diff --git a/roles/cis/tasks/main.yml b/roles/cis/tasks/main.yml
index 97f3bee..b5d2302 100644
--- a/roles/cis/tasks/main.yml
+++ b/roles/cis/tasks/main.yml
@@ -4,6 +4,7 @@
     - name: Disable Kernel Modules
       ansible.builtin.copy:
         dest: /mnt/etc/modprobe.d/cis.conf
+        mode: '0644'
         content: |
           CIS LVL 3 Restrictions
           install freevxfs        /bin/true
@@ -22,6 +23,7 @@
     - name: Create USB Rules
       ansible.builtin.copy:
         dest: /mnt/etc/udev/rules.d/10-cis_usb_devices.sh
+        mode: '0644'
         content: |
           By default, disable all.
           ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"
@@ -38,6 +40,7 @@
     - name: Create a consolidated sysctl configuration file
       ansible.builtin.copy:
         dest: /mnt/etc/sysctl.d/10-cis.conf
+        mode: '0644'
         content: |
           ## CIS Sysctl configurations
           net.ipv4.conf.all.log_martians = 1
diff --git a/roles/configuration/tasks/main.yml b/roles/configuration/tasks/main.yml
index 82b28fe..c0a8a76 100644
--- a/roles/configuration/tasks/main.yml
+++ b/roles/configuration/tasks/main.yml
@@ -39,6 +39,7 @@
           ansible.builtin.copy:
             content: "{{ hostname }}"
             dest: /mnt/etc/hostname
+            mode: '0644'
 
         - name: Add host entry to /etc/hosts
           ansible.builtin.lineinfile:
@@ -48,13 +49,15 @@
 
         - name: Create vconsole.conf
           ansible.builtin.copy:
-            content: KEYMAP=us-intl
+            content: KEYMAP=us
             dest: /mnt/etc/vconsole.conf
+            mode: '0644'
 
         - name: Create locale.conf
           ansible.builtin.copy:
             content: LANG=en_US.UTF-8
             dest: /mnt/etc/locale.conf
+            mode: '0644'
 
         - name: SSH permit Password
           ansible.builtin.replace:
@@ -131,6 +134,7 @@
           ansible.builtin.template:
             src: custom.sh.j2
             dest: /mnt/etc/profile.d/custom.sh
+            mode: '0644'
 
     - name: Setup Network
       block:
diff --git a/roles/environment/tasks/main.yml b/roles/environment/tasks/main.yml
index df6bcd2..cffe6ef 100644
--- a/roles/environment/tasks/main.yml
+++ b/roles/environment/tasks/main.yml
@@ -66,8 +66,10 @@
           ansible.builtin.file:
             path: /etc/yum.repos.d
             state: directory
+            mode: '0755'
 
         - name: Create RHEL repository file
           ansible.builtin.template:
             src: "{{ os | lower }}.repo.j2"
             dest: /etc/yum.repos.d/{{ os | lower }}.repo
+            mode: '0644'
diff --git a/roles/virtualization/tasks/libvirt.yml b/roles/virtualization/tasks/libvirt.yml
index ca00553..93415e6 100644
--- a/roles/virtualization/tasks/libvirt.yml
+++ b/roles/virtualization/tasks/libvirt.yml
@@ -21,6 +21,7 @@
   ansible.builtin.template:
     src: "{{ item.src }}"
     dest: /tmp/{{ item.dest_prefix }}-{{ hostname }}.yml
+    mode: '0644'
   loop:
     - { src: cloud-user-data.yml.j2, dest_prefix: cloud-user-data }
     - { src: cloud-network-config.yml.j2, dest_prefix: cloud-network-config }