: ^IPT_SYSCTL=.*
     line: IPT_SYSCTL=/etc/sysctl.conf
     mode: 'u-x,go-wx'
+
+- name: "OPTIONAL | PATCH | Install Logrotate if missing"
+  when:
+    - ubtu24cis_rule_6_1_3_8
+    - ubtu24cis_logrotate_pkg_install
+  ansible.builtin.package:
+    name: logrotate
+    state: present
diff --git a/tasks/section_6/cis_6.1.3.8.yml b/tasks/section_6/cis_6.1.3.8.yml
index 932801e..1c68890 100644
--- a/tasks/section_6/cis_6.1.3.8.yml
+++ b/tasks/section_6/cis_6.1.3.8.yml
@@ -1,7 +1,9 @@
 ---
 
 - name: "6.1.3.8 | PATCH | Ensure logrotate is configured"
-  when: ubtu24cis_rule_6_1_3_8
+  when:
+    - ubtu24cis_rule_6_1_3_8
+    - "'logrotate' in ansible_facts.packages"
   tags:
     - level1-server
     - level1-workstation