diff --git a/tasks/fprobe.yml b/tasks/fprobe.yml
index 03ecf34..73b6f54 100644
--- a/tasks/fprobe.yml
+++ b/tasks/fprobe.yml
@@ -30,12 +30,46 @@
 #      command: "fprobe-ulog -c /var/tmp {{ fprobe_flow_collector }}"
 #  when: ansible_os_family == 'RedHat' and ps is defined and ps.stdout is defined and ps.stdout.find(" fprobe-ulog ") == -1
 
-- name: add init.d script
-  template: src=init.d-fprobe.j2 dest=/etc/rc.d/init.d/fprobe-ulog mode=0755
-  when: ansible_os_family == 'RedHat' and ansible_service_mgr != 'systemd'
-- name: add systemd script
-  template: "src=systemd-fprobe-ulog.service.j2 dest=/lib/systemd/system/{{ fprobe_svc }}.service mode=0644"
+- block:
+    - name: install fprobe systemd configuration
+      template:
+        src: "systemd-fprobe-ulog.service.j2"
+        dest: "/lib/systemd/system/{{ fprobe_svc }}.service"
+        mode: '0644'
+        backup: yes
+      register: systemdconf
+      ignore_errors: true
+    - block:
+        - include: "immutable.yml target_dir=/lib/systemd/system state=pre"
+        - name: install fprobe systemd configuration
+          template:
+            src: "systemd-fprobe-ulog.service.j2"
+            dest: "/lib/systemd/system/{{ fprobe_svc }}.service"
+            mode: '0644'
+            backup: yes
+        - include: "immutable.yml target_dir=/lib/systemd/system state=post"
+      when: systemdconf|failed
   when: ansible_service_mgr == 'systemd'
+- block:
+    - name: add fprobe init.d script
+      template:
+        src: init.d-fprobe.j2
+        dest: /etc/rc.d/init.d/fprobe-ulog
+        mode: '0755'
+        backup: yes
+      register: initdconf
+      ignore_errors: true
+    - block:
+        - include: "immutable.yml target_dir=/etc/rc.d/init.d state=pre"
+        - name: install fprobe systemd configuration
+          template:
+            src: init.d-fprobe.j2
+            dest: /etc/rc.d/init.d/fprobe-ulog
+            mode: '0755'
+            backup: yes
+        - include: "immutable.yml target_dir=/etc/rc.d/init.d state=post"
+      when: initdconf|failed
+  when: ansible_os_family == 'RedHat' and ansible_service_mgr != 'systemd'
 
 - name: ensure service is enabled and started
   service: name={{ fprobe_svc }} state=started enabled=yes
diff --git a/tasks/immutable.yml b/tasks/immutable.yml
new file mode 100644
index 0000000..8cc81c9
--- /dev/null
+++ b/tasks/immutable.yml
@@ -0,0 +1,30 @@
+---
+## manage install when some directories are immutable
+## requires target_dir, state=pre/post
+
+- block:
+## Ansible 2.3+ for get_attributes
+    - name: check target_dir {{ target_dir }} attributes
+#     stat:
+#       path: "{{ target_dir }}"
+#       get_attributes: yes
+      command: "lsattr -d '{{ target_dir }}'"
+      register: dir
+      changed_when: false
+      ignore_errors: true
+
+    - name: Remove immutable attribute
+      command: "chattr -i '{{ target_dir }}'"
+      ignore_errors: true
+      when: dir.stdout.find('-i-') != -1
+  when: state == 'pre'
+
+- name: Reestablish immutable attribute
+  command: "chattr +i '{{ target_dir }}'"
+#  file:
+#    dest: "{{ target_dir }}"
+#    attributes: '----i-----I--e--'
+  when: state == 'post'
+  ignore_errors: true
+
+