diff --git a/remediation-kits/access-and-control/1.13-ensure-ssh-loglevel-is-appropriate.sh b/remediation-kits/access-and-control/1.13-ensure-ssh-loglevel-is-appropriate.sh
index 21e931b6e4bb444ebb6035d2dd41391670518236..c4f74762a768cf612aa45757850df70b0c03d999 100644
--- a/remediation-kits/access-and-control/1.13-ensure-ssh-loglevel-is-appropriate.sh
+++ b/remediation-kits/access-and-control/1.13-ensure-ssh-loglevel-is-appropriate.sh
@@ -1 +1 @@
-egrep -q "^(\s*)LogLevel\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)LogLevel\s+\S+(\s*#.*)?\s*$/\1LogLevel INFO\2/" /etc/ssh/sshd_config || echo "LogLevel INFO" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)LogLevel\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)LogLevel\s+\S+(\s*#.*)?\s*$/\1LogLevel INFO\2/" /etc/ssh/sshd_config || echo "LogLevel INFO" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.14-ensure-ssh-maxauthtries-is-set-to-4-or-less.sh b/remediation-kits/access-and-control/1.14-ensure-ssh-maxauthtries-is-set-to-4-or-less.sh
index 7dee409b4d3a9ff84f568e500a255bf45a11eaa0..c788cf6aa0cbf0fba0706d112ee7c94e8fa030d3 100644
--- a/remediation-kits/access-and-control/1.14-ensure-ssh-maxauthtries-is-set-to-4-or-less.sh
+++ b/remediation-kits/access-and-control/1.14-ensure-ssh-maxauthtries-is-set-to-4-or-less.sh
@@ -1 +1 @@
-egrep -q "^(\s*)MaxAuthTries\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)MaxAuthTries\s+\S+(\s*#.*)?\s*$/\1MaxAuthTries 4\2/" /etc/ssh/sshd_config || echo "MaxAuthTries 4" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)MaxAuthTries\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)MaxAuthTries\s+\S+(\s*#.*)?\s*$/\1MaxAuthTries 4\2/" /etc/ssh/sshd_config || echo "MaxAuthTries 4" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.15-ensure-ssh-ignorerhosts-is-enabled.sh b/remediation-kits/access-and-control/1.15-ensure-ssh-ignorerhosts-is-enabled.sh
index 3a0b2444f8a024534891a0a5062c1c261935a38f..ae6c4769471fae52e8f4426a68fd370c53c3a042 100644
--- a/remediation-kits/access-and-control/1.15-ensure-ssh-ignorerhosts-is-enabled.sh
+++ b/remediation-kits/access-and-control/1.15-ensure-ssh-ignorerhosts-is-enabled.sh
@@ -1 +1 @@
-egrep -q "^(\s*)IgnoreRhosts\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)IgnoreRhosts\s+\S+(\s*#.*)?\s*$/\1IgnoreRhosts yes\2/" /etc/ssh/sshd_config || echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)IgnoreRhosts\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)IgnoreRhosts\s+\S+(\s*#.*)?\s*$/\1IgnoreRhosts yes\2/" /etc/ssh/sshd_config || echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.16-ensure-ssh-hostbasedauthentication-is-disabled.sh b/remediation-kits/access-and-control/1.16-ensure-ssh-hostbasedauthentication-is-disabled.sh
index 2eeb713c67f789c36d6c486ad806970d9c525ffe..e656d0db57529b1381b04b53b01ddb7ffe3fb3a4 100644
--- a/remediation-kits/access-and-control/1.16-ensure-ssh-hostbasedauthentication-is-disabled.sh
+++ b/remediation-kits/access-and-control/1.16-ensure-ssh-hostbasedauthentication-is-disabled.sh
@@ -1 +1 @@
-egrep -q "^(\s*)HostbasedAuthentication\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)HostbasedAuthentication\s+\S+(\s*#.*)?\s*$/\1HostbasedAuthentication no\2/" /etc/ssh/sshd_config || echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)HostbasedAuthentication\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)HostbasedAuthentication\s+\S+(\s*#.*)?\s*$/\1HostbasedAuthentication no\2/" /etc/ssh/sshd_config || echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.17-ensure-ssh-root-login-is-disabled.sh b/remediation-kits/access-and-control/1.17-ensure-ssh-root-login-is-disabled.sh
index e5cb44cf9771ccb8fc5789c9ae0464ef1f9028b2..2907dce7ce61c594d9380de88f328ae504dcdd36 100644
--- a/remediation-kits/access-and-control/1.17-ensure-ssh-root-login-is-disabled.sh
+++ b/remediation-kits/access-and-control/1.17-ensure-ssh-root-login-is-disabled.sh
@@ -1 +1 @@
-egrep -q "^(\s*)PermitRootLogin\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)PermitRootLogin\s+\S+(\s*#.*)?\s*$/\1PermitRootLogin no\2/" /etc/ssh/sshd_config || echo "PermitRootLogin no" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)PermitRootLogin\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)PermitRootLogin\s+\S+(\s*#.*)?\s*$/\1PermitRootLogin no\2/" /etc/ssh/sshd_config || echo "PermitRootLogin no" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.18-ensure-ssh-permitemptypasswords-is-disabled.sh b/remediation-kits/access-and-control/1.18-ensure-ssh-permitemptypasswords-is-disabled.sh
index 18205cc8b14140f4ab00d8c32f029aa341a588b2..b74e7ab77a3b9f2b88270900e4fd9871f50b8a3f 100644
--- a/remediation-kits/access-and-control/1.18-ensure-ssh-permitemptypasswords-is-disabled.sh
+++ b/remediation-kits/access-and-control/1.18-ensure-ssh-permitemptypasswords-is-disabled.sh
@@ -1 +1 @@
-egrep -q "^(\s*)PermitEmptyPasswords\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)PermitEmptyPasswords\s+\S+(\s*#.*)?\s*$/\1PermitEmptyPasswords no\2/" /etc/ssh/sshd_config || echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)PermitEmptyPasswords\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)PermitEmptyPasswords\s+\S+(\s*#.*)?\s*$/\1PermitEmptyPasswords no\2/" /etc/ssh/sshd_config || echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.19-ensure-ssh-permituserenvironment-is-disabled.sh b/remediation-kits/access-and-control/1.19-ensure-ssh-permituserenvironment-is-disabled.sh
index d3903a4b15124b4744d03b58e1d9629d354327e5..26173aef5da8fb9951f430ccb3694f8d2b4d6b7b 100644
--- a/remediation-kits/access-and-control/1.19-ensure-ssh-permituserenvironment-is-disabled.sh
+++ b/remediation-kits/access-and-control/1.19-ensure-ssh-permituserenvironment-is-disabled.sh
@@ -1 +1 @@
-egrep -q "^(\s*)PermitUserEnvironment\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)PermitUserEnvironment\s+\S+(\s*#.*)?\s*$/\1PermitUserEnvironment no\2/" /etc/ssh/sshd_config || echo "PermitUserEnvironment no" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)PermitUserEnvironment\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)PermitUserEnvironment\s+\S+(\s*#.*)?\s*$/\1PermitUserEnvironment no\2/" /etc/ssh/sshd_config || echo "PermitUserEnvironment no" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.20-ensure-ssh-idle-timeout-interval-is-configured.sh b/remediation-kits/access-and-control/1.20-ensure-ssh-idle-timeout-interval-is-configured.sh
index 0e253f8eed82d5f1c1a8a7ce06794ddb19a3aa8a..ac8940fd01aed1258a0a2da75d752bfdc0066129 100644
--- a/remediation-kits/access-and-control/1.20-ensure-ssh-idle-timeout-interval-is-configured.sh
+++ b/remediation-kits/access-and-control/1.20-ensure-ssh-idle-timeout-interval-is-configured.sh
@@ -1,2 +1,2 @@
-egrep -q "^(\s*)ClientAliveInterval\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)ClientAliveInterval\s+\S+(\s*#.*)?\s*$/\1ClientAliveInterval 900\2/" /etc/ssh/sshd_config || echo "ClientAliveInterval 300" >> /etc/ssh/sshd_config
-egrep -q "^(\s*)ClientAliveCountMax\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)ClientAliveCountMax\s+\S+(\s*#.*)?\s*$/\1ClientAliveCountMax 0\2/" /etc/ssh/sshd_config || echo "ClientAliveCountMax 0" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)ClientAliveInterval\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)ClientAliveInterval\s+\S+(\s*#.*)?\s*$/\1ClientAliveInterval 900\2/" /etc/ssh/sshd_config || echo "ClientAliveInterval 300" >> /etc/ssh/sshd_config
+grep -Eq "^(\s*)ClientAliveCountMax\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)ClientAliveCountMax\s+\S+(\s*#.*)?\s*$/\1ClientAliveCountMax 0\2/" /etc/ssh/sshd_config || echo "ClientAliveCountMax 0" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.21-ensure-ssh-logingracetime-is-set-to-one-minute-or-less.sh b/remediation-kits/access-and-control/1.21-ensure-ssh-logingracetime-is-set-to-one-minute-or-less.sh
index cbba3dee69ba9f116671a5fa8c15a169b42000e2..65003ec680088eb9b85ac162f0a895ac14f7f655 100644
--- a/remediation-kits/access-and-control/1.21-ensure-ssh-logingracetime-is-set-to-one-minute-or-less.sh
+++ b/remediation-kits/access-and-control/1.21-ensure-ssh-logingracetime-is-set-to-one-minute-or-less.sh
@@ -1 +1 @@
-egrep -q "^(\s*)LoginGraceTime\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)LoginGraceTime\s+\S+(\s*#.*)?\s*$/\1LoginGraceTime 60\2/" /etc/ssh/sshd_config || echo "LoginGraceTime 60" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)LoginGraceTime\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)LoginGraceTime\s+\S+(\s*#.*)?\s*$/\1LoginGraceTime 60\2/" /etc/ssh/sshd_config || echo "LoginGraceTime 60" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.22-ensure-ssh-warning-banner-is-configured.sh b/remediation-kits/access-and-control/1.22-ensure-ssh-warning-banner-is-configured.sh
index 4e5e59bb2aa2b30ab11e4f62198e30fdcdf5dba2..3b6a476ccea5aa165988818f32766497d39da5a4 100644
--- a/remediation-kits/access-and-control/1.22-ensure-ssh-warning-banner-is-configured.sh
+++ b/remediation-kits/access-and-control/1.22-ensure-ssh-warning-banner-is-configured.sh
@@ -1 +1 @@
-egrep -q "^(\s*)Banner\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)Banner\s+\S+(\s*#.*)?\s*$/\1Banner \/etc\/issue.net\2/" /etc/ssh/sshd_config || echo "Banner /etc/issue.net" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)Banner\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)Banner\s+\S+(\s*#.*)?\s*$/\1Banner \/etc\/issue.net\2/" /etc/ssh/sshd_config || echo "Banner /etc/issue.net" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/access-and-control/1.27-ensure-password-creation-requirements-are-configured.sh b/remediation-kits/access-and-control/1.27-ensure-password-creation-requirements-are-configured.sh
index 72d682977ff253f784860a16e193a1389575d5c2..f376ec1f37e8ec057d05016d790f98a6c3b731e4 100644
--- a/remediation-kits/access-and-control/1.27-ensure-password-creation-requirements-are-configured.sh
+++ b/remediation-kits/access-and-control/1.27-ensure-password-creation-requirements-are-configured.sh
@@ -1,7 +1,7 @@
-egrep -q "^(\s*)minlen\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)minlen\s*=\s*\S+(\s*#.*)?\s*$/\minlen=14\2/" /etc/security/pwquality.conf || echo "minlen=14" >> /etc/security/pwquality.conf
-egrep -q "^(\s*)dcredit\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)dcredit\s*=\s*\S+(\s*#.*)?\s*$/\dcredit=-1\2/" /etc/security/pwquality.conf || echo "dcredit=-1" >> /etc/security/pwquality.conf
-egrep -q "^(\s*)ucredit\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)ucredit\s*=\s*\S+(\s*#.*)?\s*$/\ucredit=-1\2/" /etc/security/pwquality.conf || echo "ucredit=-1" >> /etc/security/pwquality.conf
-egrep -q "^(\s*)ocredit\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)ocredit\s*=\s*\S+(\s*#.*)?\s*$/\ocredit=-1\2/" /etc/security/pwquality.conf || echo "ocredit=-1" >> /etc/security/pwquality.conf
-egrep -q "^(\s*)lcredit\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)lcredit\s*=\s*\S+(\s*#.*)?\s*$/\lcredit=-1\2/" /etc/security/pwquality.conf || echo "lcredit=-1" >> /etc/security/pwquality.conf
-egrep -q "^\s*password\s+requisite\s+pam_pwquality.so\s+" /etc/pam.d/system-auth && sed -ri '/^\s*password\s+requisite\s+pam_pwquality.so\s+/ { /^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*(\s+try_first_pass)(\s+.*)?$/! s/^(\s*password\s+requisite\s+pam_pwquality.so\s+)(.*)$/\1try_first_pass \2/ }' /etc/pam.d/system-auth && sed -ri '/^\s*password\s+requisite\s+pam_pwquality.so\s+/ { /^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*(\s+retry=[0-9]+)(\s+.*)?$/! s/^(\s*password\s+requisite\s+pam_pwquality.so\s+)(.*)$/\1retry=3 \2/ }' /etc/pam.d/system-auth && sed -ri 's/(^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*\s+)retry=[0-9]+(\s+.*)?$/\1retry=3\3/' /etc/pam.d/system-auth || echo Ensure\ password\ creation\ requirements\ are\ configured - /etc/pam.d/system-auth not configured.
-egrep -q "^\s*password\s+requisite\s+pam_pwquality.so\s+" /etc/pam.d/password-auth && sed -ri '/^\s*password\s+requisite\s+pam_pwquality.so\s+/ { /^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*(\s+try_first_pass)(\s+.*)?$/! s/^(\s*password\s+requisite\s+pam_pwquality.so\s+)(.*)$/\1try_first_pass \2/ }' /etc/pam.d/password-auth && sed -ri '/^\s*password\s+requisite\s+pam_pwquality.so\s+/ { /^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*(\s+retry=[0-9]+)(\s+.*)?$/! s/^(\s*password\s+requisite\s+pam_pwquality.so\s+)(.*)$/\1retry=3 \2/ }' /etc/pam.d/password-auth && sed -ri 's/(^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*\s+)retry=[0-9]+(\s+.*)?$/\1retry=3\3/' /etc/pam.d/password-auth || echo Ensure\ password\ creation\ requirements\ are\ configured - /etc/pam.d/password-auth not configured.
\ No newline at end of file
+grep -Eq "^(\s*)minlen\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)minlen\s*=\s*\S+(\s*#.*)?\s*$/\minlen=14\2/" /etc/security/pwquality.conf || echo "minlen=14" >> /etc/security/pwquality.conf
+grep -Eq "^(\s*)dcredit\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)dcredit\s*=\s*\S+(\s*#.*)?\s*$/\dcredit=-1\2/" /etc/security/pwquality.conf || echo "dcredit=-1" >> /etc/security/pwquality.conf
+grep -Eq "^(\s*)ucredit\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)ucredit\s*=\s*\S+(\s*#.*)?\s*$/\ucredit=-1\2/" /etc/security/pwquality.conf || echo "ucredit=-1" >> /etc/security/pwquality.conf
+grep -Eq "^(\s*)ocredit\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)ocredit\s*=\s*\S+(\s*#.*)?\s*$/\ocredit=-1\2/" /etc/security/pwquality.conf || echo "ocredit=-1" >> /etc/security/pwquality.conf
+grep -Eq "^(\s*)lcredit\s*=\s*\S+(\s*#.*)?\s*$" /etc/security/pwquality.conf && sed -ri "s/^(\s*)lcredit\s*=\s*\S+(\s*#.*)?\s*$/\lcredit=-1\2/" /etc/security/pwquality.conf || echo "lcredit=-1" >> /etc/security/pwquality.conf
+grep -Eq "^\s*password\s+requisite\s+pam_pwquality.so\s+" /etc/pam.d/system-auth && sed -ri '/^\s*password\s+requisite\s+pam_pwquality.so\s+/ { /^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*(\s+try_first_pass)(\s+.*)?$/! s/^(\s*password\s+requisite\s+pam_pwquality.so\s+)(.*)$/\1try_first_pass \2/ }' /etc/pam.d/system-auth && sed -ri '/^\s*password\s+requisite\s+pam_pwquality.so\s+/ { /^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*(\s+retry=[0-9]+)(\s+.*)?$/! s/^(\s*password\s+requisite\s+pam_pwquality.so\s+)(.*)$/\1retry=3 \2/ }' /etc/pam.d/system-auth && sed -ri 's/(^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*\s+)retry=[0-9]+(\s+.*)?$/\1retry=3\3/' /etc/pam.d/system-auth || echo Ensure\ password\ creation\ requirements\ are\ configured - /etc/pam.d/system-auth not configured.
+grep -Eq "^\s*password\s+requisite\s+pam_pwquality.so\s+" /etc/pam.d/password-auth && sed -ri '/^\s*password\s+requisite\s+pam_pwquality.so\s+/ { /^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*(\s+try_first_pass)(\s+.*)?$/! s/^(\s*password\s+requisite\s+pam_pwquality.so\s+)(.*)$/\1try_first_pass \2/ }' /etc/pam.d/password-auth && sed -ri '/^\s*password\s+requisite\s+pam_pwquality.so\s+/ { /^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*(\s+retry=[0-9]+)(\s+.*)?$/! s/^(\s*password\s+requisite\s+pam_pwquality.so\s+)(.*)$/\1retry=3 \2/ }' /etc/pam.d/password-auth && sed -ri 's/(^\s*password\s+requisite\s+pam_pwquality.so(\s+\S+)*\s+)retry=[0-9]+(\s+.*)?$/\1retry=3\3/' /etc/pam.d/password-auth || echo Ensure\ password\ creation\ requirements\ are\ configured - /etc/pam.d/password-auth not configured.
diff --git a/remediation-kits/access-and-control/1.30-ensure-password-hashing-algorithm-is-sha-512.sh b/remediation-kits/access-and-control/1.30-ensure-password-hashing-algorithm-is-sha-512.sh
index aa6b0c6e46031d8d5f6f5f1589b557995ba9c0f9..28c105efa0b7e4203d5d14a1ab92a68c9119a790 100644
--- a/remediation-kits/access-and-control/1.30-ensure-password-hashing-algorithm-is-sha-512.sh
+++ b/remediation-kits/access-and-control/1.30-ensure-password-hashing-algorithm-is-sha-512.sh
@@ -1,2 +1,2 @@
-egrep -q "^\s*password\s+sufficient\s+pam_unix.so\s+" /etc/pam.d/system-auth && sed -ri '/^\s*password\s+sufficient\s+pam_unix.so\s+/ { /^\s*password\s+sufficient\s+pam_unix.so(\s+\S+)*(\s+sha512)(\s+.*)?$/! s/^(\s*password\s+sufficient\s+pam_unix.so\s+)(.*)$/\1sha512 \2/ }' /etc/pam.d/system-auth
-egrep -q "^\s*password\s+sufficient\s+pam_unix.so\s+" /etc/pam.d/password-auth && sed -ri '/^\s*password\s+sufficient\s+pam_unix.so\s+/ { /^\s*password\s+sufficient\s+pam_unix.so(\s+\S+)*(\s+sha512)(\s+.*)?$/! s/^(\s*password\s+sufficient\s+pam_unix.so\s+)(.*)$/\1sha512 \2/ }' /etc/pam.d/password-auth
\ No newline at end of file
+grep -Eq "^\s*password\s+sufficient\s+pam_unix.so\s+" /etc/pam.d/system-auth && sed -ri '/^\s*password\s+sufficient\s+pam_unix.so\s+/ { /^\s*password\s+sufficient\s+pam_unix.so(\s+\S+)*(\s+sha512)(\s+.*)?$/! s/^(\s*password\s+sufficient\s+pam_unix.so\s+)(.*)$/\1sha512 \2/ }' /etc/pam.d/system-auth
+grep -Eq "^\s*password\s+sufficient\s+pam_unix.so\s+" /etc/pam.d/password-auth && sed -ri '/^\s*password\s+sufficient\s+pam_unix.so\s+/ { /^\s*password\s+sufficient\s+pam_unix.so(\s+\S+)*(\s+sha512)(\s+.*)?$/! s/^(\s*password\s+sufficient\s+pam_unix.so\s+)(.*)$/\1sha512 \2/ }' /etc/pam.d/password-auth
diff --git a/remediation-kits/access-and-control/1.31-ensure-password-expiration-is-365-days-or-less.sh b/remediation-kits/access-and-control/1.31-ensure-password-expiration-is-365-days-or-less.sh
index 65925be0f8c44c7e0bbf9495b86d9c74f6578d49..8029db2d7f8609c97c67dd471ff4bfb7432c8001 100644
--- a/remediation-kits/access-and-control/1.31-ensure-password-expiration-is-365-days-or-less.sh
+++ b/remediation-kits/access-and-control/1.31-ensure-password-expiration-is-365-days-or-less.sh
@@ -1,2 +1,2 @@
-egrep -q "^(\s*)PASS_MAX_DAYS\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_MAX_DAYS\s+\S+(\s*#.*)?\s*$/\PASS_MAX_DAYS 365\2/" /etc/login.defs || echo "PASS_MAX_DAYS 365" >> /etc/login.defs
-getent passwd | cut -f1 -d ":" | xargs -n1 chage --maxdays 365
\ No newline at end of file
+grep -Eq "^(\s*)PASS_MAX_DAYS\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_MAX_DAYS\s+\S+(\s*#.*)?\s*$/\PASS_MAX_DAYS 365\2/" /etc/login.defs || echo "PASS_MAX_DAYS 365" >> /etc/login.defs
+getent passwd | cut -f1 -d ":" | xargs -n1 chage --maxdays 365
diff --git a/remediation-kits/access-and-control/1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh b/remediation-kits/access-and-control/1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh
index 330eb9e1e2bfa9fa1042d74300afd815c7f22dde..0f1777209b70514dcd9d6e84a80619669f02f8d0 100644
--- a/remediation-kits/access-and-control/1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh
+++ b/remediation-kits/access-and-control/1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh
@@ -1,2 +1,2 @@
-egrep -q "^(\s*)PASS_MIN_DAYS\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_MIN_DAYS\s+\S+(\s*#.*)?\s*$/\PASS_MIN_DAYS 7\2/" /etc/login.defs || echo "PASS_MIN_DAYS 7" >> /etc/login.defs
-getent passwd | cut -f1 -d ":" | xargs -n1 chage --mindays 7
\ No newline at end of file
+grep -Eq "^(\s*)PASS_MIN_DAYS\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_MIN_DAYS\s+\S+(\s*#.*)?\s*$/\PASS_MIN_DAYS 7\2/" /etc/login.defs || echo "PASS_MIN_DAYS 7" >> /etc/login.defs
+getent passwd | cut -f1 -d ":" | xargs -n1 chage --mindays 7
diff --git a/remediation-kits/access-and-control/1.33-ensure-password-expiration-warning-days-is-7-or-more.sh b/remediation-kits/access-and-control/1.33-ensure-password-expiration-warning-days-is-7-or-more.sh
index 27ef4a41d96a51efb3a50863915f8b7bb477f2ae..424e0126cd74a61649d23422304d55f519b4324d 100644
--- a/remediation-kits/access-and-control/1.33-ensure-password-expiration-warning-days-is-7-or-more.sh
+++ b/remediation-kits/access-and-control/1.33-ensure-password-expiration-warning-days-is-7-or-more.sh
@@ -1,2 +1,2 @@
-egrep -q "^(\s*)PASS_WARN_AGE\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_WARN_AGE\s+\S+(\s*#.*)?\s*$/\PASS_WARN_AGE 7\2/" /etc/login.defs || echo "PASS_WARN_AGE 7" >> /etc/login.defs
-getent passwd | cut -f1 -d ":" | xargs -n1 chage --warndays 7
\ No newline at end of file
+grep -Eq "^(\s*)PASS_WARN_AGE\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)PASS_WARN_AGE\s+\S+(\s*#.*)?\s*$/\PASS_WARN_AGE 7\2/" /etc/login.defs || echo "PASS_WARN_AGE 7" >> /etc/login.defs
+getent passwd | cut -f1 -d ":" | xargs -n1 chage --warndays 7
diff --git a/remediation-kits/access-and-control/1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh b/remediation-kits/access-and-control/1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh
index bf298c6c7eb9a78c3c766fc02dbe59842c49f4dc..e03ab96d2229aa64d1a6e9d9a7b0815e2f55597f 100644
--- a/remediation-kits/access-and-control/1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh
+++ b/remediation-kits/access-and-control/1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh
@@ -1,7 +1,7 @@
-egrep -q "^(\s*)umask\s+\S+(\s*#.*)?\s*$" /etc/profile.d/set_umask.sh && sed -ri "s/^(\s*)umask\s+\S+(\s*#.*)?\s*$/\1umask 027\2/" /etc/profile.d/set_umask.sh || echo "umask 027" >> /etc/profile.d/set_umask.sh
-egrep -q "^(\s*)umask\s+\S+(\s*#.*)?\s*$" /etc/bashrc && sed -ri "s/^(\s*)umask\s+\S+(\s*#.*)?\s*$/\1umask 027\2/" /etc/bashrc || echo "umask 027" >> /etc/bashrc
-egrep -q "^(\s*)umask\s+\S+(\s*#.*)?\s*$" /etc/profile && sed -ri "s/^(\s*)umask\s+\S+(\s*#.*)?\s*$/\1umask 027\2/" /etc/profile || echo "umask 027" >> /etc/profile
-egrep -q "^(\s*)UMASK\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)UMASK\s+\S+(\s*#.*)?\s*$/\1UMASK 027\2/" /etc/login.defs || echo "UMASK 027" >> /etc/login.defs
+grep -Eq "^(\s*)umask\s+\S+(\s*#.*)?\s*$" /etc/profile.d/set_umask.sh && sed -ri "s/^(\s*)umask\s+\S+(\s*#.*)?\s*$/\1umask 027\2/" /etc/profile.d/set_umask.sh || echo "umask 027" >> /etc/profile.d/set_umask.sh
+grep -Eq "^(\s*)umask\s+\S+(\s*#.*)?\s*$" /etc/bashrc && sed -ri "s/^(\s*)umask\s+\S+(\s*#.*)?\s*$/\1umask 027\2/" /etc/bashrc || echo "umask 027" >> /etc/bashrc
+grep -Eq "^(\s*)umask\s+\S+(\s*#.*)?\s*$" /etc/profile && sed -ri "s/^(\s*)umask\s+\S+(\s*#.*)?\s*$/\1umask 027\2/" /etc/profile || echo "umask 027" >> /etc/profile
+grep -Eq "^(\s*)UMASK\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)UMASK\s+\S+(\s*#.*)?\s*$/\1UMASK 027\2/" /etc/login.defs || echo "UMASK 027" >> /etc/login.defs
 grep -q "USERGROUPS_ENAB" /etc/login.defs && sed -ri "s/^(\s*)USERGROUPS_ENAB\s+\S+(\s*#.*)?\s*$/\1USERGROUPS_ENAB on\2/" /etc/login.defs  ||  echo "USERGROUPS_ENAB no" >> /etc/login.defs
 echo "session     optional                                     pam_umask.so"   >>  /etc/pam.d/password-auth
-echo "session     optional                                     pam_umask.so"   >>  /etc/pam.d/system-auth
\ No newline at end of file
+echo "session     optional                                     pam_umask.so"   >>  /etc/pam.d/system-auth
diff --git a/remediation-kits/access-and-control/1.40-ensure-access-to-the-su-command-is-restricted.sh b/remediation-kits/access-and-control/1.40-ensure-access-to-the-su-command-is-restricted.sh
index 163499f798391abb1a47186ad596a65803db5426..ef027872b9a8da610933924d62274804f21c02d5 100644
--- a/remediation-kits/access-and-control/1.40-ensure-access-to-the-su-command-is-restricted.sh
+++ b/remediation-kits/access-and-control/1.40-ensure-access-to-the-su-command-is-restricted.sh
@@ -1 +1 @@
-egrep -q "^\s*auth\s+required\s+pam_wheel.so(\s+.*)?$" /etc/pam.d/su && sed -ri '/^\s*auth\s+required\s+pam_wheel.so(\s+.*)?$/ { /^\s*auth\s+required\s+pam_wheel.so(\s+\S+)*(\s+use_uid)(\s+.*)?$/! s/^(\s*auth\s+required\s+pam_wheel.so)(\s+.*)?$/\1 use_uid\2/ }' /etc/pam.d/su || echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su
\ No newline at end of file
+grep -Eq "^\s*auth\s+required\s+pam_wheel.so(\s+.*)?$" /etc/pam.d/su && sed -ri '/^\s*auth\s+required\s+pam_wheel.so(\s+.*)?$/ { /^\s*auth\s+required\s+pam_wheel.so(\s+\S+)*(\s+use_uid)(\s+.*)?$/! s/^(\s*auth\s+required\s+pam_wheel.so)(\s+.*)?$/\1 use_uid\2/ }' /etc/pam.d/su || echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su
diff --git a/remediation-kits/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh b/remediation-kits/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh
index 7dee409b4d3a9ff84f568e500a255bf45a11eaa0..c788cf6aa0cbf0fba0706d112ee7c94e8fa030d3 100644
--- a/remediation-kits/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh
+++ b/remediation-kits/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh
@@ -1 +1 @@
-egrep -q "^(\s*)MaxAuthTries\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)MaxAuthTries\s+\S+(\s*#.*)?\s*$/\1MaxAuthTries 4\2/" /etc/ssh/sshd_config || echo "MaxAuthTries 4" >> /etc/ssh/sshd_config
\ No newline at end of file
+grep -Eq "^(\s*)MaxAuthTries\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config && sed -ri "s/^(\s*)MaxAuthTries\s+\S+(\s*#.*)?\s*$/\1MaxAuthTries 4\2/" /etc/ssh/sshd_config || echo "MaxAuthTries 4" >> /etc/ssh/sshd_config
diff --git a/remediation-kits/logging-and-auditing/2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh b/remediation-kits/logging-and-auditing/2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh
index 4470486032720db692d8e4b5e55724c20c11b85a..b331cca074d387f122b83b3313feaaf6d34772e0 100644
--- a/remediation-kits/logging-and-auditing/2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh
+++ b/remediation-kits/logging-and-auditing/2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh
@@ -1,10 +1,10 @@
-grep -Eq "\-w\s/etc/group\s\-p\swa\s\-k\sidentity
-\-w\s/etc/passwd\s\-p\swa\s\-k\sidentity
-\-w\s/etc/gshadow\s\-p\swa\s\-k\sidentity
-\-w\s/etc/shadow\s\-p\swa\s\-k\sidentity
-\-w\s/etc/security/opasswd\s\-p\swa\s\-k\sidentity" /etc/audit/rules.d/audit.rules || echo -e "-w /etc/group -p wa -k identity\n-w /etc/passwd -p wa -k identity\n-w /etc/gshadow -p wa -k identity\n-w /etc/shadow -p wa -k identity\n-w /etc/security/opasswd -p wa -k identity\n" >> /etc/audit/rules.d/audit.rules
-grep -Eq "\-w\s/etc/group\s\-p\swa\s\-k\sidentity
-\-w\s/etc/passwd\s\-p\swa\s\-k\sidentity
-\-w\s/etc/gshadow\s\-p\swa\s\-k\sidentity
-\-w\s/etc/shadow\s\-p\swa\s\-k\sidentity
-\-w\s/etc/security/opasswd\s\-p\swa\s\-k\sidentity" /etc/audit/audit.rules || echo -e "\n-w /etc/group -p wa -k identity\n-w /etc/passwd -p wa -k identity\n-w /etc/gshadow -p wa -k identity\n-w /etc/shadow -p wa -k identity\n-w /etc/security/opasswd -p wa -k identity\n" >> /etc/audit/audit.rules
\ No newline at end of file
+grep -q "\-w /etc/group -p wa -k identity
+-w /etc/passwd -p wa -k identity
+-w /etc/gshadow -p wa -k identity
+-w /etc/shadow -p wa -k identity
+-w /etc/security/opasswd -p wa -k identity" /etc/audit/rules.d/*.rules || echo -e "-w /etc/group -p wa -k identity\n-w /etc/passwd -p wa -k identity\n-w /etc/gshadow -p wa -k identity\n-w /etc/shadow -p wa -k identity\n-w /etc/security/opasswd -p wa -k identity\n" >> /etc/audit/rules.d/audit.rules
+grep -q "\-w /etc/group -p wa -k identity
+-w /etc/passwd -p wa -k identity
+-w /etc/gshadow -p wa -k identity
+-w /etc/shadow -p wa -k identity
+-w /etc/security/opasswd -p wa -k identity" /etc/audit/rules.d/*.rules || echo -e "\n-w /etc/group -p wa -k identity\n-w /etc/passwd -p wa -k identity\n-w /etc/gshadow -p wa -k identity\n-w /etc/shadow -p wa -k identity\n-w /etc/security/opasswd -p wa -k identity\n" >> /etc/audit/audit.rules
diff --git a/remediation-kits/logging-and-auditing/2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh b/remediation-kits/logging-and-auditing/2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh
index 4de526e8a1bbdc2867326d19deb9fcd0c1510ec9..d10611802d08eab495cdacac5cfe8522af72b97a 100644
--- a/remediation-kits/logging-and-auditing/2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh
+++ b/remediation-kits/logging-and-auditing/2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh
@@ -1,4 +1,4 @@
-grep -Eq "\-w\s/etc/sudoers\s\-p\swa\s\-k\sscope
-\-w\s/etc/sudoers.d/\s\-p\swa\s\-k\sscope" /etc/audit/rules.d/audit.rules || echo -e "-w /etc/sudoers -p wa -k scope\n-w /etc/sudoers.d/ -p wa -k scope" >> /etc/audit/rules.d/audit.rules
-grep -Eq "\-w\s/etc/sudoers\s\-p\swa\s\-k\sscope
-\-w\s/etc/sudoers.d/\s\-p\swa\s\-k\sscope" /etc/audit/audit.rules || echo -e "-w /etc/sudoers -p wa -k scope\n-w /etc/sudoers.d/ -p wa -k scope" >> /etc/audit/audit.rules
\ No newline at end of file
+grep -q "\-w /etc/sudoers -p wa -k scope
+-w /etc/sudoers.d/ -p wa -k scope" /etc/audit/rules.d/audit.rules || echo -e "-w /etc/sudoers -p wa -k scope\n-w /etc/sudoers.d/ -p wa -k scope" >> /etc/audit/rules.d/audit.rules
+grep -q "\-w /etc/sudoers -p wa -k scope
+-w /etc/sudoers.d/ -p wa -k scope" /etc/audit/audit.rules || echo -e "-w /etc/sudoers -p wa -k scope\n-w /etc/sudoers.d/ -p wa -k scope" >> /etc/audit/audit.rules
diff --git a/remediation-kits/system-configurations/4.12-ensure-authentication-required-for-single-user-mode.sh b/remediation-kits/system-configurations/4.12-ensure-authentication-required-for-single-user-mode.sh
index 54d72c2cfe743688bdfcc2da85e334a50be77203..0696642b59104f6f2ee63815761974496e237fc5 100644
--- a/remediation-kits/system-configurations/4.12-ensure-authentication-required-for-single-user-mode.sh
+++ b/remediation-kits/system-configurations/4.12-ensure-authentication-required-for-single-user-mode.sh
@@ -1,2 +1,2 @@
-egrep -q "^\s*ExecStart\=" /usr/lib/systemd/system/rescue.service && sed -ri "s/(^[[:space:]]*ExecStart[[:space:]]*=[[:space:]]*).*$/\1-\/usr\/lib\/systemd\/systemd\-sulogin\-shell rescue/" /usr/lib/systemd/system/rescue.service || echo "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue" >> /usr/lib/systemd/system/rescue.service
-egrep -q "^\s*ExecStart\=" /usr/lib/systemd/system/emergency.service && sed -ri "s/(^[[:space:]]*ExecStart[[:space:]]*=[[:space:]]*).*$/\1-\/usr\/lib\/systemd\/systemd\-sulogin\-shell emergency/" /usr/lib/systemd/system/emergency.service || echo "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency" >> /usr/lib/systemd/system/emergency.service
\ No newline at end of file
+grep -Eq "^\s*ExecStart\=" /usr/lib/systemd/system/rescue.service && sed -ri "s/(^[[:space:]]*ExecStart[[:space:]]*=[[:space:]]*).*$/\1-\/usr\/lib\/systemd\/systemd\-sulogin\-shell rescue/" /usr/lib/systemd/system/rescue.service || echo "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue" >> /usr/lib/systemd/system/rescue.service
+grep -Eq "^\s*ExecStart\=" /usr/lib/systemd/system/emergency.service && sed -ri "s/(^[[:space:]]*ExecStart[[:space:]]*=[[:space:]]*).*$/\1-\/usr\/lib\/systemd\/systemd\-sulogin\-shell emergency/" /usr/lib/systemd/system/emergency.service || echo "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency" >> /usr/lib/systemd/system/emergency.service
diff --git a/remediation-kits/system-configurations/4.13-ensure-core-dumps-are-restricted.sh b/remediation-kits/system-configurations/4.13-ensure-core-dumps-are-restricted.sh
index dfe5e7ebdc5f13e1133c7904a9dc9f54fc571e69..c0c4e6bf2612295dfd13d12a13be60e9f68c4c14 100644
--- a/remediation-kits/system-configurations/4.13-ensure-core-dumps-are-restricted.sh
+++ b/remediation-kits/system-configurations/4.13-ensure-core-dumps-are-restricted.sh
@@ -1,3 +1,3 @@
-egrep -q "^(\s*)\*\s+hard\s+core\s+\S+(\s*#.*)?\s*$" /etc/security/limits.conf && sed -ri "s/^(\s*)\*\s+hard\s+core\s+\S+(\s*#.*)?\s*$/\1* hard core 0\2/" /etc/security/limits.conf || echo "* hard core 0" >> /etc/security/limits.conf
-egrep -q "^(\s*)fs.suid_dumpable\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)fs.suid_dumpable\s*=\s*\S+(\s*#.*)?\s*$/\1fs.suid_dumpable = 0\2/" /etc/sysctl.conf || echo "fs.suid_dumpable = 0" >> /etc/sysctl.conf
-sysctl -w fs.suid_dumpable=0
\ No newline at end of file
+grep -Eq "^(\s*)\*\s+hard\s+core\s+\S+(\s*#.*)?\s*$" /etc/security/limits.conf && sed -ri "s/^(\s*)\*\s+hard\s+core\s+\S+(\s*#.*)?\s*$/\1* hard core 0\2/" /etc/security/limits.conf || echo "* hard core 0" >> /etc/security/limits.conf
+grep -Eq "^(\s*)fs.suid_dumpable\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)fs.suid_dumpable\s*=\s*\S+(\s*#.*)?\s*$/\1fs.suid_dumpable = 0\2/" /etc/sysctl.conf || echo "fs.suid_dumpable = 0" >> /etc/sysctl.conf
+sysctl -w fs.suid_dumpable=0
diff --git a/remediation-kits/system-configurations/4.48-ensure-packet-redirect-sending-is-disabled.sh b/remediation-kits/system-configurations/4.48-ensure-packet-redirect-sending-is-disabled.sh
index daeebbf4bbd39d10402b6aa7171baab36df7b5d4..0f2c20f4a9daaf94c7bf216c36c35381e51ccc2d 100644
--- a/remediation-kits/system-configurations/4.48-ensure-packet-redirect-sending-is-disabled.sh
+++ b/remediation-kits/system-configurations/4.48-ensure-packet-redirect-sending-is-disabled.sh
@@ -1,5 +1,5 @@
-egrep -q "^(\s*)net.ipv4.conf.all.send_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.send_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.send_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv4.conf.default.send_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.send_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.send_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.all.send_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.send_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.send_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.default.send_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.send_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.send_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
 sysctl -w net.ipv4.conf.all.send_redirects=0
 sysctl -w net.ipv4.conf.default.send_redirects=0
-sysctl -w net.ipv4.route.flush=1
\ No newline at end of file
+sysctl -w net.ipv4.route.flush=1
diff --git a/remediation-kits/system-configurations/4.49-ensure-source-routed-packets-are-not-accepted.sh b/remediation-kits/system-configurations/4.49-ensure-source-routed-packets-are-not-accepted.sh
index d6d831c0aac65491f4234ed133a3b5a59496763b..dd1feb184b39255d6494ce1867997dd18e793155 100644
--- a/remediation-kits/system-configurations/4.49-ensure-source-routed-packets-are-not-accepted.sh
+++ b/remediation-kits/system-configurations/4.49-ensure-source-routed-packets-are-not-accepted.sh
@@ -1,10 +1,10 @@
-egrep -q "^(\s*)net.ipv4.conf.all.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.accept_source_route = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv4.conf.default.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.accept_source_route = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv6.conf.all.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.all.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.all.accept_source_route = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv6.conf.default.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.default.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.default.accept_source_route = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.all.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.accept_source_route = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.default.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.accept_source_route = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv6.conf.all.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.all.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.all.accept_source_route = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv6.conf.default.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.default.accept_source_route\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.default.accept_source_route = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
 sysctl -w net.ipv4.conf.all.accept_source_route=0
 sysctl -w net.ipv4.conf.default.accept_source_route=0
 sysctl -w net.ipv6.conf.all.accept_source_route=0
 sysctl -w net.ipv6.conf.default.accept_source_route=0
 sysctl -w net.ipv4.route.flush=1
-sysctl -w net.ipv6.route.flush=1
\ No newline at end of file
+sysctl -w net.ipv6.route.flush=1
diff --git a/remediation-kits/system-configurations/4.50-ensure-icmp-redirects-are-not-accepted.sh b/remediation-kits/system-configurations/4.50-ensure-icmp-redirects-are-not-accepted.sh
index f897493d20fbc48e0058bc4d41118cba09f62eef..025b16960113adc15fd7931ea1f247f0b512b3fc 100644
--- a/remediation-kits/system-configurations/4.50-ensure-icmp-redirects-are-not-accepted.sh
+++ b/remediation-kits/system-configurations/4.50-ensure-icmp-redirects-are-not-accepted.sh
@@ -1,10 +1,10 @@
-egrep -q "^(\s*)net.ipv4.conf.all.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.accept_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv4.conf.default.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.accept_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv6.conf.all.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.all.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.all.accept_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv6.conf.default.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.default.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.default.accept_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.all.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.accept_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.default.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.accept_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv6.conf.all.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.all.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.all.accept_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv6.conf.default.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.default.accept_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.default.accept_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
 sysctl -w net.ipv4.conf.all.accept_redirects=0
 sysctl -w net.ipv4.conf.default.accept_redirects=0
 sysctl -w net.ipv6.conf.all.accept_redirects=0
 sysctl -w net.ipv6.conf.default.accept_redirects=0
 sysctl -w net.ipv4.route.flush=1
-sysctl -w net.ipv6.route.flush=1
\ No newline at end of file
+sysctl -w net.ipv6.route.flush=1
diff --git a/remediation-kits/system-configurations/4.51-ensure-secure-icmp-redirects-are-not-accepted.sh b/remediation-kits/system-configurations/4.51-ensure-secure-icmp-redirects-are-not-accepted.sh
index e2bb07587a20f46f79487ce7d9c7a7ea13259ab7..051910d8311d164045cc9caa9c53defea255beaf 100644
--- a/remediation-kits/system-configurations/4.51-ensure-secure-icmp-redirects-are-not-accepted.sh
+++ b/remediation-kits/system-configurations/4.51-ensure-secure-icmp-redirects-are-not-accepted.sh
@@ -1,5 +1,5 @@
-egrep -q "^(\s*)net.ipv4.conf.all.secure_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.secure_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.secure_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.secure_redirects = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv4.conf.default.secure_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.secure_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.secure_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.secure_redirects = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.all.secure_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.secure_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.secure_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.secure_redirects = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.default.secure_redirects\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.secure_redirects\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.secure_redirects = 0\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.secure_redirects = 0" >> /etc/sysctl.conf
 sysctl -w net.ipv4.conf.all.secure_redirects=0
 sysctl -w net.ipv4.conf.default.secure_redirects=0
-sysctl -w net.ipv4.route.flush=1
\ No newline at end of file
+sysctl -w net.ipv4.route.flush=1
diff --git a/remediation-kits/system-configurations/4.52-ensure-suspicious-packets-are-logged.sh b/remediation-kits/system-configurations/4.52-ensure-suspicious-packets-are-logged.sh
index 18c7c307df0450aa5fc2956b21de58ec146d8494..1dda5ca7da8934268e5b60f339eaacffabea84d7 100644
--- a/remediation-kits/system-configurations/4.52-ensure-suspicious-packets-are-logged.sh
+++ b/remediation-kits/system-configurations/4.52-ensure-suspicious-packets-are-logged.sh
@@ -1,5 +1,5 @@
-egrep -q "^(\s*)net.ipv4.conf.all.log_martians\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.log_martians\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.log_martians = 1\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.log_martians = 1" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv4.conf.default.log_martians\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.log_martians\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.log_martians = 1\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.log_martians = 1" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.all.log_martians\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.log_martians\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.log_martians = 1\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.log_martians = 1" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.default.log_martians\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.log_martians\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.log_martians = 1\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.log_martians = 1" >> /etc/sysctl.conf
 sysctl -w net.ipv4.conf.all.log_martians=1
 sysctl -w net.ipv4.conf.default.log_martians=1
-sysctl -w net.ipv4.route.flush=1
\ No newline at end of file
+sysctl -w net.ipv4.route.flush=1
diff --git a/remediation-kits/system-configurations/4.55-ensure-reverse-path-filtering-is-enabled.sh b/remediation-kits/system-configurations/4.55-ensure-reverse-path-filtering-is-enabled.sh
index 601ec8dd953cd1e8e218aabaafff26a76a67293f..eb376f81d618c3fb2d1d999bbd0cf238b22ca037 100644
--- a/remediation-kits/system-configurations/4.55-ensure-reverse-path-filtering-is-enabled.sh
+++ b/remediation-kits/system-configurations/4.55-ensure-reverse-path-filtering-is-enabled.sh
@@ -1,5 +1,5 @@
-egrep -q "^(\s*)net.ipv4.conf.all.rp_filter\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.rp_filter\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.rp_filter = 1\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv4.conf.default.rp_filter\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.rp_filter\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.rp_filter = 1\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.rp_filter = 1" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.all.rp_filter\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.all.rp_filter\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.all.rp_filter = 1\2/" /etc/sysctl.conf || echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv4.conf.default.rp_filter\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv4.conf.default.rp_filter\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv4.conf.default.rp_filter = 1\2/" /etc/sysctl.conf || echo "net.ipv4.conf.default.rp_filter = 1" >> /etc/sysctl.conf
 sysctl -w net.ipv4.conf.all.rp_filter=1
 sysctl -w net.ipv4.conf.default.rp_filter=1
-sysctl -w net.ipv4.route.flush=1
\ No newline at end of file
+sysctl -w net.ipv4.route.flush=1
diff --git a/remediation-kits/system-configurations/4.57-ensure-ipv6-router-advertisements-are-not-accepted.sh b/remediation-kits/system-configurations/4.57-ensure-ipv6-router-advertisements-are-not-accepted.sh
index bc556be0a4c9f9c32c5ae67d141dd8ae3c28492c..b22df1d97d0fad3a0f5468376c87c0644b06b235 100644
--- a/remediation-kits/system-configurations/4.57-ensure-ipv6-router-advertisements-are-not-accepted.sh
+++ b/remediation-kits/system-configurations/4.57-ensure-ipv6-router-advertisements-are-not-accepted.sh
@@ -1,5 +1,5 @@
-egrep -q "^(\s*)net.ipv6.conf.all.accept_ra\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.all.accept_ra\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.all.accept_ra = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.all.accept_ra = 0" >> /etc/sysctl.conf
-egrep -q "^(\s*)net.ipv6.conf.default.accept_ra\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.default.accept_ra\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.default.accept_ra = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.default.accept_ra = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv6.conf.all.accept_ra\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.all.accept_ra\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.all.accept_ra = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.all.accept_ra = 0" >> /etc/sysctl.conf
+grep -Eq "^(\s*)net.ipv6.conf.default.accept_ra\s*=\s*\S+(\s*#.*)?\s*$" /etc/sysctl.conf && sed -ri "s/^(\s*)net.ipv6.conf.default.accept_ra\s*=\s*\S+(\s*#.*)?\s*$/\1net.ipv6.conf.default.accept_ra = 0\2/" /etc/sysctl.conf || echo "net.ipv6.conf.default.accept_ra = 0" >> /etc/sysctl.conf
 sysctl -w net.ipv6.conf.all.accept_ra=0
 sysctl -w net.ipv6.conf.default.accept_ra=0
-sysctl -w net.ipv6.route.flush=1
\ No newline at end of file
+sysctl -w net.ipv6.route.flush=1
diff --git a/remediation-kits/system-configurations/4.7-ensure-gpgcheck-is-globally-activated.sh b/remediation-kits/system-configurations/4.7-ensure-gpgcheck-is-globally-activated.sh
index 197c8caa7ef2fe74bec9c533816eaea93ed94efa..73c9468e8191ffc015310020baaae6616985485e 100644
--- a/remediation-kits/system-configurations/4.7-ensure-gpgcheck-is-globally-activated.sh
+++ b/remediation-kits/system-configurations/4.7-ensure-gpgcheck-is-globally-activated.sh
@@ -1,4 +1,4 @@
-egrep -q "^(\s*)gpgcheck\s*=\s*\S+(\s*#.*)?\s*$" /etc/yum.conf && sed -ri "s/^(\s*)gpgcheck\s*=\s*\S+(\s*#.*)?\s*$/\1gpgcheck=1\2/" /etc/yum.conf || echo "gpgcheck=1" >> /etc/yum.conf
+grep -Eq "^(\s*)gpgcheck\s*=\s*\S+(\s*#.*)?\s*$" /etc/yum.conf && sed -ri "s/^(\s*)gpgcheck\s*=\s*\S+(\s*#.*)?\s*$/\1gpgcheck=1\2/" /etc/yum.conf || echo "gpgcheck=1" >> /etc/yum.conf
 for file in /etc/yum.repos.d/*; do
-    egrep -q "^(\s*)gpgcheck\s*=\s*\S+(\s*#.*)?\s*$" $file && sed -ri "s/^(\s*)gpgcheck\s*=\s*\S+(\s*#.*)?\s*$/\1gpgcheck=1\2/" $file || echo "gpgcheck=1" >> $file
-done
\ No newline at end of file
+    grep -Eq "^(\s*)gpgcheck\s*=\s*\S+(\s*#.*)?\s*$" $file && sed -ri "s/^(\s*)gpgcheck\s*=\s*\S+(\s*#.*)?\s*$/\1gpgcheck=1\2/" $file || echo "gpgcheck=1" >> $file
+done
diff --git a/remediation-kits/system-configurations/4.9-ensure-filesystem-integrity-is-regularly-checked.sh b/remediation-kits/system-configurations/4.9-ensure-filesystem-integrity-is-regularly-checked.sh
index 3195ab6321ef51197d1eff70a76b146855af95ec..1473e993c61203c218420ea7db20d9bb50ed2f41 100644
--- a/remediation-kits/system-configurations/4.9-ensure-filesystem-integrity-is-regularly-checked.sh
+++ b/remediation-kits/system-configurations/4.9-ensure-filesystem-integrity-is-regularly-checked.sh
@@ -1 +1 @@
-(crontab -u root -l; crontab -u root -l | egrep -q "^0 5 \* \* \* /usr/sbin/aide --check$" || echo "0 5 * * * /usr/sbin/aide --check" ) | crontab -u root -
\ No newline at end of file
+(crontab -u root -l; crontab -u root -l | grep -Eq "^0 5 \* \* \* /usr/sbin/aide --check$" || echo "0 5 * * * /usr/sbin/aide --check" ) | crontab -u root -
diff --git a/scanners/access-and-control/1.11-ensure-permissions-on-ssh-private-host-key-files-are-configured.sh b/scanners/access-and-control/1.11-ensure-permissions-on-ssh-private-host-key-files-are-configured.sh
index 542acaf8e55e87784b0cc0447c8353b0ba519f0e..9737c3a62e218d6fec47560dc9855042f0c1c755 100644
--- a/scanners/access-and-control/1.11-ensure-permissions-on-ssh-private-host-key-files-are-configured.sh
+++ b/scanners/access-and-control/1.11-ensure-permissions-on-ssh-private-host-key-files-are-configured.sh
@@ -1,11 +1,11 @@
 result_root=false
 result_ssh_keys=false
 
