diff --git a/.ansible-lint b/.ansible-lint
index f18a6472898d714ef85310cdbe01e39500977528..491cf7284b00ab41618ecc8b7cedeb4a2eed9ff9 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -37,6 +37,8 @@ use_default_rules: true
 skip_list:
   - skip_this_tag
   - git-latest
+  - name[casing]
+  - package-latest
 
 # Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
 # mentioned in the enable_list:
diff --git a/handlers/main.yml b/handlers/main.yml
index b6446b435ae503b09aff9a395dbbb13368135b5a..90600c203ab02d2df7e22c17ad28c174719a82f5 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,5 +1,6 @@
 ---
 - name: save iptables rules (Debian)
+  when: ansible_os_family == "Debian"
   block:
     - name: Ordner für iptables-Config erstellen
       ansible.builtin.file:
@@ -21,9 +22,9 @@
       ansible.builtin.command: 'netfilter-persistent save'
       listen: "save iptables rules"
       changed_when: false
-  when: ansible_os_family == "Debian"
 
 - name: save iptables rules (RedHat)
+  when: ansible_os_family == "RedHat"
   block:
     - name: make sure iptables config file exists
       ansible.builtin.file:
@@ -34,10 +35,9 @@
         mode: 0600
       listen: "save iptables rules"
     - name: save rules
-      ansible.builtin.command: /usr/sbin/iptables-save        # noqa 303
+      ansible.builtin.command: /usr/sbin/iptables-save        # noqa command-instead-of-module
       listen: "save iptables rules"
       changed_when: false
-  when: ansible_os_family == "RedHat"
 
 - name: activate kernel parameter changes
   ansible.builtin.command: sysctl -p
diff --git a/tasks/configure_umask.yml b/tasks/configure_umask.yml
index 66f7b1cfa94d3bc2683476f77dc704edfeb5a7d9..3054088b4911d5c0c97c4dfb11763ce4bff39aac 100644
--- a/tasks/configure_umask.yml
+++ b/tasks/configure_umask.yml
@@ -13,6 +13,8 @@
       umask 026
 
 - name: libpam-umask installieren (Debian)
+  when: ansible_os_family == "Debian"
+  tags: [apt]
   block:
     - name: Paket installieren
       ansible.builtin.apt:
@@ -33,8 +35,6 @@
           # Das Paket libpam-umask passt die Standard-Umask eines Benutzers mit
           # Hilfe von PAM an.
           session    optional     pam_umask.so umask=026
-  when: ansible_os_family == "Debian"
-  tags: [apt]
 
 - name: set default login umask
   ansible.builtin.lineinfile:
diff --git a/tasks/install_rkhunter.yml b/tasks/install_rkhunter.yml
index 4a2dd994226437852ee2c2ef07526cd7cb8a0ec8..0145f39295c0bcbd4ce860359bd2d770cb5097b0 100644
--- a/tasks/install_rkhunter.yml
+++ b/tasks/install_rkhunter.yml
@@ -118,7 +118,7 @@
   register: rkhunter_units
 
 - name: check if rkhunter Systemd units are already disabled
-  ansible.builtin.command: "systemctl is-enabled rkhunter.{{ item.path | basename }}"
+  ansible.builtin.command: "systemctl is-enabled rkhunter.{{ item.path | basename }}"    # noqa command-instead-of-module
   loop: "{{ rkhunter_units.files }}"
   register: rkhunter_disabled
   changed_when: false