diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 0a8e43e7..b3418b15 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -19,3 +19,4 @@ jobs:
         uses: codespell-project/actions-codespell@v1
         with:
           check_filenames: true
+          ignore_words_list: "chage"
diff --git a/OS_HARDENING_CHANGELOG.md b/OS_HARDENING_CHANGELOG.md
index cfd6e9a0..c0779e1b 100644
--- a/OS_HARDENING_CHANGELOG.md
+++ b/OS_HARDENING_CHANGELOG.md
@@ -26,7 +26,7 @@
 
 - fix fedora build [\#296](https://github.com/dev-sec/ansible-os-hardening/pull/296) ([rndmh3ro](https://github.com/rndmh3ro))
 - do not blacklist used filesystems [\#289](https://github.com/dev-sec/ansible-os-hardening/pull/289) [[patch](https://github.com/dev-sec/ansible-os-hardening/labels/patch)] ([schurzi](https://github.com/schurzi))
-- move hidepid vars into defaults so theyre overwritable [\#285](https://github.com/dev-sec/ansible-os-hardening/pull/285) [[patch](https://github.com/dev-sec/ansible-os-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
+- move hidepid vars into defaults so they're overwritable [\#285](https://github.com/dev-sec/ansible-os-hardening/pull/285) [[patch](https://github.com/dev-sec/ansible-os-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
 
 ## [6.1.0](https://github.com/dev-sec/ansible-os-hardening/tree/6.1.0) (2020-07-21)
 
@@ -90,7 +90,7 @@
 - Add kernel parameter information to README [\#259](https://github.com/dev-sec/ansible-os-hardening/pull/259) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([jaredledvina](https://github.com/jaredledvina))
 - Remove trailing whitespaces \(ansible-lint 201\) [\#254](https://github.com/dev-sec/ansible-os-hardening/pull/254) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([kravietz](https://github.com/kravietz))
 - Standardize the var ordering [\#251](https://github.com/dev-sec/ansible-os-hardening/pull/251) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([dustinmiller1337](https://github.com/dustinmiller1337))
-- Add intial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-os-hardening/pull/250) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([dustinmiller1337](https://github.com/dustinmiller1337))
+- Add initial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-os-hardening/pull/250) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([dustinmiller1337](https://github.com/dustinmiller1337))
 - Make max_log_file_action for auditd configurable [\#246](https://github.com/dev-sec/ansible-os-hardening/pull/246) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([jandd](https://github.com/jandd))
 - Add exception in sysctl task [\#240](https://github.com/dev-sec/ansible-os-hardening/pull/240) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([ghost](https://github.com/ghost))
 - Fedora - Use new auto ansible_python_interpreter for dnf [\#239](https://github.com/dev-sec/ansible-os-hardening/pull/239) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([jaredledvina](https://github.com/jaredledvina))
@@ -165,7 +165,7 @@
 
 **Fixed bugs:**
 
-- auditd causing v5.0 to fail on unpriviledged LXC's [\#191](https://github.com/dev-sec/ansible-os-hardening/issues/191) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)]
+- auditd causing v5.0 to fail on unprivileged LXC's [\#191](https://github.com/dev-sec/ansible-os-hardening/issues/191) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)]
 - Setting os_security_users_allow has no effect [\#175](https://github.com/dev-sec/ansible-os-hardening/issues/175) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)]
 - add /usr/bin/su to suid_guid whitelist [\#199](https://github.com/dev-sec/ansible-os-hardening/pull/199) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)] ([ccolic](https://github.com/ccolic))
 - ensure that permissions to su-binary are not restricted to root user and group only, if os_security_users_allow contains the value change_user [\#197](https://github.com/dev-sec/ansible-os-hardening/pull/197) [[bug](https://github.com/dev-sec/ansible-os-hardening/labels/bug)] ([szEvEz](https://github.com/szEvEz))
@@ -346,7 +346,7 @@
 - Docker [\#90](https://github.com/dev-sec/ansible-os-hardening/pull/90) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
 - debian 8 support [\#88](https://github.com/dev-sec/ansible-os-hardening/pull/88) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
 - Ufw manage defaults [\#85](https://github.com/dev-sec/ansible-os-hardening/pull/85) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
-- replace ignore_errors to failed_when to supress ugly error warnings [\#81](https://github.com/dev-sec/ansible-os-hardening/pull/81) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
+- replace ignore_errors to failed_when to suppress ugly error warnings [\#81](https://github.com/dev-sec/ansible-os-hardening/pull/81) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
 - fix bare variables usage for loops [\#79](https://github.com/dev-sec/ansible-os-hardening/pull/79) [[enhancement](https://github.com/dev-sec/ansible-os-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
 
