diff --git a/handlers/main.yml b/handlers/main.yml
index e3a9c38..64b0aad 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -237,9 +237,7 @@
   changed_when: true
 
 - name: Auditd rules reload
-  when:
-    - not prelim_auditd_immutable_check or
-      '"No change" not in ubtu24cis_rule_6_2_3_21_grep -iR augen_check.stdout'
+  when: ('"No change" not in discovered_augenrules_check.stdout') or prelim_auditd_immutable_check.rc == 1
   ansible.builtin.command: augenrules --load
   changed_when: true
 
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index eba0b21..05c725c 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -218,7 +218,7 @@
 - name: "PRELIM | AUDIT | Check if auditd is immutable before changes"
   when: "'auditd' in ansible_facts.packages"
   tags: always
-  ansible.builtin.shell: auditctl -l | grep -c '-e 2'
+  ansible.builtin.shell: auditctl -s | grep "enabled 2"
   changed_when: false
   failed_when: prelim_auditd_immutable_check.rc not in [ 0, 1 ]
   register: prelim_auditd_immutable_check
diff --git a/tasks/section_6/cis_6.2.3.x.yml b/tasks/section_6/cis_6.2.3.x.yml
index 58db7d6..dbcbfa4 100644
--- a/tasks/section_6/cis_6.2.3.x.yml
+++ b/tasks/section_6/cis_6.2.3.x.yml
@@ -277,3 +277,4 @@
     - auditd
   ansible.builtin.command: augenrules --check
   changed_when: false
+  register: discovered_augenrules_check