diff --git a/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh b/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
index 164a64f2f27d19859a5cfca29b11af29f4c6beaa..7b13bd63829e4e42e0482beaf73c7ba2334ee788 100644
--- a/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
+++ b/remediation-kits/access-and-control/1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh
@@ -1 +1 @@
-echo "readonly TMOUT=900 ; export TMOUT" >> /etc/profile
\ No newline at end of file
+grep -Psq "^readonly TMOUT=900 ; export TMOUT" /etc/profile || echo "readonly TMOUT=900 ; export TMOUT" >> /etc/profile
diff --git a/remediation-kits/access-and-control/1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh b/remediation-kits/access-and-control/1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh
index 96d649bae77cf3d68ca62069cb7c7daf49d75a3a..91786ab40ae28002988faa0468f16760cec06cc4 100644
--- a/remediation-kits/access-and-control/1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh
+++ b/remediation-kits/access-and-control/1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh
@@ -3,5 +3,5 @@ grep -Eq "(\s*)umask\s+\S+(\s*#.*)?\s*$" /etc/bashrc && sed -ri "s/(\s*)umask\s+
 grep -Eq "^(\s*)umask\s+\S+(\s*#.*)?\s*$" /etc/profile && sed -ri "s/^(\s*)umask\s+\S+(\s*#.*)?\s*$/\1umask 027\2/" /etc/profile || echo "umask 027" >> /etc/profile
 grep -Eq "^(\s*)UMASK\s+\S+(\s*#.*)?\s*$" /etc/login.defs && sed -ri "s/^(\s*)UMASK\s+\S+(\s*#.*)?\s*$/\1UMASK 027\2/" /etc/login.defs || echo "UMASK 027" >> /etc/login.defs
 grep -q "USERGROUPS_ENAB" /etc/login.defs && sed -ri "s/^(\s*)USERGROUPS_ENAB\s+\S+(\s*#.*)?\s*$/\1USERGROUPS_ENAB no\2/" /etc/login.defs  ||  echo "USERGROUPS_ENAB no" >> /etc/login.defs
-echo "session     optional                                     pam_umask.so"   >>  /etc/pam.d/password-auth
-echo "session     optional                                     pam_umask.so"   >>  /etc/pam.d/system-auth
+grep -Psq "^session     optional                                     pam_umask.so" /etc/pam.d/password-auth || echo "session     optional                                     pam_umask.so"   >>  /etc/pam.d/password-auth
+grep -Psq "^session     optional                                     pam_umask.so" /etc/pam.d/system-auth || echo "session     optional                                     pam_umask.so"   >>  /etc/pam.d/system-auth
diff --git a/remediation-kits/access-and-control/1.51-ensure-mounting-of-udf-filesystems-is-disabled.sh b/remediation-kits/access-and-control/1.51-ensure-mounting-of-udf-filesystems-is-disabled.sh
index 2211012279f80c5a0dd3911cc5618a1d3e493c12..d51c68dc79c3c5fffcfba0a687c3d977d0b4db8e 100644
--- a/remediation-kits/access-and-control/1.51-ensure-mounting-of-udf-filesystems-is-disabled.sh
+++ b/remediation-kits/access-and-control/1.51-ensure-mounting-of-udf-filesystems-is-disabled.sh
@@ -1,3 +1,3 @@
-echo "install udf /bin/false" >> /etc/modprobe.d/udf.conf
-echo "blacklist udf" >> /etc/modprobe.d/udf.conf
+grep -Psq "^install udf /bin/false" /etc/modprobe.d/udf.conf || echo "install udf /bin/false" >> /etc/modprobe.d/udf.conf
+grep -Psq "^blacklist udf" /etc/modprobe.d/udf.conf || echo "blacklist udf" >> /etc/modprobe.d/udf.conf
 modprobe -r udf
diff --git a/remediation-kits/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh b/remediation-kits/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh
index 9b74e2ec34c5cbc48d4591537791fbf4aaa56da9..289975990119ae1872b712850017150bfe184e73 100644
--- a/remediation-kits/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh
+++ b/remediation-kits/access-and-control/1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh
@@ -1,3 +1,3 @@
-echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
-echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
+grep -Psq "^install cramfs /bin/false" /etc/modprobe.d/cramfs.conf || echo "install cramfs /bin/false" >> /etc/modprobe.d/cramfs.conf
+grep -Psq "^blacklist cramfs" /etc/modprobe.d/cramfs.conf || echo "blacklist cramfs" >> /etc/modprobe.d/cramfs.conf
 modprobe -r cramfs
diff --git a/remediation-kits/logging-and-auditing/2.11-ensure-cryptographic-mechanisms-are-used-to-protect-the-integrity-of-audit-tools.sh b/remediation-kits/logging-and-auditing/2.11-ensure-cryptographic-mechanisms-are-used-to-protect-the-integrity-of-audit-tools.sh
index 05d1e8b8f6ae5a5bfef255392961f1c5115a05e2..9c431f5c8835d9fffdb9d0225f36c94ca97751af 100644
--- a/remediation-kits/logging-and-auditing/2.11-ensure-cryptographic-mechanisms-are-used-to-protect-the-integrity-of-audit-tools.sh
+++ b/remediation-kits/logging-and-auditing/2.11-ensure-cryptographic-mechanisms-are-used-to-protect-the-integrity-of-audit-tools.sh
