diff --git a/tasks/rhel7stig/auth.yml b/tasks/rhel7stig/auth.yml
index e048c650..4888b9cf 100644
--- a/tasks/rhel7stig/auth.yml
+++ b/tasks/rhel7stig/auth.yml
@@ -174,19 +174,28 @@
     - always
 
 - name: Set a GRUB 2 password for single-user/maintenance modes
-  blockinfile:
-    path: "{{ grub_custom_file }}"
-    insertbefore: EOF
-    marker: "# {mark} MANAGED BY ANSIBLE-HARDENING"
-    block: |
-      set superusers="root"
-      password_pbkdf2 root {{ security_grub_password_hash }}
-    state: present
+  block:
+    - blockinfile:
+        path: "{{ grub_custom_file }}"
+        insertbefore: EOF
+        marker: "# {mark} MANAGED BY ANSIBLE-HARDENING"
+        block: |
+          set superusers="root"
+          password_pbkdf2 root {{ security_grub_password_hash }}
+        state: present
+      notify:
+        - update grub config
+    - lineinfile:
+        path: "{{ grub_linux_file }}"
+        regexp: '^CLASS=.*'
+        line: 'CLASS="--class gnu-linux --class gnu --class os --unrestricted"'
+        state: present
+        backrefs: yes
+      notify:
+        - update grub config
   when:
     - grub_custom_file_check.stat.exists | bool
     - security_require_grub_authentication | bool
-  notify:
-    - update grub config
   tags:
     - auth
     - high
diff --git a/vars/main.yml b/vars/main.yml
index ae7ad8aa..1a0326f3 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -22,6 +22,8 @@
 
 ## grub custom configuration
 grub_custom_file: /etc/grub.d/40_custom
+## grub main linux configuration
+grub_linux_file: /etc/grub.d/10_linux
 
 ## auditd configuration
 auditd_config: