diff --git a/handlers/main.yml b/handlers/main.yml
index 93eb289e48c7acf237c06e96e062e1b2da42ce78..e40514e430c4a26e6c60be5fc090516b16996401 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -8,7 +8,7 @@
         state: directory
         owner: "root"
         group: "root"
-        mode: 0755
+        mode: "0o755"
       listen: "save iptables rules"
     - name: install netfilter-persistent to be able to save iptables rules
       ansible.builtin.apt:
@@ -32,7 +32,7 @@
         state: touch
         owner: "root"
         group: "root"
-        mode: 0600
+        mode: "0o600"
       listen: "save iptables rules"
     - name: save rules
       ansible.builtin.command: /usr/sbin/iptables-save        # noqa command-instead-of-module
diff --git a/molecule/virtualbox/molecule.yml b/molecule/virtualbox/molecule.yml
index ee9b3f7b5e194d81bd195f2290bcdb9d7d36a9ac..e939c35c63209e81c05ac409f18e764e76b4c09c 100644
--- a/molecule/virtualbox/molecule.yml
+++ b/molecule/virtualbox/molecule.yml
@@ -28,8 +28,8 @@ provisioner:
   config_options:
     defaults:
       # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
-      #vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
-      #vault_identity_list: "${MOLECULE_PROJECT_DIRECTORY}/../../lza_server_hardening.pass"
+      # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
+      # vault_identity_list: "${MOLECULE_PROJECT_DIRECTORY}/../../lza_server_hardening.pass"
       vault_identity_list: "../lza_server_hardening.pass, ../../../lza_server_hardening.pass"
   vvv: false
   playbooks:
diff --git a/tasks/configure_fail2ban.yml b/tasks/configure_fail2ban.yml
index 8836af2218c3e8d554448c152db1529f499cbca1..58374cc724b649acf0b0dc7c3aaf84ac9c7d1783 100644
--- a/tasks/configure_fail2ban.yml
+++ b/tasks/configure_fail2ban.yml
@@ -14,7 +14,7 @@
     create: true
     owner: "root"
     group: "root"
-    mode: 0644
+    mode: "0o644"
     state: present
     marker: "### {mark} ANSIBLE MANAGED BLOCK - SSHD RULES"
     block: |
diff --git a/tasks/install_clamav.yml b/tasks/install_clamav.yml
index 70e6f96855e8655f62d847e9f1a63c7af0624cf9..8f96d41804fdad468effed4ae022619b073d8a00 100644
--- a/tasks/install_clamav.yml
+++ b/tasks/install_clamav.yml
@@ -29,10 +29,10 @@
       'clamav',
       'clamav-scanner-systemd',
       'clamav-server-systemd',
-      #'clamav-data',           # pulled in by dependency
-      #'clamav-update',         # pulled in by dependency
-      #'clamav-filesystem',     # pulled in by dependency
-      #'clamav-lib',            # pulled in by dependency
+      'clamav-update',
+      # 'clamav-data',           # pulled in by dependency
+      # 'clamav-filesystem',     # pulled in by dependency
+      # 'clamav-lib',            # pulled in by dependency
       "clamd",
     ]
     state: present
diff --git a/tasks/install_rkhunter.yml b/tasks/install_rkhunter.yml
index 0145f39295c0bcbd4ce860359bd2d770cb5097b0..df750b0d6dfa253026dbedd723ef1d3666f722ad 100644
--- a/tasks/install_rkhunter.yml
+++ b/tasks/install_rkhunter.yml
@@ -50,7 +50,7 @@
     state: "directory"
     owner: "root"
     group: "root"
-    mode: 0755
+    mode: "0o755"
 
 - name: configure /etc/rkhunter.d/rkhunter.local.conf
   ansible.builtin.blockinfile: