diff --git a/bin/hardening/3.1_bootloader_ownership.sh b/bin/hardening/3.1_bootloader_ownership.sh
new file mode 100755
index 0000000..b31250d
--- /dev/null
+++ b/bin/hardening/3.1_bootloader_ownership.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+#
+# CIS Debian 7 Hardening
+#
+
+#
+# 3.1 Set User/Group Owner on bootloader config (Scored)
+#
+
+set -e # One error, it's over
+set -u # One variable unset, it's over
+
+# Assertion : Grub Based.
+
+FILE='/boot/grub/grub.cfg'
+USER='root'
+GROUP='root'
+
+# This function will be called if the script status is on enabled / audit mode
+audit () {
+    has_file_correct_ownership $FILE $USER $GROUP
+    if [ $FNRET = 0 ]; then
+        ok "$FILE has correct ownership"
+    else
+        crit "$FILE is not $USER:$GROUP ownership set"
+    fi 
+}
+
+# This function will be called if the script status is on enabled mode
+apply () {
+    has_file_correct_ownership $FILE $USER $GROUP
+    if [ $FNRET = 0 ]; then
+        ok "$FILE has correct ownership"
+    else
+        info "fixing $FILE ownership to $USER:$GROUP"
+        chown $USER:$GROUP $FILE
+    fi
+}
+
+# This function will check config parameters required
+check_config() {
+    does_user_exist $USER
+    if [ $FNRET != 0 ]; then
+        crit "$USER does not exist"
+        exit 128
+    fi
+    does_group_exist $GROUP
+    if [ $FNRET != 0 ]; then
+        crit "$GROUP does not exist"
+        exit 128
+    fi
+    does_file_exist $FILE
+    if [ $FNRET != 0 ]; then
+        crit "$FILE does not exist"
+        exit 128
+    fi
+}
+
+# Source Root Dir Parameter
+if [ ! -r /etc/default/cis-hardenning ]; then
+    echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting"
+    exit 128
+else
+    . /etc/default/cis-hardenning
+    if [ -z $CIS_ROOT_DIR ]; then
+        echo "No CIS_ROOT_DIR variable, aborting"
+    fi
+fi 
+
+# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
+[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh
diff --git a/etc/conf.d/3.1_bootloader_ownership.cfg b/etc/conf.d/3.1_bootloader_ownership.cfg
new file mode 100644
index 0000000..e1e4502
--- /dev/null
+++ b/etc/conf.d/3.1_bootloader_ownership.cfg
@@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
diff --git a/lib/utils.sh b/lib/utils.sh
index 5d534b3..b04f2bc 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -1,5 +1,54 @@
 # CIS Debian 7 Hardening Utility functions
 
+#
+# File manipulation
+#
+
+does_file_exist() {
+    local FILE=$1
+    if [ -e $FILE ]; then
+        FNRET=0
+    else
+        FNRET=1
+    fi
+}
+
+has_file_correct_ownership() {
+    local FILE=$1
+    local USER=$2
+    local GROUP=$3
+    local USERID=$(id -u $USER)
+    local GROUPID=$(id -u $GROUP)
+
+    if [ "$(stat -c "%u %g" /boot/grub/grub.cfg)" = "$USERID $GROUPID" ]; then
+        FNRET=0
+    else
+        FNRET=1
+    fi
+}
+
+#
+# User manipulation
+#
+
+does_user_exist() {
+    local USER=$1
+    if $(getent passwd $USER >/dev/null 2>&1); then
+        FNRET=0
+    else
+        FNRET=1
+    fi
+}
+
+does_group_exist() {
+    local GROUP=$1
+    if $(getent group $GROUP >/dev/null 2>&1); then
+        FNRET=0
+    else
+        FNRET=1
+    fi
+}
+
 #
 # Service Boot Checks
 #