 **Fixed bugs:**
@@ -459,7 +459,7 @@
 - Repair debian install script [\#8](https://github.com/dev-sec/ansible-os-hardening/pull/8) ([rndmh3ro](https://github.com/rndmh3ro))
 - Separate tasks into multiple smaller files [\#7](https://github.com/dev-sec/ansible-os-hardening/pull/7) ([rndmh3ro](https://github.com/rndmh3ro))
 - Enable gpg-check on all yum-repositories [\#5](https://github.com/dev-sec/ansible-os-hardening/pull/5) ([rndmh3ro](https://github.com/rndmh3ro))
-- Change playbook-path to accomodate test-repo [\#4](https://github.com/dev-sec/ansible-os-hardening/pull/4) ([rndmh3ro](https://github.com/rndmh3ro))
+- Change playbook-path to accommodate test-repo [\#4](https://github.com/dev-sec/ansible-os-hardening/pull/4) ([rndmh3ro](https://github.com/rndmh3ro))
 - treat securetty config as an array [\#3](https://github.com/dev-sec/ansible-os-hardening/pull/3) ([arlimus](https://github.com/arlimus))
 - Add Securetty-support [\#2](https://github.com/dev-sec/ansible-os-hardening/pull/2) ([rndmh3ro](https://github.com/rndmh3ro))
 - Add profile.conf configuration [\#1](https://github.com/dev-sec/ansible-os-hardening/pull/1) ([rndmh3ro](https://github.com/rndmh3ro))
diff --git a/molecule/os_hardening/verify_tasks/pam.yml b/molecule/os_hardening/verify_tasks/pam.yml
index 90fa6db3..62bdb330 100644
--- a/molecule/os_hardening/verify_tasks/pam.yml
+++ b/molecule/os_hardening/verify_tasks/pam.yml
@@ -21,7 +21,7 @@
     name: testuser
     password: "{{ test_pw | password_hash('sha512') }}"
 
-- name: check successfull login with correct password
+- name: check successful login with correct password
   shell:
     cmd: "pam-tester --user testuser --password {{ test_pw }}"
   environment:
@@ -29,7 +29,7 @@
     LC_ALL: "{{ locale | default('C.UTF-8') }}"
     LANG: "{{ locale | default('C.UTF-8') }}"
 
-- name: check unsuccessfull login with incorrect password
+- name: check unsuccessful login with incorrect password
   shell:
     cmd: "pam-tester --user testuser --password {{ test_pw }}fail --expectfail"
   environment:
@@ -38,7 +38,7 @@
     LANG: "{{ locale | default('C.UTF-8') }}"
   with_sequence: count=6
 
-- name: check unsuccessfull login, with correct password (lockout)
+- name: check unsuccessful login, with correct password (lockout)
   shell:
     cmd: "pam-tester --user testuser --password {{ test_pw }} --expectfail"
   environment:
@@ -50,7 +50,7 @@
   pause:
     seconds: 20
 
-- name: check successfull login
+- name: check successful login
   shell:
     cmd: "pam-tester --user testuser --password {{ test_pw }}"
   environment:
diff --git a/molecule/os_hardening_vm/molecule.yml b/molecule/os_hardening_vm/molecule.yml
index 5681716a..31e31d36 100644
--- a/molecule/os_hardening_vm/molecule.yml
+++ b/molecule/os_hardening_vm/molecule.yml
@@ -8,7 +8,7 @@ driver:
   provider:
     name: libvirt
 platforms:
-  # we need to name every instance differntly to start multiple VMs on the same host (parallelization)
+  # we need to name every instance differently to start multiple VMs on the same host (parallelization)
   # since we also need to use different OS users to run the tests because of how molecule operates,
   # the VM names must be predictable by OS user (to clean up canceled runs)
   - name: "${USER}"
diff --git a/molecule/os_hardening_vm/verify_tasks/pam.yml b/molecule/os_hardening_vm/verify_tasks/pam.yml
index 90fa6db3..62bdb330 100644
--- a/molecule/os_hardening_vm/verify_tasks/pam.yml
+++ b/molecule/os_hardening_vm/verify_tasks/pam.yml
@@ -21,7 +21,7 @@
     name: testuser
     password: "{{ test_pw | password_hash('sha512') }}"
 
-- name: check successfull login with correct password
+- name: check successful login with correct password
   shell:
     cmd: "pam-tester --user testuser --password {{ test_pw }}"
   environment:
@@ -29,7 +29,7 @@
     LC_ALL: "{{ locale | default('C.UTF-8') }}"
     LANG: "{{ locale | default('C.UTF-8') }}"
 
-- name: check unsuccessfull login with incorrect password
+- name: check unsuccessful login with incorrect password
   shell:
     cmd: "pam-tester --user testuser --password {{ test_pw }}fail --expectfail"
   environment:
@@ -38,7 +38,7 @@
     LANG: "{{ locale | default('C.UTF-8') }}"
   with_sequence: count=6
 
-- name: check unsuccessfull login, with correct password (lockout)
+- name: check unsuccessful login, with correct password (lockout)
   shell:
     cmd: "pam-tester --user testuser --password {{ test_pw }} --expectfail"
   environment:
@@ -50,7 +50,7 @@
   pause:
     seconds: 20
 
-- name: check successfull login
+- name: check successful login
   shell:
     cmd: "pam-tester --user testuser --password {{ test_pw }}"
   environment:
diff --git a/molecule/ssh_hardening_bsd/molecule.yml b/molecule/ssh_hardening_bsd/molecule.yml
index 10460b7a..957d8f5d 100644
--- a/molecule/ssh_hardening_bsd/molecule.yml
+++ b/molecule/ssh_hardening_bsd/molecule.yml
@@ -4,7 +4,7 @@ driver:
   provider:
     name: libvirt
 platforms:
-  # we need to name every instance differntly to start multiple VMs on the same host (parallelization)
+  # we need to name every instance differently to start multiple VMs on the same host (parallelization)
   # since we also need to use different OS users to run the tests because of how molecule operates,
   # the VM names must be predictable by OS user (to clean up canceled runs)
   - name: "${USER}"
diff --git a/roles/mysql_hardening/CHANGELOG.md b/roles/mysql_hardening/CHANGELOG.md
index 7139e752..bf4ce24a 100644
--- a/roles/mysql_hardening/CHANGELOG.md
+++ b/roles/mysql_hardening/CHANGELOG.md
@@ -91,7 +91,7 @@
 
 **Implemented enhancements:**
 
-- add follow=yes to my.cnf protect task, incase its a symlink. fixes \#20 [\#21](https://github.com/dev-sec/ansible-mysql-hardening/pull/21) ([rndmh3ro](https://github.com/rndmh3ro))
+- add follow=yes to my.cnf protect task, in case its a symlink. fixes \#20 [\#21](https://github.com/dev-sec/ansible-mysql-hardening/pull/21) ([rndmh3ro](https://github.com/rndmh3ro))
 - add changelog generator [\#7](https://github.com/dev-sec/ansible-mysql-hardening/pull/7) ([chris-rock](https://github.com/chris-rock))
 
 **Closed issues:**
diff --git a/roles/mysql_hardening/tasks/main.yml b/roles/mysql_hardening/tasks/main.yml
index bc74008b..64278669 100644
--- a/roles/mysql_hardening/tasks/main.yml
+++ b/roles/mysql_hardening/tasks/main.yml
@@ -14,7 +14,7 @@
 
 # we only override variables with our default if they have not been specified already.
 # by default the lookup functions finds all varnames containing the string, therefore
-# we add ^ and $ to denote start and end of string, so this returns only exact maches.
+# we add ^ and $ to denote start and end of string, so this returns only exact matches.
 - name: Set OS dependent variables, if not already defined by user # noqa var-naming
   ansible.builtin.set_fact:
     "{{ item.key }}": "{{ item.value }}"
diff --git a/roles/os_hardening/CHANGELOG.md b/roles/os_hardening/CHANGELOG.md
index 4827534c..a6309dde 100644
--- a/roles/os_hardening/CHANGELOG.md
+++ b/roles/os_hardening/CHANGELOG.md
@@ -54,7 +54,7 @@
 
 - fix fedora build [\#296](https://github.com/dev-sec/ansible-os-hardening/pull/296) ([rndmh3ro](https://github.com/rndmh3ro))
 - do not blacklist used filesystems [\#289](https://github.com/dev-sec/ansible-os-hardening/pull/289) ([schurzi](https://github.com/schurzi))
-- move hidepid vars into defaults so theyre overwritable [\#285](https://github.com/dev-sec/ansible-os-hardening/pull/285) ([rndmh3ro](https://github.com/rndmh3ro))
+- move hidepid vars into defaults so they're overwritable [\#285](https://github.com/dev-sec/ansible-os-hardening/pull/285) ([rndmh3ro](https://github.com/rndmh3ro))
 
 ## [6.1.0](https://github.com/dev-sec/ansible-os-hardening/tree/6.1.0) (2020-07-21)
 
@@ -118,7 +118,7 @@
 - Add kernel parameter information to README [\#259](https://github.com/dev-sec/ansible-os-hardening/pull/259) ([jaredledvina](https://github.com/jaredledvina))
 - Remove trailing whitespaces \(ansible-lint 201\) [\#254](https://github.com/dev-sec/ansible-os-hardening/pull/254) ([kravietz](https://github.com/kravietz))
 - Standardize the var ordering [\#251](https://github.com/dev-sec/ansible-os-hardening/pull/251) ([dustinmiller1337](https://github.com/dustinmiller1337))
-- Add intial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-os-hardening/pull/250) ([dustinmiller1337](https://github.com/dustinmiller1337))
+- Add initial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-os-hardening/pull/250) ([dustinmiller1337](https://github.com/dustinmiller1337))
 - Make max_log_file_action for auditd configurable [\#246](https://github.com/dev-sec/ansible-os-hardening/pull/246) ([jandd](https://github.com/jandd))
 - Add exception in sysctl task [\#240](https://github.com/dev-sec/ansible-os-hardening/pull/240) ([ghost](https://github.com/ghost))
 - Fedora - Use new auto ansible_python_interpreter for dnf [\#239](https://github.com/dev-sec/ansible-os-hardening/pull/239) ([jaredledvina](https://github.com/jaredledvina))
@@ -193,7 +193,7 @@
 
 **Fixed bugs:**
 
-- auditd causing v5.0 to fail on unpriviledged LXC's [\#191](https://github.com/dev-sec/ansible-os-hardening/issues/191)
+- auditd causing v5.0 to fail on unprivileged LXC's [\#191](https://github.com/dev-sec/ansible-os-hardening/issues/191)
 - Setting os_security_users_allow has no effect [\#175](https://github.com/dev-sec/ansible-os-hardening/issues/175)
 - add /usr/bin/su to suid_guid whitelist [\#199](https://github.com/dev-sec/ansible-os-hardening/pull/199) ([ccolic](https://github.com/ccolic))
 - ensure that permissions to su-binary are not restricted to root user and group only, if os_security_users_allow contains the value change_user [\#197](https://github.com/dev-sec/ansible-os-hardening/pull/197) ([szEvEz](https://github.com/szEvEz))
@@ -374,7 +374,7 @@
 - Docker [\#90](https://github.com/dev-sec/ansible-os-hardening/pull/90) ([rndmh3ro](https://github.com/rndmh3ro))
 - debian 8 support [\#88](https://github.com/dev-sec/ansible-os-hardening/pull/88) ([rndmh3ro](https://github.com/rndmh3ro))
 - Ufw manage defaults [\#85](https://github.com/dev-sec/ansible-os-hardening/pull/85) ([fitz123](https://github.com/fitz123))
-- replace ignore_errors to failed_when to supress ugly error warnings [\#81](https://github.com/dev-sec/ansible-os-hardening/pull/81) ([fitz123](https://github.com/fitz123))
+- replace ignore_errors to failed_when to suppress ugly error warnings [\#81](https://github.com/dev-sec/ansible-os-hardening/pull/81) ([fitz123](https://github.com/fitz123))
 - fix bare variables usage for loops [\#79](https://github.com/dev-sec/ansible-os-hardening/pull/79) ([fitz123](https://github.com/fitz123))
 
