diff --git a/check/data b/check/data
index 73575b36db58ffb5aa38a2258bd3983a65c3f21d..1e888419db1ffa759a50e691b2f0d85cdddc1f2d 100644
--- a/check/data
+++ b/check/data
@@ -94,3 +94,25 @@ groups:
             op: eq
             value: "644"
           set: true
+
+    - id: 9
+      text: "test permissions"
+      audit: "/bin/sh -c 'if test -e $config; then stat -c %a $config; fi'"
+      tests:
+        bin_op: or
+        test_items:
+        - flag: "644"
+          compare:
+            op: eq
+            value: "644"
+          set: true
+        - flag: "640"
+          compare:
+            op: eq
+            value: "640"
+          set: true
+        - flag: "600"
+          compare:
+            op: eq
+            value: "600"
+          set: true
diff --git a/check/test_test.go b/check/test_test.go
index f605309a99c8735e918cff2280719e6dd49623cd..a0228c21dd39550da37d6d4c861ee3c4d0c8021b 100644
--- a/check/test_test.go
+++ b/check/test_test.go
@@ -86,6 +86,14 @@ func TestTestExecute(t *testing.T) {
 			controls.Groups[0].Checks[8],
 			"644",
 		},
+		{
+			controls.Groups[0].Checks[9],
+			"640",
+		},
+		{
+			controls.Groups[0].Checks[9],
+			"600",
+		},
 	}
 
 	for _, c := range cases {