diff --git a/lib/lib_hardening_ultra.sh b/lib/lib_hardening_ultra.sh
index be00349..cf357b3 100644
--- a/lib/lib_hardening_ultra.sh
+++ b/lib/lib_hardening_ultra.sh
@@ -70,11 +70,15 @@ hardening_ultra() {
   if [[ ! -d "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot" ]]; then
 
     mkdir -p "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot"
-    cp -af ./config/includes.chroot "${VAR_HANDLER_BUILD_DIR}/config"
+    rsync -aHAX --delete ./config/includes.chroot/ "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/"
+    chmod 0755 ./config/includes.chroot/etc/ciss/keys
+    chmod 0444 ./config/includes.chroot/etc/ciss/keys/*
 
   else
 
-    cp -af ./config/includes.chroot "${VAR_HANDLER_BUILD_DIR}/config"
+    rsync -aHAX --delete ./config/includes.chroot/ "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/"
+    chmod 0755 ./config/includes.chroot/etc/ciss/keys
+    chmod 0444 ./config/includes.chroot/etc/ciss/keys/*
 
   fi