 **Fixed bugs:**
@@ -487,7 +487,7 @@
 - Repair debian install script [\#8](https://github.com/dev-sec/ansible-os-hardening/pull/8) ([rndmh3ro](https://github.com/rndmh3ro))
 - Separate tasks into multiple smaller files [\#7](https://github.com/dev-sec/ansible-os-hardening/pull/7) ([rndmh3ro](https://github.com/rndmh3ro))
 - Enable gpg-check on all yum-repositories [\#5](https://github.com/dev-sec/ansible-os-hardening/pull/5) ([rndmh3ro](https://github.com/rndmh3ro))
-- Change playbook-path to accomodate test-repo [\#4](https://github.com/dev-sec/ansible-os-hardening/pull/4) ([rndmh3ro](https://github.com/rndmh3ro))
+- Change playbook-path to accommodate test-repo [\#4](https://github.com/dev-sec/ansible-os-hardening/pull/4) ([rndmh3ro](https://github.com/rndmh3ro))
 - treat securetty config as an array [\#3](https://github.com/dev-sec/ansible-os-hardening/pull/3) ([arlimus](https://github.com/arlimus))
 - Add Securetty-support [\#2](https://github.com/dev-sec/ansible-os-hardening/pull/2) ([rndmh3ro](https://github.com/rndmh3ro))
 - Add profile.conf configuration [\#1](https://github.com/dev-sec/ansible-os-hardening/pull/1) ([rndmh3ro](https://github.com/rndmh3ro))
diff --git a/roles/os_hardening/README.md b/roles/os_hardening/README.md
index 6e512e30..7e74dd83 100644
--- a/roles/os_hardening/README.md
+++ b/roles/os_hardening/README.md
@@ -58,7 +58,7 @@ If you're using Docker / Kubernetes+Docker you'll need to override the ipv4 ip f
 
