diff --git a/cfg/cis-1.6/master.yaml b/cfg/cis-1.6/master.yaml
index 447fcf311197adc77a569693a94843f127e0c97e..989736bb2c1d1c00c323e60f1a1762e5c645b0c6 100644
--- a/cfg/cis-1.6/master.yaml
+++ b/cfg/cis-1.6/master.yaml
@@ -91,7 +91,8 @@ groups:
 
       - id: 1.1.7
         text: "Ensure that the etcd pod specification file permissions are set to 644 or more restrictive (Automated)"
-        audit: "/bin/sh -c 'if test -e $etcdconf; then stat -c permissions=%a $etcdconf; fi'"
+        audit: "/bin/sh -c 'if test -e $etcdconf; then find $etcdconf -name '*etcd*' | xargs stat -c permissions=%a; fi'"
+        use_multiple_values: true
         tests:
           test_items:
             - flag: "permissions"
@@ -106,7 +107,8 @@ groups:
 
       - id: 1.1.8
         text: "Ensure that the etcd pod specification file ownership is set to root:root (Automated)"
-        audit: "/bin/sh -c 'if test -e $etcdconf; then stat -c %U:%G $etcdconf; fi'"
+        audit: "/bin/sh -c 'if test -e $etcdconf; then find $etcdconf -name '*etcd*' | xargs stat -c %U:%G; fi'"
+        use_multiple_values: true
         tests:
           test_items:
             - flag: "root:root"
diff --git a/cfg/config.yaml b/cfg/config.yaml
index 55ff322e786080dc8f858ef43b41bd39d158a155..98ff0c4db83ecf16d2607e8731ad7b2a1fdc8586 100644
--- a/cfg/config.yaml
+++ b/cfg/config.yaml
@@ -81,6 +81,7 @@ master:
       - /var/snap/etcd/common/etcd.conf.yaml
       - /var/snap/microk8s/current/args/etcd
       - /usr/lib/systemd/system/etcd.service
+      - /etc/kubernetes/manifests
     defaultconf: /etc/kubernetes/manifests/etcd.yaml
 
   flanneld: