diff --git a/.travis.yml b/.travis.yml
index 7a506a3f6..7ddad4a13 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,8 +8,7 @@ install:
   - pip install ansible
   - echo -e 'localhost ansible_connection=local' > spec/inventory
   - echo -e '[defaults]\nroles_path = ./roles\nhostfile = ./spec/inventory' > ansible.cfg
-  - echo -e 'hash_behaviour=merge' >> ansible.cfg
 
 script:
   - ansible-playbook --syntax-check spec/travis.yml
-  - ansible-playbook --sudo -v --diff spec/travis.yml --extra-vars "@spec/travis_exceptions.json"
+  - ansible-playbook --sudo -v --diff spec/travis.yml --skip-tags "sysctl"
diff --git a/roles/ansible-os-hardening/tasks/main.yml b/roles/ansible-os-hardening/tasks/main.yml
index 539bf826d..84dc88269 100644
--- a/roles/ansible-os-hardening/tasks/main.yml
+++ b/roles/ansible-os-hardening/tasks/main.yml
@@ -1,15 +1,16 @@
 ---
 - name: add the OS specific variables
   include_vars: "{{ ansible_os_family }}.yml"
+  tags: always
 
-- include: limits.yml
-- include: login_defs.yml
-- include: minimize_access.yml
-- include: pam.yml
-- include: profile.yml
-- include: securetty.yml
-- include: suid_sgid.yml
-- include: sysctl.yml
+- include: limits.yml tags=limits
+- include: login_defs.yml tags=login_defs
+- include: minimize_access.yml tags=minimize_acces
+- include: pam.yml tags=pam
+- include: profile.yml tags=profile
+- include: securetty.yml tags=securetty
+- include: suid_sgid.yml tags=suid_sgid
+- include: sysctl.yml tags=sysctl
 
-- include: yum.yml
+- include: yum.yml tags=yum
   when: ansible_os_family == 'RedHat' or ansible_os_family == 'Oracle Linux'
diff --git a/spec/travis_exceptions.json b/spec/travis_exceptions.json
deleted file mode 100644
index 83b3d8bb7..000000000
--- a/spec/travis_exceptions.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-  "sysctl_config":
-    {
-      "net.ipv6.conf.all.disable_ipv6": 0,
-      "fs.suid_dumpable": 1,
-      "kernel.modules_disabled": 0,
-      "net.ipv4.tcp_timestamps": 1,
-      "net.ipv6.conf.default.accept_ra_rtr_pref": 1
-    }
-}