-find /etc/ssh -xdev -type f -name 'ssh_host_*_key' -exec stat -c %G-%U-%a {} \; | grep -Eiq "root\-root\-([7][1-7][1-7]|[0-7][1-7][1-7])" || result_root=true
-find /etc/ssh -xdev -type f -name 'ssh_host_*_key' -exec stat -c %G-%U-%a {} \; | grep -Eiq "ssh_keys\-root\-([7][5-7][1-7]|[0-7][5-7][1-7])" || result_ssh_keys=true
+find /etc/ssh -xdev -type f -name 'ssh_host_*_key' -exec stat -c %G-%U-%a {} \; | grep -Piq "root\-root\-([7][1-7][1-7]|[0-7][1-7][1-7])" || result_root=true
+find /etc/ssh -xdev -type f -name 'ssh_host_*_key' -exec stat -c %G-%U-%a {} \; | grep -Piq "ssh_keys\-root\-([7][5-7][1-7]|[0-7][5-7][1-7])" || result_ssh_keys=true
 
 if [[ "$result_root" == true && "$result_ssh_keys" == true ]]; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.12-ensure-permissions-on-ssh-public-host-key-files-are-configured.sh b/scanners/access-and-control/1.12-ensure-permissions-on-ssh-public-host-key-files-are-configured.sh
index 07fb86163dc26471788c6e58f55c68a61eb660fd..4a24cd5de8dc1f08053dcd676cab3dd54777f4f3 100644
--- a/scanners/access-and-control/1.12-ensure-permissions-on-ssh-public-host-key-files-are-configured.sh
+++ b/scanners/access-and-control/1.12-ensure-permissions-on-ssh-public-host-key-files-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-find /etc/ssh -xdev -type f -name 'ssh_host_*_key.pub' -exec stat -c %G-%U-%a {} \; | grep -Ei "root\-root\-([7][5-7][5-7]|[0-7][5-7][5-7])" || result=true
+find /etc/ssh -xdev -type f -name 'ssh_host_*_key.pub' -exec stat -c %G-%U-%a {} \; | grep -Pi "root\-root\-([7][5-7][5-7]|[0-7][5-7][5-7])" || result=true
 