 ### hidepid on RHEL/CentOS 7
 
-When having `polkit-0.112-18.el7` (and later) installed and `/proc` mounted with `hidepid=2`, everytime someone uses `systemctl` the following error is displayed, but systemctl runs successfully.
+When having `polkit-0.112-18.el7` (and later) installed and `/proc` mounted with `hidepid=2`, every time someone uses `systemctl` the following error is displayed, but systemctl runs successfully.
 
 ```
 Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
diff --git a/roles/os_hardening/defaults/main.yml b/roles/os_hardening/defaults/main.yml
index a0dd6d5b..86d51d9d 100644
--- a/roles/os_hardening/defaults/main.yml
+++ b/roles/os_hardening/defaults/main.yml
@@ -157,8 +157,8 @@ sysctl_config:
   # https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace
   #
   # For applications launching crash handlers that need PTRACE, exceptions can
-  # be registered by the debugee by declaring in the segfault handler
-  # specifically which process will be using PTRACE on the debugee:
+  # be registered by the debuggee by declaring in the segfault handler
+  # specifically which process will be using PTRACE on the debuggee:
   #   prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0);
   #
   # In general, PTRACE is not needed for the average running Ubuntu system.
diff --git a/roles/os_hardening/templates/etc/login.defs.j2 b/roles/os_hardening/templates/etc/login.defs.j2
index f357167f..49ce215c 100644
--- a/roles/os_hardening/templates/etc/login.defs.j2
+++ b/roles/os_hardening/templates/etc/login.defs.j2
@@ -136,7 +136,7 @@ SUB_GID_MIN       {{ os_auth_sub_gid_min }}
 SUB_GID_MAX       {{ os_auth_sub_gid_max }}
 SUB_GID_COUNT     {{ os_auth_sub_gid_count }}
 
-# Max number of login retries if password is bad. This will most likely be overriden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.
+# Max number of login retries if password is bad. This will most likely be overridden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.
 LOGIN_RETRIES     {{ os_auth_retries }}
 
 # Max time in seconds for login
@@ -155,7 +155,7 @@ DEFAULT_HOME      {{ 'yes' if os_auth_allow_homeless else 'no' }}
 # the user to be removed (passed as the first argument).
 #USERDEL_CMD       /usr/sbin/userdel_local
 
-# Instead of the real user shell, the program specified by this parameter will be launched, although its visible name (`argv[0]`) will be the shell's. The program may do whatever it wants (logging, additional authentification, banner, ...) before running the actual shell.
+# Instead of the real user shell, the program specified by this parameter will be launched, although its visible name (`argv[0]`) will be the shell's. The program may do whatever it wants (logging, additional authentication, banner, ...) before running the actual shell.
 #FAKE_SHELL        /bin/fakeshell
 
 # If defined, either full pathname of a file containing device names or a ":" delimited list of device names.  Root logins will be allowed only upon these devices.
diff --git a/roles/os_hardening/vars/Amazon.yml b/roles/os_hardening/vars/Amazon.yml
index 1a87de61..579436b5 100644
--- a/roles/os_hardening/vars/Amazon.yml
+++ b/roles/os_hardening/vars/Amazon.yml
@@ -81,6 +81,6 @@ os_useradd_create_home: true
 modprobe_package: module-init-tools
 auditd_package: audit
 
-# system accounts that do not get their login disabled and pasword changed
+# system accounts that do not get their login disabled and password changed
 os_always_ignore_users: [root, sync, shutdown, halt, ec2-user]
 hidepid_option: "2" # allowed values: 0, 1, 2
diff --git a/roles/os_hardening/vars/main.yml b/roles/os_hardening/vars/main.yml
index 3aa29725..90a6dbaa 100644
--- a/roles/os_hardening/vars/main.yml
+++ b/roles/os_hardening/vars/main.yml
@@ -108,5 +108,5 @@ os_security_suid_sgid_system_whitelist:
   - /usr/lib/libvte9/gnome-pty-helper # gnome
   - /usr/lib/libvte-2.90-9/gnome-pty-helper # gnome
 
-# system accounts that do not get their login disabled and pasword changed
+# system accounts that do not get their login disabled and password changed
 os_always_ignore_users: [root, sync, shutdown, halt]
diff --git a/roles/ssh_hardening/CHANGELOG.md b/roles/ssh_hardening/CHANGELOG.md
index 7c052275..6888ee1d 100644
--- a/roles/ssh_hardening/CHANGELOG.md
+++ b/roles/ssh_hardening/CHANGELOG.md
@@ -195,7 +195,7 @@
 - SFTP: set default umask to 0027 [\#252](https://github.com/dev-sec/ansible-ssh-hardening/pull/252) ([Slamdunk](https://github.com/Slamdunk))
 - Separate PermitUserEnviroment from AcceptEnv [\#251](https://github.com/dev-sec/ansible-ssh-hardening/pull/251) ([szEvEz](https://github.com/szEvEz))
 - Feature: Debian 10 \(Buster\) support [\#249](https://github.com/dev-sec/ansible-ssh-hardening/pull/249) ([jaredledvina](https://github.com/jaredledvina))
-- fix broken packages, extend README with furhter development instructions [\#246](https://github.com/dev-sec/ansible-ssh-hardening/pull/246) ([szEvEz](https://github.com/szEvEz))
+- fix broken packages, extend README with further development instructions [\#246](https://github.com/dev-sec/ansible-ssh-hardening/pull/246) ([szEvEz](https://github.com/szEvEz))
 - refactor authenticationmethod settings, allow user to set authenticat… [\#245](https://github.com/dev-sec/ansible-ssh-hardening/pull/245) ([szEvEz](https://github.com/szEvEz))
 - RHEL/OL/CentOS 8 support [\#242](https://github.com/dev-sec/ansible-ssh-hardening/pull/242) ([Furragen](https://github.com/Furragen))
 - Added ssh_syslog_facility, ssh_log_level and ssh_strict_modes parameters [\#240](https://github.com/dev-sec/ansible-ssh-hardening/pull/240) ([bschonec](https://github.com/bschonec))
diff --git a/roles/ssh_hardening/README.md b/roles/ssh_hardening/README.md
index 85185946..cb131229 100644
--- a/roles/ssh_hardening/README.md
+++ b/roles/ssh_hardening/README.md
@@ -34,7 +34,7 @@ As this role requires root-privileges, we added `become: true` to all tasks. So
   - Description: Specifies the port number to connect on the remote host.
 - `ssh_listen_to`
   - Default: `['0.0.0.0']`
-  - Description: one or more ip addresses, to which ssh-server should listen to. Default is all IPv4 adresses, but should be configured to specific addresses for security reasons!
+  - Description: one or more ip addresses, to which ssh-server should listen to. Default is all IPv4 addresses, but should be configured to specific addresses for security reasons!
 - `ssh_host_key_files`
   - Default: `[]`
   - Description: Host keys for sshd. If empty ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key'] will be used, as far as supported by the installed sshd version.
diff --git a/roles/ssh_hardening/templates/opensshd.conf.j2 b/roles/ssh_hardening/templates/opensshd.conf.j2
index f3fea445..59f87654 100644
--- a/roles/ssh_hardening/templates/opensshd.conf.j2
+++ b/roles/ssh_hardening/templates/opensshd.conf.j2
@@ -152,7 +152,7 @@ GSSAPICleanupCredentials yes
 {% endif %}
 {% if ssh_deny_users %}
 # In case you don't use PAM (`UsePAM no`), you can alternatively restrict users and groups here.
-# For key-based authentication this is not necessary, since all keys must be explicitely enabled.
+# For key-based authentication this is not necessary, since all keys must be explicitly enabled.
 DenyUsers {{ ssh_deny_users }}
 
 {% endif %}