@@ -1,7 +1,7 @@
 mkdir -p /etc/aide
-echo "/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
-echo "/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512"  >> /etc/aide/aide.conf
-echo "/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
-echo "/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
-echo "/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
-echo "/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
\ No newline at end of file
+grep -Psq "^\/sbin\/auditctl p\+i\+n\+u\+g\+s\+b\+acl\+xattrs\+sha512" /etc/aide/aide.conf || echo "/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
+grep -Psq "^\/sbin\/auditd p\+i\+n\+u\+g\+s\+b\+acl\+xattrs\+sha512" /etc/aide/aide.conf || echo "/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512"  >> /etc/aide/aide.conf
+grep -Psq "^\/sbin\/ausearch p\+i\+n\+u\+g\+s\+b\+acl\+xattrs\+sha512" /etc/aide/aide.conf || echo "/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
+grep -Psq "^\/sbin\/aureport p\+i\+n\+u\+g\+s\+b\+acl\+xattrs\+sha512" /etc/aide/aide.conf || echo "/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
+grep -Psq "^\/sbin\/autrace p\+i\+n\+u\+g\+s\+b\+acl\+xattrs\+sha512" /etc/aide/aide.conf || echo "/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
+grep -Psq "^\/sbin\/augenrules p\+i\+n\+u\+g\+s\+b\+acl\+xattrs\+sha512" /etc/aide/aide.conf || echo "/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512" >> /etc/aide/aide.conf
diff --git a/remediation-kits/logging-and-auditing/2.14-ensure-rsyslog-default-file-permissions-configured.sh b/remediation-kits/logging-and-auditing/2.14-ensure-rsyslog-default-file-permissions-configured.sh
index e497be8c39aab00c1fb5f088016da8382cf9af7b..69e213ec0d229f07b2ecec6a1a3ca24a0e27da34 100644
--- a/remediation-kits/logging-and-auditing/2.14-ensure-rsyslog-default-file-permissions-configured.sh
+++ b/remediation-kits/logging-and-auditing/2.14-ensure-rsyslog-default-file-permissions-configured.sh
@@ -1,2 +1,2 @@
-echo "\$FileCreateMode 0640" >> /etc/rsyslog.conf
-echo "\$FileCreateMode 0640" >> /etc/rsyslog.d/listen.conf
\ No newline at end of file
+grep -Psq "^\\\$FileCreateMode 0640" /etc/rsyslog.conf || echo "\$FileCreateMode 0640" >> /etc/rsyslog.conf
+grep -Psq "^\\\$FileCreateMode 0640" /etc/rsyslog.d/listen.conf || echo "\$FileCreateMode 0640" >> /etc/rsyslog.d/listen.conf
diff --git a/remediation-kits/logging-and-auditing/2.16-ensure-journald-is-configured-to-send-logs-to-rsyslog.sh b/remediation-kits/logging-and-auditing/2.16-ensure-journald-is-configured-to-send-logs-to-rsyslog.sh
index 3b9dd568ba138ca20a9d9fc3a50b9a2dd9d65a9e..3344bca555467548c99908de52f71f82eeda1c03 100644
--- a/remediation-kits/logging-and-auditing/2.16-ensure-journald-is-configured-to-send-logs-to-rsyslog.sh
+++ b/remediation-kits/logging-and-auditing/2.16-ensure-journald-is-configured-to-send-logs-to-rsyslog.sh
@@ -1 +1 @@
-echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
\ No newline at end of file
+grep -Psq "^ForwardToSyslog=yes" /etc/systemd/journald.conf ||echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
diff --git a/remediation-kits/logging-and-auditing/2.17-ensure-journald-is-configured-to-compress-large-log-files.sh b/remediation-kits/logging-and-auditing/2.17-ensure-journald-is-configured-to-compress-large-log-files.sh
index f365dfe4b524093fa3ab408d84b4b4884df0677e..8ce6ef66673e8aa9107dd01a15076eacc6391387 100644
--- a/remediation-kits/logging-and-auditing/2.17-ensure-journald-is-configured-to-compress-large-log-files.sh
+++ b/remediation-kits/logging-and-auditing/2.17-ensure-journald-is-configured-to-compress-large-log-files.sh
@@ -1 +1 @@
-echo "Compress=yes" >> /etc/systemd/journald.conf
\ No newline at end of file
+grep -Psq "^Compress=yes" /etc/systemd/journald.conf ||echo "Compress=yes" >> /etc/systemd/journald.conf
diff --git a/remediation-kits/logging-and-auditing/2.18-ensure-journald-is-configured-to-write-logfiles-to-persistent-disk.sh b/remediation-kits/logging-and-auditing/2.18-ensure-journald-is-configured-to-write-logfiles-to-persistent-disk.sh
index ed01b7b148e5d366fd3a8b5e81d80c8b0b75a555..a11656cc00793925e0c0cbcbef6fd116cf69b3b5 100644
--- a/remediation-kits/logging-and-auditing/2.18-ensure-journald-is-configured-to-write-logfiles-to-persistent-disk.sh
+++ b/remediation-kits/logging-and-auditing/2.18-ensure-journald-is-configured-to-write-logfiles-to-persistent-disk.sh
@@ -1 +1 @@
-echo "Storage=persistent" >> /etc/systemd/journald.conf
\ No newline at end of file
+grep -Psq "^Storage=persistent" /etc/systemd/journald.conf || echo "Storage=persistent" >> /etc/systemd/journald.conf