diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index 5695843..1ec355b 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -243,13 +243,12 @@
     mode: 'go-rwx'
     state: touch
 
-- name: "PRELIM | AUDIT | Capture pam secuirty related files"
+- name: "PRELIM | AUDIT | Capture pam security related files"
   tags: always
   ansible.builtin.find:
     paths:
       - /etc/security/pwquality.conf.d/
-      - /etc/pam.d/
-    patterns: '*-auth,*.conf'
+    patterns: '*.conf'
   register: prelim_pam_pwquality_confs
 
 - name: "PRELIM | AUDIT | Gather UID 0 accounts other than root"
diff --git a/tasks/section_5/cis_5.3.3.2.x.yml b/tasks/section_5/cis_5.3.3.2.x.yml
index 702503d..e8e1530 100644
--- a/tasks/section_5/cis_5.3.3.2.x.yml
+++ b/tasks/section_5/cis_5.3.3.2.x.yml
@@ -14,13 +14,15 @@
       when:
         - item != rhel9cis_passwd_difok_file
         - rhel9cis_disruption_high
-      ansible.builtin.replace:
+      ansible.builtin.lineinfile:
         path: "{{ item }}"
         regexp: 'difok\s*=\s*\d+\b'
-        replace: ''
+        state: absent
       loop:
         - /etc/security/pwquality.conf
-        - "{{ prelim_pam_pwquality_confs.files | default ([]) }}"
+        - /etc/pam.d/system-auth
+        - /etc/pam.d/password-auth
+        - "{{ prelim_pam_pwquality_confs.files | default([]) }}"
 
     - name: "5.3.3.2.1 | PATCH | Ensure password number of changed characters is configured | Ensure difok file exists"
       ansible.builtin.template:
@@ -69,13 +71,15 @@
       when:
         - item != rhel9cis_passwd_minlen_file
         - rhel9cis_disruption_high
-      ansible.builtin.replace:
+      ansible.builtin.lineinfile:
         path: "{{ item }}"
         regexp: 'minlen\s*=\s*\d+\b'
-        replace: ''
+        state: absent
       loop:
         - /etc/security/pwquality.conf
-        - "{{ prelim_pam_pwquality_confs.files | default ([]) }}"
+        - /etc/pam.d/system-auth
+        - /etc/pam.d/password-auth
+        - "{{ prelim_pam_pwquality_confs.files | default([]) }}"
 
     - name: "5.3.3.2.2 | PATCH | Ensure minimum password length is configured | Ensure minlen file exists"
       ansible.builtin.template:
@@ -124,13 +128,15 @@
       when:
         - item != rhel9cis_passwd_complex_file
         - rhel9cis_disruption_high
-      ansible.builtin.replace:
+      ansible.builtin.lineinfile:
         path: "{{ item }}"
         regexp: '(minclass|[dulo]credit)\s*=\s*(-\d|\d+)\b'
-        replace: ''
+        state: absent
       loop:
         - /etc/security/pwquality.conf
-        - "{{ prelim_pam_pwquality_confs.files | default ([]) }}"
+        - /etc/pam.d/system-auth
+        - /etc/pam.d/password-auth
+        - "{{ prelim_pam_pwquality_confs.files | default([]) }}"
 
     - name: "5.3.3.2.3 | PATCH | Ensure password complexity is configured | Ensure complexity file exists"
       ansible.builtin.template:
@@ -177,13 +183,15 @@
   block:
     - name: "5.3.3.2.4 | PATCH | Ensure password same consecutive characters is configured | Remove maxrepeat settings from conf files except expected file"
       when: item != rhel9cis_passwd_maxrepeat_file
-      ansible.builtin.replace:
+      ansible.builtin.lineinfile:
         path: "{{ item }}"
         regexp: 'maxrepeat\s*=\s*\d+\b'
-        replace: ''
+        state: absent
       loop:
         - /etc/security/pwquality.conf
-        - "{{ prelim_pam_pwquality_confs.files | default ([]) }}"
+        - /etc/pam.d/system-auth
+        - /etc/pam.d/password-auth
+        - "{{ prelim_pam_pwquality_confs.files | default([]) }}"
 
     - name: "5.3.3.2.4 | PATCH | Ensure password same consecutive characters is configured | Ensure maxrepeat file exists"
       ansible.builtin.template:
@@ -232,13 +240,15 @@
       when:
         - item != rhel9cis_passwd_maxsequence_file
         - rhel9cis_disruption_high
-      ansible.builtin.replace:
+      ansible.builtin.lineinfile:
         path: "{{ item }}"
         regexp: 'maxsequence\s*=\s*\d+\b'
-        replace: ''
+        state: absent
       loop:
         - /etc/security/pwquality.conf
-        - "{{ prelim_pam_pwquality_confs.files | default ([]) }}"
+        - /etc/pam.d/system-auth
+        - /etc/pam.d/password-auth
+        - "{{ prelim_pam_pwquality_confs.files | default([]) }}"
 
     - name: "5.3.3.2.5 | PATCH | Ensure password maximum sequential characters is configured | Ensure maxsequence file exists"
       ansible.builtin.template:
@@ -286,13 +296,15 @@
     - name: "5.3.3.2.6 | PATCH | Ensure password dictionary check is enabled | Remove dictcheck settings from conf files except expected file"
       when:
         - item != rhel9cis_passwd_dictcheck_file
-      ansible.builtin.replace:
+      ansible.builtin.lineinfile:
         path: "{{ item }}"
         regexp: 'dictcheck\s*=\s*\d+\b'
-        replace: ''
+        state: absent
       loop:
         - /etc/security/pwquality.conf
-        - "{{ prelim_pam_pwquality_confs.files | default ([]) }}"
+        - /etc/pam.d/system-auth
+        - /etc/pam.d/password-auth
+        - "{{ prelim_pam_pwquality_confs.files | default([]) }}"
 
     - name: "5.3.3.2.6 | PATCH | Ensure password dictionary check is enabled | Ensure dictcheck file exists"
       ansible.builtin.template: