diff --git a/handlers/main.yml b/handlers/main.yml
index c033fa99..41e7a222 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -74,6 +74,8 @@
   command: "{{ grub_update_cmd }}"
   when:
     - security_enable_grub_update | bool
+    - grub_update_binary.stat.exists | bool
+    - grub_update_binary.stat.executable | bool
   notify:
     - set bootloader file permissions after updating grub config
 
diff --git a/tasks/main.yml b/tasks/main.yml
index 18fa5ddb..10e56b97 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -45,6 +45,13 @@
     tags:
       - always
 
+  - name: Check if grub is present on the remote node
+    stat:
+      path: "{{ grub_update_cmd.split(' ')[0] }}"
+    register: grub_update_binary
+    tags:
+      - always
+
   - name: Install EPEL repository
     yum:
       name: epel-release
diff --git a/vars/redhat.yml b/vars/redhat.yml
index b48141d1..c3424218 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -39,7 +39,7 @@ chrony_service: chronyd
 clamav_service: 'clamd@scan'
 
 # Commands
-grub_update_cmd: "grub2-mkconfig -o {{ grub_config_file_boot }}"
+grub_update_cmd: "/usr/sbin/grub2-mkconfig -o {{ grub_config_file_boot }}"
 ssh_keysign_path: /usr/libexec/openssh
 
 # RHEL 6 STIG: Packages to add/remove
diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml
index f56ac3da..cb6d4a29 100644
--- a/vars/ubuntu.yml
+++ b/vars/ubuntu.yml
@@ -42,7 +42,7 @@ chrony_service: chrony
 clamav_service: clamav-daemon
 
 # Commands
-grub_update_cmd: "update-grub"
+grub_update_cmd: "/usr/sbin/update-grub"
 ssh_keysign_path: /usr/lib/openssh
 
 # RHEL 6 STIG: Packages to add/remove