diff --git a/section_6/cis_6.3.3.x/cis_6.3.3.13.yml b/section_6/cis_6.3.3.x/cis_6.3.3.13.yml
index c00ce97..f0cf54a 100644
--- a/section_6/cis_6.3.3.x/cis_6.3.3.13.yml
+++ b/section_6/cis_6.3.3.x/cis_6.3.3.13.yml
@@ -8,8 +8,8 @@ command:
     exec: grep delete /etc/audit/rules.d/*.rules
     exit-status: 0
     stdout:
-    - '/[^#]-a always,exit -F arch=b32 -S rename,unlink,unlinkat,renameat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k delete/'
-    - '/[^#]-a always,exit -F arch=b32 -S rename,unlink,unlinkat,renameat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k delete/'
+    - '/[^#]-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k delete/'
+    - '/[^#]-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k delete/'
     meta:
       server: 2
       workstation: 2
diff --git a/section_6/cis_6.3.3.x/cis_6.3.3.17.yml b/section_6/cis_6.3.3.x/cis_6.3.3.17.yml
index ac3318e..8ae07d0 100644
--- a/section_6/cis_6.3.3.x/cis_6.3.3.17.yml
+++ b/section_6/cis_6.3.3.x/cis_6.3.3.17.yml
@@ -27,7 +27,7 @@ command:
     exec: auditctl -l | grep chacl
     exit-status: 0
     stdout:
-    - '-a always,exit -S all -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -F key=perm_chng'
+    - '-a always,exit -S all -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_chng'
     meta:
       server: 2
       workstation: 2
diff --git a/section_6/cis_6.3.3.x/cis_6.3.3.9.yml b/section_6/cis_6.3.3.x/cis_6.3.3.9.yml
index 24cc867..c64f7a5 100644
--- a/section_6/cis_6.3.3.x/cis_6.3.3.9.yml
+++ b/section_6/cis_6.3.3.x/cis_6.3.3.9.yml
@@ -11,7 +11,7 @@ command:
     - '/[^#]-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
     - '/[^#]-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
     - '/[^#]-a always,exit -F arch=b64 -S chown,fchown,lchown,fchownat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
-    - '/[^#]-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
+    - '/[^#]-a always,exit -F arch=b32 -S chown,fchown,lchown,fchownat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
     - '/[^#]-a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
     - '/[^#]-a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
     meta: