diff --git a/CHANGELOG.md b/CHANGELOG.md
index e8168eb7..e71cc526 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,10 +4,10 @@ All notable changes to this project will be documented in this file.
 
 ## Release 0.9.1
 
+* Fix for issue #66
+* Fix for issue #70
 * Updated Github action
-
 * PR #71: Replace legacy facts with modern facts
-
 * PR #72: Allow for disabling of the sticky world writable and auditd cron jobs. If you have bigger systems where cronjobs collecting file information like for world writable files or auditd privileged commands might be too time consuming you can disable the cronjobs completely. The default value for both jobs in `present`.
 
   > Please note that not running the auditd privileged commands cronjob might result in not monitoring newly installed prvileged commands.
diff --git a/manifests/rules/auditd_kernel_modules.pp b/manifests/rules/auditd_kernel_modules.pp
index e0fff93c..adb96931 100644
--- a/manifests/rules/auditd_kernel_modules.pp
+++ b/manifests/rules/auditd_kernel_modules.pp
@@ -43,6 +43,8 @@
     }
     if $facts['os']['name'].downcase() == 'redhat' and $facts['os']['release']['major'] == '7' {
       $rule1 = "-a always,exit -S all -F path=/usr/bin/kmod -p x -F auid>=${uid} -F auid!=${auid} -k module-change"
+    } elsif $facts['os']['name'].downcase() == 'redhat' and $facts['os']['release']['major'] >= '8' {
+      $rule1 = "-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=${uid} -F auid!=${auid} -F key=kernel_modules"
     } elsif $facts['os']['name'].downcase() == 'debian' and $facts['os']['release']['major'] > '10' {
       $rule1 = "-a always,exit -S all -F path=/usr/bin/kmod -F perm=x -F auid>=${uid} -F auid!=${auid} -k kernel_modules"
     } else {
diff --git a/manifests/rules/auditd_user_emulation.pp b/manifests/rules/auditd_user_emulation.pp
index 2ac2efbc..312863ae 100644
--- a/manifests/rules/auditd_user_emulation.pp
+++ b/manifests/rules/auditd_user_emulation.pp
@@ -24,14 +24,14 @@
     concat::fragment { 'watch user emulation rule 1':
       order   => '196',
       target  => $cis_security_hardening::rules::auditd_init::rules_file,
-      content => '-a always,exit -F arch=b32 -C euid!=uid -F auid!=unset -S execve -k user_emulation',
+      content => '-a always,exit -F arch=b32 -S execve -C euid!=uid -F auid!=unset -k user_emulation',
     }
 
     if  $facts['os']['architecture'] == 'x86_64' or $facts['os']['architecture'] == 'amd64' {
       concat::fragment { 'watch user emulation rule 2':
         order   => '197',
         target  => $cis_security_hardening::rules::auditd_init::rules_file,
-        content => '-a always,exit -F arch=b64 -C euid!=uid -F auid!=unset -S execve -k user_emulation',
+        content => '-a always,exit -F arch=b64 -S execve -C euid!=uid -F auid!=unset -k user_emulation',
       }
     }
   }
diff --git a/spec/classes/rules/auditd_kernel_modules_spec.rb b/spec/classes/rules/auditd_kernel_modules_spec.rb
index 1d68e4c5..e3fc5408 100644
--- a/spec/classes/rules/auditd_kernel_modules_spec.rb
+++ b/spec/classes/rules/auditd_kernel_modules_spec.rb
@@ -54,6 +54,13 @@ class { 'cis_security_hardening::reboot':
                   'target' => '/etc/audit/rules.d/cis_security_hardening.rules',
                   'content' => "-a always,exit -S all -F path=/usr/bin/kmod -p x -F auid>=1000 -F auid!=#{auid} -k module-change",
                 )
+            elsif os_facts[:os]['name'].casecmp('redhat').zero? && os_facts[:os]['release']['major'] >= '8'
+              is_expected.to contain_concat__fragment('watch kernel modules rule 1')
+                .with(
+                  'order' => '204',
+                  'target' => '/etc/audit/rules.d/cis_security_hardening.rules',
+                  'content' => "-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=#{auid} -F key=kernel_modules",
+                )
             elsif os_facts[:os]['name'].casecmp('debian').zero? && os_facts[:os]['release']['major'] > '10'
               is_expected.to contain_concat__fragment('watch kernel modules rule 1')
                 .with(
diff --git a/spec/classes/rules/auditd_user_emulation_spec.rb b/spec/classes/rules/auditd_user_emulation_spec.rb
index 3c2842fa..c031d336 100644
--- a/spec/classes/rules/auditd_user_emulation_spec.rb
+++ b/spec/classes/rules/auditd_user_emulation_spec.rb
@@ -49,7 +49,7 @@ class { 'cis_security_hardening::reboot':
               .with(
                 'order' => '196',
                 'target' => '/etc/audit/rules.d/cis_security_hardening.rules',
-                'content' => '-a always,exit -F arch=b32 -C euid!=uid -F auid!=unset -S execve -k user_emulation',
+                'content' => '-a always,exit -F arch=b32 -S execve -C euid!=uid -F auid!=unset -k user_emulation',
               )
 
             if ['x86_64', 'amd64'].include?(os_facts[:os]['architecture'])
@@ -57,7 +57,7 @@ class { 'cis_security_hardening::reboot':
                 .with(
                   'order' => '197',
                   'target' => '/etc/audit/rules.d/cis_security_hardening.rules',
-                  'content' => '-a always,exit -F arch=b64 -C euid!=uid -F auid!=unset -S execve -k user_emulation',
+                  'content' => '-a always,exit -F arch=b64 -S execve -C euid!=uid -F auid!=unset -k user_emulation',
                 )
             end
           else