diff --git a/.github/workflows/add_repo_issue_to_gh_project.yml b/.github/workflows/add_repo_issue_to_gh_project.yml
index 80d7344..4a056eb 100644
--- a/.github/workflows/add_repo_issue_to_gh_project.yml
+++ b/.github/workflows/add_repo_issue_to_gh_project.yml
@@ -14,4 +14,4 @@ jobs:
       - uses: actions/add-to-project@main
         with:
           project-url: https://github.com/orgs/ansible-lockdown/projects/1
-          github-token: ${{ secrets.ALD_GH_PROJECT }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/update_galaxy.yml b/.github/workflows/update_galaxy.yml
new file mode 100644
index 0000000..b6ee6a1
--- /dev/null
+++ b/.github/workflows/update_galaxy.yml
@@ -0,0 +1,19 @@
+---
+
+    name: update galaxy
+
+    on:
+        push:
+            branches:
+                - main
+    jobs:
+        update_role:
+            runs-on: ubuntu-latest
+            steps:
+                - name: Checkout repo
+                  uses: actions/checkout@v4
+
+                - name: Action Ansible Galaxy Release ${{ github.ref_name }}
+                  uses: ansible-actions/ansible-galaxy-action@main
+                  with:
+                    galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index dbc1d7e..0091b2a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -41,12 +41,12 @@ repos:
   - id: detect-secrets
 
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.30.0
+  rev: v8.28.0
   hooks:
   - id: gitleaks
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v25.12.2
+  rev: v25.9.2
   hooks:
   - id: ansible-lint
     name: Ansible-lint
diff --git a/Changelog.md b/Changelog.md
index ac9c3b6..737f860 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,6 @@
 # Changes to rhel9CIS
 
+
 ## 2.0.4 - Based on CIS v2.0.0
 
 - addressed issue #393 thank you to @fragglexarmy
@@ -10,9 +11,6 @@
 - work flow updates
 - audit logic improvements
 - auditd template 2.19 compatible
-- pre-commit updates
-- #410 thanks to @kpi-nourman
-- #413 thanks to @bbaassssiiee
 
 ## 2.0.3 - Based on CIS v2.0.0
 - addressed issue #387, thank you @fragglexarmy
diff --git a/defaults/main.yml b/defaults/main.yml
index f620a72..fbe81eb 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -802,8 +802,6 @@ rhel9cis_tftp_client: false
 ## Control 3.1.1 - Ensure IPv6 status is identified
 # This variable governs whether ipv6 is enabled or disabled.
 rhel9cis_ipv6_required: true
-# rhel9cis_ipv6_disable defines the method of disabling IPv6, sysctl vs kernel
-rhel9cis_ipv6_disable_method: "sysctl"
 
 ## Control 3.1.2 - Ensure wireless interfaces are disabled
 # if wireless adapter found allow network manager to be installed
diff --git a/tasks/main.yml b/tasks/main.yml
index 4d1887d..760ee1b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -134,7 +134,7 @@
     - rule_5.4.2.4
   block:
     - name: "Ensure root password is set"
-      ansible.builtin.shell: LC_ALL=C passwd -S root | grep -E "(Alternate authentication|Password set|Password locked)"
+      ansible.builtin.shell: LC_ALL=C passwd -S root | grep -E "(Password set|Password locked)"
       changed_when: false
       failed_when: prelim_root_passwd_set.rc not in [ 0, 1 ]
       register: prelim_root_passwd_set
diff --git a/tasks/section_3/cis_3.1.x.yml b/tasks/section_3/cis_3.1.x.yml
index ff9ec46..a20c0e9 100644
--- a/tasks/section_3/cis_3.1.x.yml
+++ b/tasks/section_3/cis_3.1.x.yml
@@ -16,30 +16,15 @@
     - rule_3.1.1
     - NIST800-53R5_CM-7
   block:
-    - name: "3.1.1 | PATCH | Ensure IPv6 status is identified | Set vars for sysctl template"
-      when: "'sysctl' in rhel9cis_ipv6_disable_method"
+    - name: "3.1.1 | PATCH | Ensure IPv6 status is identified | refresh"
       ansible.builtin.set_fact:
         rhel9cis_sysctl_update: true
         rhel9cis_flush_ipv6_route: true
 
-    - name: "3.1.1 | AUDIT | Ensure IPv6 status is identified | Message out implementation info"
-      when: "'sysctl' in rhel9cis_ipv6_disable_method"
+    - name: "3.1.1 | PATCH | Ensure IPv6 status is identified | disable"
       ansible.builtin.debug:
         msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-disable_ipv6.conf"
 
-    - name: "3.1.1 | AUDIT | Ensure IPv6 status is identified | Find IPv6 status"
-      when: "'kernel' in rhel9cis_ipv6_disable_method"
-      ansible.builtin.command: grubby --info=ALL
-      changed_when: false
-      failed_when: false
-      register: discovered_rhel9cis_3_1_1_ipv6_status
-
-    - name: "3.1.1 | PATCH | Ensure IPv6 status is identified | Disable IPV6 via Kernel"
-      when:
-        - "'kernel' in rhel9cis_ipv6_disable_method"
-        - "'ipv6.disable=1' not in discovered_rhel9cis_3_1_1_ipv6_status.stdout"
-      ansible.builtin.shell: grubby --update-kernel=ALL --args="ipv6.disable=1"
-
 - name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled"
   when:
     - rhel9cis_rule_3_1_2
diff --git a/templates/etc/dconf/db/gdm.d/01-banner-message.j2 b/templates/etc/dconf/db/gdm.d/01-banner-message.j2
index ec42bfc..901e9e0 100644
--- a/templates/etc/dconf/db/gdm.d/01-banner-message.j2
+++ b/templates/etc/dconf/db/gdm.d/01-banner-message.j2
@@ -4,4 +4,4 @@
 
 [org/gnome/login-screen]
 banner-message-enable=true
-banner-message-text="{{ rhel9cis_warning_banner | trim | replace("\n", "\\n") }}"
+banner-message-text="{{ rhel9cis_warning_banner }}"
diff --git a/templates/etc/sysctl.d/60-disable_ipv6.conf.j2 b/templates/etc/sysctl.d/60-disable_ipv6.conf.j2
index b4b5318..bdded40 100644
--- a/templates/etc/sysctl.d/60-disable_ipv6.conf.j2
+++ b/templates/etc/sysctl.d/60-disable_ipv6.conf.j2
@@ -4,7 +4,4 @@
 {% if rhel9cis_rule_3_1_1 and not rhel9cis_ipv6_required %}
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
-{% for interface in ansible_interfaces %}
-net.ipv6.conf.{{ interface }}.disable_ipv6 = 1
-{% endfor %}
 {% endif %}