 if [[ "$result" == true ]]; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.2-ensure-permissions-on-etc-crontab-are-configured.sh b/scanners/access-and-control/1.2-ensure-permissions-on-etc-crontab-are-configured.sh
index 8d5a03a54ae39323f41d97a1151b7ece632ccf64..3a30bfc60e2d106b8700728f35e26ab1e0491507 100644
--- a/scanners/access-and-control/1.2-ensure-permissions-on-etc-crontab-are-configured.sh
+++ b/scanners/access-and-control/1.2-ensure-permissions-on-etc-crontab-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/crontab | grep -Eq '^[0-6][0][0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/crontab | grep -Pq '^[0-6][0][0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.3-ensure-permissions-on-etc-cron.hourly-are-configured.sh b/scanners/access-and-control/1.3-ensure-permissions-on-etc-cron.hourly-are-configured.sh
index 161faa8efa102739e7f9e00818dcfe62b01adaf8..8803947bb907e825d85be3155a86af55fd9d2e6d 100644
--- a/scanners/access-and-control/1.3-ensure-permissions-on-etc-cron.hourly-are-configured.sh
+++ b/scanners/access-and-control/1.3-ensure-permissions-on-etc-cron.hourly-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/cron.hourly | grep -Eq '^[0-7][0][0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/cron.hourly | grep -Pq '^[0-7][0][0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh b/scanners/access-and-control/1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh
index 2cba096e67e6ee27fe40b4b6706ae1df7be57024..8daa8e1b7456c064f0f8a998fffa3757be726806 100644
--- a/scanners/access-and-control/1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh
+++ b/scanners/access-and-control/1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh
@@ -1,11 +1,11 @@
 result_login_defs=false
 result_shadow=false
 
-grep -Eiq "^\s*PASS_MIN_DAYS\s+([7-9]|[1-9][0-9]+)\s*(\s+#.*)?$" /etc/login.defs && result_login_defs=true
-grep -Eiq "^\S+:[^\!\*:]*:[^:]*:([0-6]|\-1):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*\s*$" /etc/shadow || result_shadow=true
+grep -Piq "^\s*PASS_MIN_DAYS\s+([7-9]|[1-9][0-9]+)\s*(\s+#.*)?$" /etc/login.defs && result_login_defs=true
+grep -Piq "^\S+:[^\!\*:]*:[^:]*:([0-6]|\-1):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*\s*$" /etc/shadow || result_shadow=true
 
 if [[ $result_login_defs == true && $result_shadow == true ]]; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.33-ensure-password-expiration-warning-days-is-7-or-more.sh b/scanners/access-and-control/1.33-ensure-password-expiration-warning-days-is-7-or-more.sh
index f5c362620ed8c7fa17ab5bbee55c89670675a47f..0581b9d2f8e645b43ddd801942087afc2b71f1bc 100644
--- a/scanners/access-and-control/1.33-ensure-password-expiration-warning-days-is-7-or-more.sh
+++ b/scanners/access-and-control/1.33-ensure-password-expiration-warning-days-is-7-or-more.sh
@@ -1,11 +1,11 @@
 result_login_defs=false
 result_shadow=false
 
-grep -Eiq "^\s*PASS_WARN_AGE\s+([789]|[1-9][0-9]+)\s*(\s+#.*)?$" /etc/login.defs && result_login_defs=true
-grep -Eiq "^\S+:[^\!\*:]*:[^:]*:[^:]*:[^:]*:([0-6]|\-1):[^:]*:[^:]*:[^:]*\s*$" /etc/shadow || result_shadow=true
+grep -Piq "^\s*PASS_WARN_AGE\s+([789]|[1-9][0-9]+)\s*(\s+#.*)?$" /etc/login.defs && result_login_defs=true
+grep -Piq "^\S+:[^\!\*:]*:[^:]*:[^:]*:[^:]*:([0-6]|\-1):[^:]*:[^:]*:[^:]*\s*$" /etc/shadow || result_shadow=true
 
 if [[ $result_login_defs == true && $result_shadow == true ]]; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.4-ensure-permissions-on-etc-cron.daily-are-configured.sh b/scanners/access-and-control/1.4-ensure-permissions-on-etc-cron.daily-are-configured.sh
index 8e6af63b0afcf2f747e1abf7246b2c632ec7eb9f..79b5731850bd635f94d23d6d996fdf089800944c 100644
--- a/scanners/access-and-control/1.4-ensure-permissions-on-etc-cron.daily-are-configured.sh
+++ b/scanners/access-and-control/1.4-ensure-permissions-on-etc-cron.daily-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/cron.daily | grep -Eq '^[0-7][0][0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/cron.daily | grep -Pq '^[0-7][0][0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.5-ensure-permissions-on-etc-cron.weekly-are-configured.sh b/scanners/access-and-control/1.5-ensure-permissions-on-etc-cron.weekly-are-configured.sh
index e4519e59560fce93490784bed3fed3d54ed46598..7719f2f1509927d7150f40a7bef56defe3c1bdb1 100644
--- a/scanners/access-and-control/1.5-ensure-permissions-on-etc-cron.weekly-are-configured.sh
+++ b/scanners/access-and-control/1.5-ensure-permissions-on-etc-cron.weekly-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/cron.weekly | grep -Eq '^[0-7][0][0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/cron.weekly | grep -Pq '^[0-7][0][0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.6-ensure-permissions-on-etc-cron.monthly-are-configured.sh b/scanners/access-and-control/1.6-ensure-permissions-on-etc-cron.monthly-are-configured.sh
index c9aca522dd4df091fe0de3fd36ab14f91354c6c5..9015c1ddd88177b6d9932018377917aa1e3d9009 100644
--- a/scanners/access-and-control/1.6-ensure-permissions-on-etc-cron.monthly-are-configured.sh
+++ b/scanners/access-and-control/1.6-ensure-permissions-on-etc-cron.monthly-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/cron.monthly | grep -Eq '^[0-7][0][0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/cron.monthly | grep -Pq '^[0-7][0][0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.7-ensure-permissions-on-etc-cron.d-are-configured.sh b/scanners/access-and-control/1.7-ensure-permissions-on-etc-cron.d-are-configured.sh
index 45bc4121ce1a55a5aac2ed2535135a6402e0f9c5..e04716e4079b0ebb34e35e501969bff1521832ce 100644
--- a/scanners/access-and-control/1.7-ensure-permissions-on-etc-cron.d-are-configured.sh
+++ b/scanners/access-and-control/1.7-ensure-permissions-on-etc-cron.d-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/cron.d | grep -Eq '^[0-7][0][0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/cron.d | grep -Pq '^[0-7][0][0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.8-ensure-at-cron-is-restricted-to-authorized-users.sh b/scanners/access-and-control/1.8-ensure-at-cron-is-restricted-to-authorized-users.sh
index e273bc8216c48a920698176e0e0c3153d2235ed0..da68eef966a6ced7bf00d585dfe7317e6476ae24 100644
--- a/scanners/access-and-control/1.8-ensure-at-cron-is-restricted-to-authorized-users.sh
+++ b/scanners/access-and-control/1.8-ensure-at-cron-is-restricted-to-authorized-users.sh
@@ -7,15 +7,15 @@ result_at_allow=false
 [ -e /etc/at.deny ] || result_at_deny=true
 
 if [ -e /etc/cron.allow ] ; then
-    stat -c "%a-%U-%G" /etc/cron.allow | grep -Eq '^[0-6][0][0]\-root\-root$' && result_cron_allow=true
+    stat -c "%a-%U-%G" /etc/cron.allow | grep -Pq '^[0-6][0][0]\-root\-root$' && result_cron_allow=true
 fi
 
 if [ -e /etc/at.allow ] ; then
-    stat -c "%a-%U-%G" /etc/at.allow | grep -Eq '^[0-6][0][0]\-root\-root$' && result_at_allow=true
+    stat -c "%a-%U-%G" /etc/at.allow | grep -Pq '^[0-6][0][0]\-root\-root$' && result_at_allow=true
 fi
 
 if [[ "$result_cron_deny" == true && "$result_at_deny" == true && "$result_cron_allow" == true && "$result_at_allow" == true ]] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/access-and-control/1.9-ensure-permissions-on-etc-ssh-sshd_config-are-configured.sh b/scanners/access-and-control/1.9-ensure-permissions-on-etc-ssh-sshd_config-are-configured.sh
index 5ef6214f01549649fa220ca98d7da3db6d342137..951aaf1aad7e13a217c9e96d3e438e87cca023cc 100644
--- a/scanners/access-and-control/1.9-ensure-permissions-on-etc-ssh-sshd_config-are-configured.sh
+++ b/scanners/access-and-control/1.9-ensure-permissions-on-etc-ssh-sshd_config-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/ssh/sshd_config | grep -Eq '^[0-7][0][0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/ssh/sshd_config | grep -Pq '^[0-7][0][0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/logging-and-auditing/2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh b/scanners/logging-and-auditing/2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh
index e2f67484d0e1fb9d3680cdb8ddef85bcd03467f3..30de77b5e6b73d2f6403bdba03eda6d57adc0d49 100644
--- a/scanners/logging-and-auditing/2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh
+++ b/scanners/logging-and-auditing/2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh
@@ -1,17 +1,17 @@
 result=false
 
-grep -Eq "\-w\s/etc/group\s\-p\swa\s\-k\sidentity
-\-w\s/etc/passwd\s\-p\swa\s\-k\sidentity
-\-w\s/etc/gshadow\s\-p\swa\s\-k\sidentity
-\-w\s/etc/shadow\s\-p\swa\s\-k\sidentity
-\-w\s/etc/security/opasswd\s\-p\swa\s\-k\sidentity" /etc/audit/rules.d/audit.rules && grep -Eq "\-w\s/etc/group\s\-p\swa\s\-k\sidentity
-\-w\s/etc/passwd\s\-p\swa\s\-k\sidentity
-\-w\s/etc/gshadow\s\-p\swa\s\-k\sidentity
-\-w\s/etc/shadow\s\-p\swa\s\-k\sidentity
-\-w\s/etc/security/opasswd\s\-p\swa\s\-k\sidentity" /etc/audit/audit.rules && result=true
+grep -q "\-w /etc/group -p wa -k identity
+-w /etc/passwd -p wa -k identity
+-w /etc/gshadow -p wa -k identity
+-w /etc/shadow -p wa -k identity
+-w /etc/security/opasswd -p wa -k identity" /etc/audit/rules.d/*.rules && grep -q "\-w /etc/group -p wa -k identity
+-w /etc/passwd -p wa -k identity
+-w /etc/gshadow -p wa -k identity
+-w /etc/shadow -p wa -k identity
+-w /etc/security/opasswd -p wa -k identity" /etc/audit/rules.d/*.rules && result=true
 
 if [ "$result" = true ]; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/logging-and-auditing/2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh b/scanners/logging-and-auditing/2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh
index c3707241454b7f69e00f85f8a23c910a21ef667e..ec29b97a574dcfeb708e23977ab8f873ecf7ef90 100644
--- a/scanners/logging-and-auditing/2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh
+++ b/scanners/logging-and-auditing/2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh
@@ -1,11 +1,11 @@
 result=false
 
-grep -Eq "\-w\s/etc/sudoers\s\-p\swa\s\-k\sscope
-\-w\s/etc/sudoers.d/\s\-p\swa\s\-k\sscope" /etc/audit/rules.d/audit.rules && grep -Eq "\-w\s/etc/sudoers\s\-p\swa\s\-k\sscope
-\-w\s/etc/sudoers.d/\s\-p\swa\s\-k\sscope" /etc/audit/audit.rules && result=true
+grep -q "\-w /etc/sudoers -p wa -k scope
+-w /etc/sudoers.d/ -p wa -k scope" /etc/audit/rules.d/audit.rules && grep -q "\-w /etc/sudoers -p wa -k scope
+-w /etc/sudoers.d/ -p wa -k scope" /etc/audit/audit.rules && result=true
 
