diff --git a/controls/1_4_secure_boot_settings.rb b/controls/1_4_secure_boot_settings.rb
index 167d598..d4620c2 100644
--- a/controls/1_4_secure_boot_settings.rb
+++ b/controls/1_4_secure_boot_settings.rb
@@ -69,7 +69,7 @@
   tag level: 1
 
   describe.one do
-    describe shadow.users('root') do
+    describe shadow.user('root') do
       its(:password) { should_not include('*') }
       its(:password) { should_not include('!') }
     end
diff --git a/controls/5_4_user_accounts_and_environments.rb b/controls/5_4_user_accounts_and_environments.rb
index bea8dc8..79abd4e 100644
--- a/controls/5_4_user_accounts_and_environments.rb
+++ b/controls/5_4_user_accounts_and_environments.rb
@@ -82,7 +82,7 @@
   end
 
   shadow_files.each do |f|
-    shadow(f).users(/.+/).entries.each do |user|
+    shadow(f).user(/.+/).entries.each do |user|
       next if (user.password && %w(* !)).any?
 
       describe user do
@@ -105,7 +105,7 @@
   end
 
   shadow_files.each do |f|
-    shadow(f).users(/.+/).entries.each do |user|
+    shadow(f).user(/.+/).entries.each do |user|
       next if (user.password && %w(* !)).any?
 
       describe user do
@@ -199,6 +199,6 @@
   tag level: 1
 
   describe file('/etc/pam.d/su') do
-    its(:content) { should match(/^auth required pam_wheel.so use_uid$/) }
+    its(:content) { should match(/^auth\s+required\s+pam_wheel.so use_uid$/) }
   end
 end
diff --git a/controls/6_1_system_file_permissions.rb b/controls/6_1_system_file_permissions.rb
index 0d04689..e1c6f26 100644
--- a/controls/6_1_system_file_permissions.rb
+++ b/controls/6_1_system_file_permissions.rb
@@ -77,6 +77,9 @@
   shadow_files = ['/etc/shadow']
   shadow_files << '/usr/share/baselayout/shadow' if file('/etc/nsswitch.conf').content =~ /^shadow:\s+(\S+\s+)*usrfiles/
 
+  expected_gid = 0
+  expected_gid = 42 if os.debian?
+
   shadow_files.each do |f|
     describe file(f) do
       it { should exist }
@@ -90,7 +93,7 @@
       it { should_not be_writable.by 'other' }
       it { should_not be_executable.by 'other' }
       its(:uid) { should cmp 0 }
-      its(:gid) { should cmp 0 }
+      its(:gid) { should cmp expected_gid }
       its(:sticky) { should equal false }
       its(:suid) { should equal false }
       its(:sgid) { should equal false }
@@ -141,6 +144,9 @@
   gshadow_files = ['/etc/gshadow']
   gshadow_files << '/usr/share/baselayout/gshadow' if file('/etc/nsswitch.conf').content =~ /^gshadow:\s+(\S+\s+)*usrfiles/
 
+  expected_gid = 0
+  expected_gid = 42 if os.debian?
+
   gshadow_files.each do |f|
     describe file(f) do
       it { should exist }
@@ -154,7 +160,7 @@
       it { should_not be_writable.by 'other' }
       it { should_not be_executable.by 'other' }
       its(:uid) { should cmp 0 }
-      its(:gid) { should cmp 0 }
+      its(:gid) { should cmp expected_gid }
       its(:sticky) { should equal false }
       its(:suid) { should equal false }
       its(:sgid) { should equal false }
diff --git a/libraries/linux_module.rb b/libraries/linux_module.rb
index aa680c2..bc1457a 100644
--- a/libraries/linux_module.rb
+++ b/libraries/linux_module.rb
@@ -60,7 +60,11 @@ def version
   def command
     # Lets just ensure the last line in the kernel module's configuration is 'install /bin/true'
     # this is enough to be sure the module will not be loaded on next reboot or run of modprobe
-    modinfo_cmd = "/sbin/modprobe -n -v #{@module} | tail -n 1 | awk '{$1=$1;print}'"
+    modinfo_cmd = if inspec.os.redhat? || inspec.os.name == 'fedora'
+                    "/sbin/modprobe -n -v #{@module} | tail -n 1 | awk '{$1=$1;print}'"
+                  else
+                    "modprobe --showconfig | grep ${@module} | tail -n 1 | sed 's/#{@module}//g' | awk '{$1=$1;print}'"
+                  end
 
     cmd = inspec.command(modinfo_cmd)
     cmd.exit_status.zero? ? cmd.stdout.delete("\n") : nil