diff --git a/defaults/main.yml b/defaults/main.yml
index 6ae4b24..cfa610c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -898,7 +898,7 @@ rhel9cis_auditd_uid_exclude:
 # This variable governs which logging service should be used, choosing between 'rsyslog'(CIS recommendation)
 # or 'journald'(only one is implemented) will trigger the execution of the associated subsection, as the-best
 # practices are written wholly independent of each other.
-rhel9cis_syslog: rsyslog
+rhel9cis_syslog: journald
 ## Control 4.2.1.5 | PATCH | Ensure logging is configured
 # This variable governs if current Ansible role should manage syslog settings
 # in /etc/rsyslog.conf file, namely mail, news and misc(warn, messages)
diff --git a/vars/AlmaLinux.yml b/vars/AlmaLinux.yml
index b0eb3d9..a0fa6ba 100644
--- a/vars/AlmaLinux.yml
+++ b/vars/AlmaLinux.yml
@@ -5,3 +5,9 @@ os_gpg_key_pubkey_name: gpg-pubkey-b86b3716-61e69f29
 os_gpg_key_pubkey_content: "AlmaLinux OS 9 <packager@almalinux.org> b86b3716"
 # disable repo_gpgcheck due to OS default repos
 rhel9cis_rule_enable_repogpg: false
+
+rhel9cis_sshd:
+    # This variable sets the maximum number of unresponsive "keep-alive" messages
+    # that can be sent from the server to the client before the connection is considered
+    # inactive and thus, closed.
+    clientalivecountmax: 3
\ No newline at end of file
diff --git a/vars/Rocky.yml b/vars/Rocky.yml
index 77af29c..7d9f014 100644
--- a/vars/Rocky.yml
+++ b/vars/Rocky.yml
@@ -3,3 +3,9 @@
 
 os_gpg_key_pubkey_name: gpg-pubkey-350d275d-6279464b
 os_gpg_key_pubkey_content: "Rocky Enterprise Software Foundation - Release key 2022 <releng@rockylinux.org> 350d275d"
+
+rhel9cis_sshd:
+    # This variable sets the maximum number of unresponsive "keep-alive" messages
+    # that can be sent from the server to the client before the connection is considered
+    # inactive and thus, closed.
+    clientalivecountmax: 3
\ No newline at end of file