 if [ "$result" = true ]; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.17-ensure-permissions-on-etc-passwd-are-configured.sh b/scanners/system-configurations/4.17-ensure-permissions-on-etc-passwd-are-configured.sh
index a7acb214324b542f8f67f797aaf0aeff5e4cfcd2..ebf9c80b94a8d6670c7482f623eada7edb1b11a6 100644
--- a/scanners/system-configurations/4.17-ensure-permissions-on-etc-passwd-are-configured.sh
+++ b/scanners/system-configurations/4.17-ensure-permissions-on-etc-passwd-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/passwd | grep -Eq '^[0-6][0-4][0-4]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/passwd | grep -Pq '^[0-6][0-4][0-4]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.18-ensure-permissions-on-etc-shadow-are-configured.sh b/scanners/system-configurations/4.18-ensure-permissions-on-etc-shadow-are-configured.sh
index dcaa5b1deb90d4ef9dd9fdb37df35a5b615bd302..051fee189bc251c0a2741a13fc4607ea5fc52596 100644
--- a/scanners/system-configurations/4.18-ensure-permissions-on-etc-shadow-are-configured.sh
+++ b/scanners/system-configurations/4.18-ensure-permissions-on-etc-shadow-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/shadow | grep -Eq '^[0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/shadow | grep -Pq '^[0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.19-ensure-permissions-on-etc-group-are-configured.sh b/scanners/system-configurations/4.19-ensure-permissions-on-etc-group-are-configured.sh
index a6493d0779645a4b9293d95399d70951c72ebf8d..f8268795f6d5f6fca8ba3eb010e01f7fa21dd7c0 100644
--- a/scanners/system-configurations/4.19-ensure-permissions-on-etc-group-are-configured.sh
+++ b/scanners/system-configurations/4.19-ensure-permissions-on-etc-group-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/group | grep -Eq '^[0-6][0-4][0-4]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/group | grep -Pq '^[0-6][0-4][0-4]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.20-ensure-permissions-on-etc-gshadow-are-configured.sh b/scanners/system-configurations/4.20-ensure-permissions-on-etc-gshadow-are-configured.sh
index 9186800f7ec51777ad283b45f8fe225ecbc3ed48..05dcadb6c7a1f37bbd84a4ecb2067f9c5579f2d6 100644
--- a/scanners/system-configurations/4.20-ensure-permissions-on-etc-gshadow-are-configured.sh
+++ b/scanners/system-configurations/4.20-ensure-permissions-on-etc-gshadow-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/gshadow | grep -Eq '^[0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/gshadow | grep -Pq '^[0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.21-ensure-permissions-on-etc-passwd--are-configured.sh b/scanners/system-configurations/4.21-ensure-permissions-on-etc-passwd--are-configured.sh
index b32766c6811e3382590c2f993c7ef8ce0d27f9f0..8a3349897c4dd5bd42350315bc99d2d1f63f4a1c 100644
--- a/scanners/system-configurations/4.21-ensure-permissions-on-etc-passwd--are-configured.sh
+++ b/scanners/system-configurations/4.21-ensure-permissions-on-etc-passwd--are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/passwd- | grep -Eq '^[0-6][0-4][0-4]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/passwd- | grep -Pq '^[0-6][0-4][0-4]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.22-ensure-permissions-on-etc-shadow--are-configured.sh b/scanners/system-configurations/4.22-ensure-permissions-on-etc-shadow--are-configured.sh
index 1c956f7299292985bb2c9c5a666e1ad3b685c232..b6ffb576826c2df55ccc94815d38e6a583c7616e 100644
--- a/scanners/system-configurations/4.22-ensure-permissions-on-etc-shadow--are-configured.sh
+++ b/scanners/system-configurations/4.22-ensure-permissions-on-etc-shadow--are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/shadow- | grep -Eq '^[0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/shadow- | grep -Pq '^[0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.23-ensure-permissions-on-etc-group--are-configured.sh b/scanners/system-configurations/4.23-ensure-permissions-on-etc-group--are-configured.sh
index b70dbecf396a57397363bc554d9e61ff951b1629..283c77154bf502872bfb94a4b809390e05b3f8de 100644
--- a/scanners/system-configurations/4.23-ensure-permissions-on-etc-group--are-configured.sh
+++ b/scanners/system-configurations/4.23-ensure-permissions-on-etc-group--are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/group- | grep -Eq '^[0-6][0-4][0-4]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/group- | grep -Pq '^[0-6][0-4][0-4]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.24-ensure-permissions-on-etc-gshadow--are-configured.sh b/scanners/system-configurations/4.24-ensure-permissions-on-etc-gshadow--are-configured.sh
index 781ba5969b4300169ccc01b750e21e74ff3bc15c..eced746311a636d5aed708e7fc6c707d532267f8 100644
--- a/scanners/system-configurations/4.24-ensure-permissions-on-etc-gshadow--are-configured.sh
+++ b/scanners/system-configurations/4.24-ensure-permissions-on-etc-gshadow--are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/gshadow- | grep -Eq '^[0]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/gshadow- | grep -Pq '^[0]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.4-ensure-permissions-on-etc-motd-are-configured.sh b/scanners/system-configurations/4.4-ensure-permissions-on-etc-motd-are-configured.sh
index 47ed74336c4cbee0ce538eec6c98da01670a8025..dd58a16dd1e6c79731f581e33c4f08a424ac0b75 100644
--- a/scanners/system-configurations/4.4-ensure-permissions-on-etc-motd-are-configured.sh
+++ b/scanners/system-configurations/4.4-ensure-permissions-on-etc-motd-are-configured.sh
@@ -3,13 +3,13 @@ result=false
 if [[ ! -f /etc/motd ]] ; then
     result=true
 elif [[ ! -h /etc/motd ]] ; then
-    stat -c "%a-%U-%G" /etc/motd | grep -Eq '^[0-6][0-4][0-4]\-root\-root$' && result=true
+    stat -c "%a-%U-%G" /etc/motd | grep -Pq '^[0-6][0-4][0-4]\-root\-root$' && result=true
 elif [[ -h /etc/motd ]] && [[ -f /var/lib/update-motd/motd ]] ; then
-    stat -c "%a-%U-%G" /var/lib/update-motd/motd | grep -Eq '^[0-6][0-4][0-4]\-root\-root$' && stat -c "%U-%G" /etc/motd | grep -Eq '^root\-root$' && result=true
+    stat -c "%a-%U-%G" /var/lib/update-motd/motd | grep -Pq '^[0-6][0-4][0-4]\-root\-root$' && stat -c "%U-%G" /etc/motd | grep -Pq '^root\-root$' && result=true
 fi
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.5-ensure-permissions-on-etc-issue-are-configured.sh b/scanners/system-configurations/4.5-ensure-permissions-on-etc-issue-are-configured.sh
index c55bd2d3f397c80e2548dccc4d85662ca79720d9..95edca7aa3671c5c51e8f470bcb092ff1306cb46 100644
--- a/scanners/system-configurations/4.5-ensure-permissions-on-etc-issue-are-configured.sh
+++ b/scanners/system-configurations/4.5-ensure-permissions-on-etc-issue-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/issue | grep -Eq '^[0-6][0-4][0-4]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/issue | grep -Pq '^[0-6][0-4][0-4]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/scanners/system-configurations/4.6-ensure-permissions-on-etc-issue.net-are-configured.sh b/scanners/system-configurations/4.6-ensure-permissions-on-etc-issue.net-are-configured.sh
index 9e7c5ff961dfec043d5dc27fed9c9739663bc978..ee5dfd4812c94bc2a7e6b4683a665a4254a66b0c 100644
--- a/scanners/system-configurations/4.6-ensure-permissions-on-etc-issue.net-are-configured.sh
+++ b/scanners/system-configurations/4.6-ensure-permissions-on-etc-issue.net-are-configured.sh
@@ -1,9 +1,9 @@
 result=false
 
-stat -c "%a-%U-%G" /etc/issue.net | grep -Eq '^[0-6][0-4][0-4]\-root\-root$' && result=true
+stat -c "%a-%U-%G" /etc/issue.net | grep -Pq '^[0-6][0-4][0-4]\-root\-root$' && result=true
 
 if [ "$result" = true ] ; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
diff --git a/tools/remediation-kits/run_Anolis_remediation_kit.sh b/tools/remediation-kits/run_Anolis_remediation_kit.sh
index a3048e4c86623c0627eef30e755739777d80d0cb..22cd485dc87c5b570a19b9963d0633f234bd66a1 100755
--- a/tools/remediation-kits/run_Anolis_remediation_kit.sh
+++ b/tools/remediation-kits/run_Anolis_remediation_kit.sh
@@ -39,7 +39,7 @@ function executeScripts()
         if [[ ! -z "$Dir" ]] ; then
             cd $Dir # 切换至修复脚本所在目录
             number=$line
-            filename=`ls | grep "^$number\-.*.sh$"` # 根据编号查询修复脚本完整文件名
+            filename=`ls | grep -P "^$number\-.*.sh$"` # 根据编号查询修复脚本完整文件名
             if [[ -a $filename ]] ; then
                 echo "---Executing the script: $filename---"
                 sh $filename
@@ -82,4 +82,4 @@ elif [[ $# -eq 2 && $1 == "-c" ]] ; then # -c参数 指定自定义config
     fi
 else
     helpinfo
-fi
\ No newline at end of file
+fi
diff --git a/tools/scanners/run_Anolis_scanners.sh b/tools/scanners/run_Anolis_scanners.sh
index 91749504d198fea2f28cf14feb09ccffcf9f0e73..893167523d671d7e768a80b883519bee47857308 100755
--- a/tools/scanners/run_Anolis_scanners.sh
+++ b/tools/scanners/run_Anolis_scanners.sh
@@ -55,7 +55,7 @@ function executeScripts()
         assignPath
         if [[ ! -z "$Dir" ]] ; then
             cd $Dir
-            filename=`ls | grep "^$line\-.*.sh$"` # 获取扫描脚本完整名称
+            filename=`ls | grep -P "^$line\-.*.sh$"` # 获取扫描脚本完整名称
             if [[ -a $filename ]] ; then
                 res1=`sh $filename | grep -P "^(pass|fail)$"` # 获取扫描脚本执行结果（pass or fail）
                 ((total++)) # 总检查量
@@ -134,4 +134,4 @@ current_path="$(cd $(dirname $0);pwd)" # 获取绝对路径
 
 
 option $@
-[ ! -z $config ] && main
\ No newline at end of file
+[ ! -z $config ] && main